From 3286926bbf80fdd0103a372256459e577224f9f6 Mon Sep 17 00:00:00 2001
From: Michi Mutsuzaki <michi@isovalent.com>
Date: Tue, 5 Nov 2024 16:35:28 +0000
Subject: [PATCH] Prepare for v0.16.20 release

Update workflow files to accommodate cilium/cilium#35483.

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
---
 .github/workflows/eks-tunnel.yaml             |    6 +-
 .github/workflows/eks.yaml                    |    6 +-
 .github/workflows/gke.yaml                    |    7 +-
 .github/workflows/kind.yaml                   |   12 +-
 .github/workflows/multicluster.yaml           |    6 +-
 README.md                                     |    2 +-
 RELEASE.md                                    |    2 +-
 go.mod                                        |   65 +-
 go.sum                                        |  132 +-
 vendor/github.com/cilium/charts/README.md     |    4 +
 .../cilium/charts/cilium-1.14.16.tgz          |  Bin 0 -> 165189 bytes
 .../cilium/charts/cilium-1.15.10.tgz          |  Bin 0 -> 180660 bytes
 .../cilium/charts/cilium-1.16.3.tgz           |  Bin 0 -> 204585 bytes
 .../cilium/charts/cilium-1.17.0-pre.1.tgz     |  Bin 0 -> 210626 bytes
 .../cilium/charts/generate_helm_release.sh    |    2 +-
 vendor/github.com/cilium/charts/index.yaml    |  465 ++++-
 vendor/github.com/cilium/cilium/AUTHORS       |   30 +-
 .../cilium/cilium/api/v1/flow/flow.pb.go      |  864 ++------
 .../cilium/api/v1/observer/observer.pb.go     |  380 +---
 .../api/v1/observer/observer_grpc.pb.go       |    2 +-
 .../cilium/cilium/api/v1/relay/relay.pb.go    |   28 +-
 .../cilium/cilium-cli/cli/clustermesh.go      |    1 +
 .../cilium/cilium/cilium-cli/cli/cmd.go       |    4 +-
 .../cilium/cilium-cli/cli/connectivity.go     |    1 +
 .../cilium/cilium/cilium-cli/cli/hubble.go    |   22 +-
 .../cilium/cilium/cilium-cli/cli/install.go   |    4 +-
 .../cilium-cli/clustermesh/clustermesh.go     |   37 +-
 .../connectivity/builder/builder.go           |    7 +
 .../client_egress_to_cidrgroup_deny.go        |   32 +
 .../connectivity/builder/egress_gateway.go    |    3 +-
 .../builder/egress_gateway_with_l7_policy.go  |    3 +-
 .../builder/from_cidr_host_netns.go           |    3 +-
 ...ent-egress-to-cidrgroup-external-deny.yaml |   27 +
 .../connectivity/builder/multicast.go         |   28 +
 .../builder/pod_to_pod_encryption.go          |    6 +-
 .../builder/strict_mode_encryption.go         |   30 +
 .../cilium-cli/connectivity/check/action.go   |    3 +-
 .../cilium-cli/connectivity/check/check.go    |    1 +
 .../cilium-cli/connectivity/check/context.go  |   39 +
 .../connectivity/check/deployment.go          |   92 +
 .../cilium-cli/connectivity/check/features.go |    1 +
 .../cilium-cli/connectivity/check/metrics.go  |    2 +-
 .../cilium-cli/connectivity/check/netshoot.go |   33 +
 .../cilium-cli/connectivity/check/policy.go   |  543 ++---
 .../cilium-cli/connectivity/check/result.go   |    7 +
 .../cilium-cli/connectivity/check/test.go     |  318 +--
 .../cilium-cli/connectivity/check/wait.go     |   21 +-
 .../cilium-cli/connectivity/sniff/sniffer.go  |    3 +-
 .../connectivity/tests/encryption.go          |  118 +-
 .../cilium-cli/connectivity/tests/health.go   |    5 +-
 .../connectivity/tests/multicast.go           |  363 ++++
 .../cilium-cli/connectivity/tests/pod.go      |   96 +
 .../cilium-cli/connectivity/tests/service.go  |    8 -
 .../cilium/cilium-cli/defaults/defaults.go    |    5 +-
 .../cilium/cilium/cilium-cli/hubble/hubble.go |    7 -
 .../cilium/cilium/cilium-cli/hubble/relay.go  |   28 +-
 .../cilium/cilium/cilium-cli/hubble/ui.go     |   47 +-
 .../cilium/cilium/cilium-cli/k8s/client.go    |   84 +-
 .../cilium/cilium/cilium-cli/k8s/dialer.go    |  100 +-
 .../cilium/cilium/cilium-cli/k8s/helpers.go   |   29 +
 .../cilium/cilium-cli/multicast/multicast.go  |   20 +-
 .../cilium/cilium/cilium-cli/status/k8s.go    |   60 +-
 .../cilium/cilium/cilium-cli/status/status.go |   10 +
 .../cilium/cilium-cli/sysdump/client.go       |    2 +
 .../cilium/cilium-cli/sysdump/constants.go    |    1 +
 .../cilium/cilium-cli/sysdump/sysdump.go      |   95 +-
 .../cilium-cli/utils/features/features.go     |   15 +-
 .../cilium/hubble/pkg/printer/printer.go      |   88 +
 .../cilium/cilium/pkg/allocator/allocator.go  |   96 +-
 .../cilium/cilium/pkg/annotation/k8s.go       |    7 -
 .../cilium/cilium/pkg/aws/eni/types/types.go  |    5 +
 .../aws/eni/types/zz_generated.deepequal.go   |    4 +
 .../cilium/pkg/bgpv1/types/fake_router.go     |   20 +-
 .../cilium/cilium/pkg/bgpv1/types/log.go      |    3 +
 .../cilium/pkg/clustermesh/types/option.go    |   31 +-
 .../cilium/pkg/container/bitlpm/cidr.go       |   16 +
 .../cilium/pkg/container/bitlpm/trie.go       |  245 ++-
 .../cilium/cilium/pkg/container/set/set.go    |  227 +++
 .../cilium/pkg/container/versioned/value.go   |    5 +-
 .../cilium/pkg/controller/controller.go       |    7 +-
 .../linux/probes/managed_neighbors.go         |    3 +-
 .../pkg/datapath/linux/probes/probes.go       |   53 +
 .../linux/safenetlink/netlink_linux.go        |  395 ++++
 .../linux/safenetlink/netlink_unspecified.go  |  141 ++
 .../cilium/pkg/datapath/tunnel/tunnel.go      |    4 +-
 .../cilium/pkg/datapath/types/loader.go       |    2 +-
 .../cilium/cilium/pkg/datapath/types/node.go  |    4 +
 .../datapath/types/zz_generated.deepequal.go  |    4 +
 .../cilium/cilium/pkg/defaults/defaults.go    |   54 +-
 .../cilium/cilium/pkg/health/client/client.go |  125 +-
 .../cilium/pkg/hive/feature_lifecycle.go      |  128 --
 .../cilium/cilium/pkg/hive/health/metrics.go  |   51 +-
 .../github.com/cilium/cilium/pkg/hive/hive.go |   51 +-
 .../cilium/pkg/hive/reconciler_metrics.go     |  117 +-
 .../cilium/cilium/pkg/hive/statedb_metrics.go |   73 +-
 .../cilium/cilium/pkg/hubble/helpers.go       |   25 +
 .../cilium/cilium/pkg/identity/identity.go    |    6 +
 .../pkg/identity/identitymanager/cell.go      |    2 +-
 .../pkg/identity/identitymanager/manager.go   |   17 +-
 .../cilium/cilium/pkg/inctimer/inctimer.go    |   80 -
 vendor/github.com/cilium/cilium/pkg/ip/ip.go  |   22 +-
 .../cilium/cilium/pkg/ipam/types/types.go     |   12 +
 .../pkg/ipam/types/zz_generated.deepcopy.go   |    7 +
 .../pkg/ipam/types/zz_generated.deepequal.go  |   24 +
 .../cilium/cilium/pkg/ipcache/types/types.go  |    8 +
 .../cilium/pkg/k8s/apis/cilium.io/register.go |    2 +-
 .../pkg/k8s/apis/cilium.io/utils/utils.go     |    8 +-
 .../cilium/pkg/k8s/apis/cilium.io/v2/types.go |    3 -
 .../cilium.io/v2/zz_generated.deepcopy.go     |    5 -
 .../cilium.io/v2/zz_generated.deepequal.go    |    8 -
 .../cilium.io/v2alpha1/bgp_cluster_types.go   |   26 +
 .../apis/cilium.io/v2alpha1/bgp_peer_types.go |   22 +
 .../v2alpha1/zz_generated.deepcopy.go         |   48 +
 .../v2alpha1/zz_generated.deepequal.go        |   28 +
 .../cilium/cilium/pkg/k8s/client/cell.go      |  127 +-
 .../v2alpha1/ciliumbgpclusterconfig.go        |    2 +
 .../cilium.io/v2alpha1/ciliumbgppeerconfig.go |    2 +
 .../fake/fake_ciliumbgpclusterconfig.go       |   12 +
 .../v2alpha1/fake/fake_ciliumbgppeerconfig.go |   12 +
 .../cilium/cilium/pkg/k8s/client/config.go    |    2 +-
 .../cilium/cilium/pkg/k8s/endpoints.go        |    4 +-
 .../cilium/cilium/pkg/k8s/portforward.go      |  198 ++
 .../cilium/cilium/pkg/k8s/service.go          |    2 +-
 .../cilium/cilium/pkg/k8s/service_cache.go    |   22 +-
 .../cilium/cilium/pkg/k8s/synced/crd.go       |   15 +-
 .../cilium/cilium/pkg/k8s/synced/resources.go |    3 +-
 .../cilium/pkg/k8s/testutils/decoder.go       |    6 +
 .../cilium/pkg/k8s/testutils/resources.go     |   85 +
 .../cilium/cilium/pkg/kvstore/dummy.go        |    6 +-
 .../cilium/cilium/pkg/kvstore/etcd.go         |    6 +-
 .../cilium/cilium/pkg/kvstore/lock.go         |    5 +-
 .../cilium/cilium/pkg/labels/arraylist.go     |   59 +-
 .../cilium/pkg/loadbalancer/loadbalancer.go   |   12 +-
 .../cilium/cilium/pkg/logging/slog.go         |   30 +-
 .../cilium/cilium/pkg/mac/mac_linux.go        |    6 +-
 .../cilium/cilium/pkg/monitor/api/files.go    |    1 +
 .../cilium/cilium/pkg/node/address.go         |   12 -
 .../cilium/cilium/pkg/node/address_linux.go   |    9 +-
 .../cilium/cilium/pkg/node/ip_linux.go        |    6 +-
 .../cilium/cilium/pkg/option/config.go        |  479 +----
 .../cilium/cilium/pkg/policy/api/cidr.go      |  105 +-
 .../cilium/pkg/policy/api/rule_validation.go  |   24 +-
 .../cilium/cilium/pkg/policy/api/selector.go  |    4 +
 .../pkg/policy/api/zz_generated.deepequal.go  |    6 +
 .../cilium/cilium/pkg/policy/cidr.go          |   49 +-
 .../cilium/cilium/pkg/policy/distillery.go    |   17 +-
 .../github.com/cilium/cilium/pkg/policy/l4.go |  225 +--
 .../cilium/cilium/pkg/policy/mapstate.go      | 1792 +++++++----------
 .../cilium/cilium/pkg/policy/repository.go    |  170 +-
 .../cilium/cilium/pkg/policy/resolve.go       |  215 +-
 .../cilium/cilium/pkg/policy/rule.go          |    4 +-
 .../cilium/cilium/pkg/policy/selectorcache.go |    3 +-
 .../cilium/cilium/pkg/policy/trigger.go       |    4 +-
 .../cilium/cilium/pkg/policy/types/types.go   |    6 +
 .../cilium/cilium/pkg/policy/visibility.go    |  235 ---
 .../cilium/cilium/pkg/resiliency/error.go     |   14 +
 .../cilium/cilium/pkg/resiliency/errorset.go  |   63 +
 .../cilium/cilium/pkg/resiliency/helpers.go   |   32 +
 .../cilium/cilium/pkg/resiliency/retry.go     |   13 +
 .../cilium/cilium/pkg/slices/slices.go        |   30 +-
 .../cilium/cilium/pkg/trigger/trigger.go      |    9 +-
 .../github.com/cilium/hive/cell/lifecycle.go  |   22 +-
 .../cilium/hive/cell/simple_health.go         |   59 +
 vendor/github.com/cilium/hive/hive.go         |   17 +
 vendor/github.com/cilium/hive/script.go       |  164 ++
 vendor/github.com/cilium/hive/script/LICENSE  |   27 +
 .../github.com/cilium/hive/script/README.md   |    4 +
 .../cilium/hive/script/README.md.original     |   11 +
 vendor/github.com/cilium/hive/script/cmds.go  | 1167 +++++++++++
 .../cilium/hive/script/cmds_other.go          |   11 +
 .../cilium/hive/script/cmds_posix.go          |   16 +
 vendor/github.com/cilium/hive/script/conds.go |  198 ++
 .../github.com/cilium/hive/script/engine.go   |  853 ++++++++
 .../github.com/cilium/hive/script/errors.go   |   64 +
 .../cilium/hive/script/internal/diff/diff.go  |  261 +++
 .../cilium/hive/script/makeraw_unix.go        |   37 +
 .../cilium/hive/script/makeraw_unix_bsd.go    |   16 +
 .../cilium/hive/script/makeraw_unix_other.go  |   14 +
 .../cilium/hive/script/makeraw_unsupported.go |   16 +
 vendor/github.com/cilium/hive/script/state.go |  244 +++
 vendor/github.com/cilium/statedb/any_table.go |  145 ++
 vendor/github.com/cilium/statedb/cell.go      |    1 +
 vendor/github.com/cilium/statedb/db.go        |   43 +-
 vendor/github.com/cilium/statedb/http.go      |    2 +-
 .../github.com/cilium/statedb/index/bool.go   |    7 +
 vendor/github.com/cilium/statedb/index/int.go |   53 +
 .../github.com/cilium/statedb/index/netip.go  |   16 +
 .../github.com/cilium/statedb/index/string.go |    4 +
 .../cilium/statedb/internal/time.go           |   41 +
 vendor/github.com/cilium/statedb/iterator.go  |   87 +-
 vendor/github.com/cilium/statedb/part/map.go  |   32 +-
 vendor/github.com/cilium/statedb/part/set.go  |   29 +
 .../cilium/statedb/reconciler/metrics.go      |   12 +-
 .../cilium/statedb/reconciler/types.go        |   65 +-
 vendor/github.com/cilium/statedb/script.go    |  836 ++++++++
 vendor/github.com/cilium/statedb/table.go     |   67 +-
 vendor/github.com/cilium/statedb/txn.go       |  105 +-
 vendor/github.com/cilium/statedb/types.go     |   96 +-
 vendor/github.com/fatih/color/README.md       |   23 +-
 vendor/github.com/fatih/color/color.go        |   32 +-
 .../common/model/labelset_string.go           |    2 -
 .../common/model/labelset_string_go120.go     |   39 -
 .../vishvananda/netlink/addr_linux.go         |   15 +-
 .../vishvananda/netlink/bridge_linux.go       |   15 +-
 .../vishvananda/netlink/chain_linux.go        |   16 +-
 .../vishvananda/netlink/class_linux.go        |   14 +-
 .../vishvananda/netlink/conntrack_linux.go    |   32 +-
 .../netlink/conntrack_unspecified.go          |    2 +-
 .../vishvananda/netlink/devlink_linux.go      |   40 +-
 .../vishvananda/netlink/filter_linux.go       |   22 +-
 vendor/github.com/vishvananda/netlink/fou.go  |   15 +-
 .../vishvananda/netlink/fou_linux.go          |   66 +-
 .../vishvananda/netlink/fou_unspecified.go    |    1 +
 .../vishvananda/netlink/genetlink_linux.go    |   13 +-
 .../vishvananda/netlink/gtp_linux.go          |   13 +-
 vendor/github.com/vishvananda/netlink/link.go |   34 +-
 .../vishvananda/netlink/link_linux.go         |   61 +-
 .../vishvananda/netlink/neigh_linux.go        |   34 +-
 .../vishvananda/netlink/netlink_linux.go      |    3 +
 .../vishvananda/netlink/nl/link_linux.go      |    2 +
 .../vishvananda/netlink/nl/nl_linux.go        |  108 +-
 .../vishvananda/netlink/protinfo_linux.go     |   13 +-
 .../vishvananda/netlink/qdisc_linux.go        |   15 +-
 .../vishvananda/netlink/rdma_link_linux.go    |   24 +-
 .../vishvananda/netlink/route_linux.go        |   30 +-
 .../vishvananda/netlink/rule_linux.go         |   21 +-
 .../vishvananda/netlink/socket_linux.go       |  109 +-
 .../vishvananda/netlink/socket_xdp_linux.go   |   18 +-
 .../vishvananda/netlink/vdpa_linux.go         |   60 +-
 .../vishvananda/netlink/xfrm_policy_linux.go  |   15 +-
 .../vishvananda/netlink/xfrm_state_linux.go   |   15 +-
 vendor/go.opentelemetry.io/otel/.golangci.yml |    7 +
 vendor/go.opentelemetry.io/otel/CHANGELOG.md  |   32 +-
 vendor/go.opentelemetry.io/otel/CODEOWNERS    |    4 +-
 .../go.opentelemetry.io/otel/CONTRIBUTING.md  |   11 +-
 vendor/go.opentelemetry.io/otel/Makefile      |    5 +-
 vendor/go.opentelemetry.io/otel/README.md     |    4 +-
 vendor/go.opentelemetry.io/otel/RELEASING.md  |   11 -
 .../go.opentelemetry.io/otel/attribute/set.go |   40 +-
 .../otel/internal/global/meter.go             |   99 +-
 .../otel/internal/rawhelpers.go               |    3 +-
 .../otel/metric/instrument.go                 |    2 +-
 vendor/go.opentelemetry.io/otel/renovate.json |    4 +
 .../otel/verify_examples.sh                   |   74 -
 vendor/go.opentelemetry.io/otel/version.go    |    2 +-
 vendor/go.opentelemetry.io/otel/versions.yaml |    8 +-
 vendor/golang.org/x/net/http2/config.go       |  122 ++
 vendor/golang.org/x/net/http2/config_go124.go |   61 +
 .../x/net/http2/config_pre_go124.go           |   16 +
 vendor/golang.org/x/net/http2/http2.go        |   53 +-
 vendor/golang.org/x/net/http2/server.go       |  181 +-
 vendor/golang.org/x/net/http2/transport.go    |  143 +-
 vendor/golang.org/x/net/http2/write.go        |   10 +
 .../golang.org/x/net/websocket/websocket.go   |    2 +-
 vendor/golang.org/x/oauth2/token.go           |    7 +
 vendor/golang.org/x/sys/unix/README.md        |    2 +-
 vendor/golang.org/x/sys/unix/mkerrors.sh      |    4 +-
 vendor/golang.org/x/sys/unix/syscall_aix.go   |    2 +-
 vendor/golang.org/x/sys/unix/syscall_linux.go |   63 +-
 .../x/sys/unix/syscall_linux_arm64.go         |    2 +
 .../x/sys/unix/syscall_linux_loong64.go       |    2 +
 .../x/sys/unix/syscall_linux_riscv64.go       |    2 +
 .../golang.org/x/sys/unix/vgetrandom_linux.go |   13 +
 .../x/sys/unix/vgetrandom_unsupported.go      |   11 +
 vendor/golang.org/x/sys/unix/zerrors_linux.go |   13 +-
 .../x/sys/unix/zerrors_linux_386.go           |    5 +
 .../x/sys/unix/zerrors_linux_amd64.go         |    5 +
 .../x/sys/unix/zerrors_linux_arm.go           |    5 +
 .../x/sys/unix/zerrors_linux_arm64.go         |    5 +
 .../x/sys/unix/zerrors_linux_loong64.go       |    5 +
 .../x/sys/unix/zerrors_linux_mips.go          |    5 +
 .../x/sys/unix/zerrors_linux_mips64.go        |    5 +
 .../x/sys/unix/zerrors_linux_mips64le.go      |    5 +
 .../x/sys/unix/zerrors_linux_mipsle.go        |    5 +
 .../x/sys/unix/zerrors_linux_ppc.go           |    5 +
 .../x/sys/unix/zerrors_linux_ppc64.go         |    5 +
 .../x/sys/unix/zerrors_linux_ppc64le.go       |    5 +
 .../x/sys/unix/zerrors_linux_riscv64.go       |    5 +
 .../x/sys/unix/zerrors_linux_s390x.go         |    5 +
 .../x/sys/unix/zerrors_linux_sparc64.go       |    5 +
 .../golang.org/x/sys/unix/zsyscall_linux.go   |   17 -
 .../x/sys/unix/zsysnum_linux_amd64.go         |    1 +
 .../x/sys/unix/zsysnum_linux_arm64.go         |    2 +-
 .../x/sys/unix/zsysnum_linux_loong64.go       |    2 +
 .../x/sys/unix/zsysnum_linux_riscv64.go       |    2 +-
 vendor/golang.org/x/sys/unix/ztypes_linux.go  |   88 +-
 .../golang.org/x/sys/windows/dll_windows.go   |    2 +-
 vendor/golang.org/x/time/rate/rate.go         |   17 +-
 vendor/golang.org/x/tools/LICENSE             |   27 +
 vendor/golang.org/x/tools/PATENTS             |   22 +
 vendor/golang.org/x/tools/txtar/archive.go    |  140 ++
 vendor/golang.org/x/tools/txtar/fs.go         |  257 +++
 .../grpc/internal/transport/transport.go      |    2 +-
 vendor/google.golang.org/grpc/version.go      |    2 +-
 .../protobuf/encoding/protojson/decode.go     |    2 +-
 .../protobuf/encoding/protojson/encode.go     |    4 +-
 .../protobuf/internal/descopts/options.go     |   20 +-
 .../internal/editionssupport/editions.go      |    2 +-
 .../protobuf/internal/filedesc/desc.go        |    4 +
 .../protobuf/internal/filedesc/desc_init.go   |    2 +
 .../protobuf/internal/filedesc/desc_lazy.go   |    2 +
 .../protobuf/internal/filedesc/editions.go    |    2 +-
 .../protobuf/internal/genid/doc.go            |    2 +-
 .../internal/genid/go_features_gen.go         |   15 +-
 .../protobuf/internal/genid/map_entry.go      |    2 +-
 .../protobuf/internal/genid/wrappers.go       |    2 +-
 .../protobuf/internal/impl/codec_extension.go |   11 +-
 .../protobuf/internal/impl/codec_field.go     |    3 +
 .../protobuf/internal/impl/codec_message.go   |    3 +
 .../protobuf/internal/impl/codec_reflect.go   |  210 --
 .../protobuf/internal/impl/codec_unsafe.go    |    3 -
 .../protobuf/internal/impl/convert.go         |    2 +-
 .../protobuf/internal/impl/encode.go          |    2 +-
 .../protobuf/internal/impl/equal.go           |  224 +++
 .../internal/impl/legacy_extension.go         |    1 +
 .../protobuf/internal/impl/message.go         |    4 +-
 .../protobuf/internal/impl/pointer_reflect.go |  215 --
 .../protobuf/internal/impl/pointer_unsafe.go  |    3 -
 .../protobuf/internal/strs/strings_pure.go    |   28 -
 .../internal/strs/strings_unsafe_go120.go     |    3 +-
 .../internal/strs/strings_unsafe_go121.go     |    3 +-
 .../protobuf/internal/version/version.go      |    4 +-
 .../google.golang.org/protobuf/proto/equal.go |    9 +
 .../protobuf/proto/extension.go               |   71 +
 .../protobuf/reflect/protodesc/desc_init.go   |    4 +
 .../protobuf/reflect/protodesc/editions.go    |    2 +-
 .../protobuf/reflect/protoreflect/methods.go  |   10 +
 .../reflect/protoreflect/value_pure.go        |   60 -
 .../protoreflect/value_unsafe_go120.go        |    3 +-
 .../protoreflect/value_unsafe_go121.go        |    3 +-
 .../protobuf/runtime/protoiface/methods.go    |   18 +
 .../types/descriptorpb/descriptor.pb.go       |  748 ++-----
 .../types/gofeaturespb/go_features.pb.go      |   24 +-
 .../protobuf/types/known/anypb/any.pb.go      |   24 +-
 .../types/known/durationpb/duration.pb.go     |   24 +-
 .../protobuf/types/known/emptypb/empty.pb.go  |   24 +-
 .../types/known/fieldmaskpb/field_mask.pb.go  |   24 +-
 .../types/known/structpb/struct.pb.go         |  110 +-
 .../types/known/timestamppb/timestamp.pb.go   |   24 +-
 .../types/known/wrapperspb/wrappers.pb.go     |  200 +-
 .../helm/v3/internal/resolver/resolver.go     |    2 +-
 .../helm/v3/internal/third_party/dep/fs/fs.go |    2 +-
 .../helm.sh/helm/v3/internal/tlsutil/tls.go   |    2 +-
 vendor/helm.sh/helm/v3/pkg/action/install.go  |    8 +-
 vendor/helm.sh/helm/v3/pkg/action/upgrade.go  |    2 +-
 .../helm/v3/pkg/chart/loader/archive.go       |    2 +-
 .../helm/v3/pkg/chartutil/dependencies.go     |    2 +-
 .../helm.sh/helm/v3/pkg/cli/output/output.go  |    2 +-
 .../helm.sh/helm/v3/pkg/downloader/manager.go |    2 +-
 vendor/helm.sh/helm/v3/pkg/engine/engine.go   |    2 +-
 .../helm.sh/helm/v3/pkg/engine/lookup_func.go |    2 +-
 .../helm.sh/helm/v3/pkg/helmpath/lazypath.go  |    2 +-
 vendor/helm.sh/helm/v3/pkg/ignore/doc.go      |    2 +-
 vendor/helm.sh/helm/v3/pkg/kube/client.go     |    4 +-
 vendor/helm.sh/helm/v3/pkg/kube/ready.go      |    2 +-
 vendor/helm.sh/helm/v3/pkg/registry/util.go   |    3 +-
 vendor/helm.sh/helm/v3/pkg/release/status.go  |    4 +-
 vendor/helm.sh/helm/v3/pkg/repo/index.go      |    6 +-
 .../helm.sh/helm/v3/pkg/storage/driver/sql.go |   12 +-
 vendor/helm.sh/helm/v3/pkg/strvals/parser.go  |    2 +-
 vendor/helm.sh/helm/v3/pkg/time/time.go       |    2 +-
 vendor/k8s.io/kubectl/pkg/util/apply.go       |  146 ++
 vendor/k8s.io/kubectl/pkg/util/pod_port.go    |   42 +
 .../kubectl/pkg/util/podutils/podutils.go     |  251 +++
 .../k8s.io/kubectl/pkg/util/service_port.go   |   59 +
 vendor/k8s.io/kubectl/pkg/util/umask.go       |   29 +
 .../k8s.io/kubectl/pkg/util/umask_windows.go  |   29 +
 vendor/k8s.io/kubectl/pkg/util/util.go        |   93 +
 vendor/modules.txt                            |   80 +-
 .../apis/v1alpha2/grpcroute_types.go          |    1 +
 .../apis/v1alpha2/referencegrant_types.go     |    1 +
 371 files changed, 14213 insertions(+), 7012 deletions(-)
 create mode 100644 vendor/github.com/cilium/charts/cilium-1.14.16.tgz
 create mode 100644 vendor/github.com/cilium/charts/cilium-1.15.10.tgz
 create mode 100644 vendor/github.com/cilium/charts/cilium-1.16.3.tgz
 create mode 100644 vendor/github.com/cilium/charts/cilium-1.17.0-pre.1.tgz
 create mode 100644 vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/client_egress_to_cidrgroup_deny.go
 create mode 100644 vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidrgroup-external-deny.yaml
 create mode 100644 vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/multicast.go
 create mode 100644 vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/strict_mode_encryption.go
 create mode 100644 vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/netshoot.go
 create mode 100644 vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/multicast.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/container/set/set.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/datapath/linux/safenetlink/netlink_linux.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/datapath/linux/safenetlink/netlink_unspecified.go
 delete mode 100644 vendor/github.com/cilium/cilium/pkg/hive/feature_lifecycle.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/hubble/helpers.go
 delete mode 100644 vendor/github.com/cilium/cilium/pkg/inctimer/inctimer.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/k8s/portforward.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/k8s/testutils/resources.go
 delete mode 100644 vendor/github.com/cilium/cilium/pkg/policy/visibility.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/resiliency/error.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/resiliency/errorset.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/resiliency/helpers.go
 create mode 100644 vendor/github.com/cilium/cilium/pkg/resiliency/retry.go
 create mode 100644 vendor/github.com/cilium/hive/script.go
 create mode 100644 vendor/github.com/cilium/hive/script/LICENSE
 create mode 100644 vendor/github.com/cilium/hive/script/README.md
 create mode 100644 vendor/github.com/cilium/hive/script/README.md.original
 create mode 100644 vendor/github.com/cilium/hive/script/cmds.go
 create mode 100644 vendor/github.com/cilium/hive/script/cmds_other.go
 create mode 100644 vendor/github.com/cilium/hive/script/cmds_posix.go
 create mode 100644 vendor/github.com/cilium/hive/script/conds.go
 create mode 100644 vendor/github.com/cilium/hive/script/engine.go
 create mode 100644 vendor/github.com/cilium/hive/script/errors.go
 create mode 100644 vendor/github.com/cilium/hive/script/internal/diff/diff.go
 create mode 100644 vendor/github.com/cilium/hive/script/makeraw_unix.go
 create mode 100644 vendor/github.com/cilium/hive/script/makeraw_unix_bsd.go
 create mode 100644 vendor/github.com/cilium/hive/script/makeraw_unix_other.go
 create mode 100644 vendor/github.com/cilium/hive/script/makeraw_unsupported.go
 create mode 100644 vendor/github.com/cilium/hive/script/state.go
 create mode 100644 vendor/github.com/cilium/statedb/any_table.go
 create mode 100644 vendor/github.com/cilium/statedb/internal/time.go
 create mode 100644 vendor/github.com/cilium/statedb/script.go
 delete mode 100644 vendor/github.com/prometheus/common/model/labelset_string_go120.go
 delete mode 100644 vendor/go.opentelemetry.io/otel/verify_examples.sh
 create mode 100644 vendor/golang.org/x/net/http2/config.go
 create mode 100644 vendor/golang.org/x/net/http2/config_go124.go
 create mode 100644 vendor/golang.org/x/net/http2/config_pre_go124.go
 create mode 100644 vendor/golang.org/x/sys/unix/vgetrandom_linux.go
 create mode 100644 vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go
 create mode 100644 vendor/golang.org/x/tools/LICENSE
 create mode 100644 vendor/golang.org/x/tools/PATENTS
 create mode 100644 vendor/golang.org/x/tools/txtar/archive.go
 create mode 100644 vendor/golang.org/x/tools/txtar/fs.go
 delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_reflect.go
 create mode 100644 vendor/google.golang.org/protobuf/internal/impl/equal.go
 delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go
 delete mode 100644 vendor/google.golang.org/protobuf/internal/strs/strings_pure.go
 delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/value_pure.go
 create mode 100644 vendor/k8s.io/kubectl/pkg/util/apply.go
 create mode 100644 vendor/k8s.io/kubectl/pkg/util/pod_port.go
 create mode 100644 vendor/k8s.io/kubectl/pkg/util/podutils/podutils.go
 create mode 100644 vendor/k8s.io/kubectl/pkg/util/service_port.go
 create mode 100644 vendor/k8s.io/kubectl/pkg/util/umask.go
 create mode 100644 vendor/k8s.io/kubectl/pkg/util/umask_windows.go
 create mode 100644 vendor/k8s.io/kubectl/pkg/util/util.go

diff --git a/.github/workflows/eks-tunnel.yaml b/.github/workflows/eks-tunnel.yaml
index a505625983..8bd59956d4 100644
--- a/.github/workflows/eks-tunnel.yaml
+++ b/.github/workflows/eks-tunnel.yaml
@@ -158,11 +158,7 @@ jobs:
           # Port forward Relay
           cilium hubble port-forward&
           sleep 10s
-          if ! [[ $(pgrep -f "kubectl.*port-forward.*hubble-relay" | wc -l) == 1 ]]; then
-            # support for native port-forwarding
-            # TODO: remove kubectl version after 0.16.20 release
-            [[ $(pgrep -f "cilium.*hubble.*port-forward" | wc -l) == 1 ]]
-          fi
+          [[ $(pgrep -f "^cilium.*hubble.*port-forward$" | wc -l) == 1 ]]
 
           # Run connectivity test
           cilium connectivity test --test-concurrency=3 --all-flows --collect-sysdump-on-failure --external-target amazon.com. \
diff --git a/.github/workflows/eks.yaml b/.github/workflows/eks.yaml
index eaffeb7670..e742563055 100644
--- a/.github/workflows/eks.yaml
+++ b/.github/workflows/eks.yaml
@@ -157,11 +157,7 @@ jobs:
           # Port forward Relay
           cilium hubble port-forward&
           sleep 10s
-          if ! [[ $(pgrep -f "kubectl.*port-forward.*hubble-relay" | wc -l) == 1 ]]; then
-            # support for native port-forwarding
-            # TODO: remove kubectl version after 0.16.20 release
-            [[ $(pgrep -f "cilium.*hubble.*port-forward" | wc -l) == 1 ]]
-          fi
+          [[ $(pgrep -f "^cilium.*hubble.*port-forward$" | wc -l) == 1 ]]
 
           # Run connectivity test
           cilium connectivity test --test-concurrency=3 --all-flows --collect-sysdump-on-failure --external-target amazon.com.
diff --git a/.github/workflows/gke.yaml b/.github/workflows/gke.yaml
index 437f9a9837..8ed1b4a54d 100644
--- a/.github/workflows/gke.yaml
+++ b/.github/workflows/gke.yaml
@@ -153,11 +153,8 @@ jobs:
           # Port forward Relay
           cilium hubble port-forward&
           sleep 10s
-          if ! [[ $(pgrep -f "kubectl.*port-forward.*hubble-relay" | wc -l) == 1 ]]; then
-            # support for native port-forwarding
-            # TODO: remove kubectl version after 0.16.20 release
-            [[ $(pgrep -f "cilium.*hubble.*port-forward" | wc -l) == 1 ]]
-          fi
+
+          [[ $(pgrep -f "^cilium.*hubble.*port-forward$" | wc -l) == 1 ]]
 
           # Run connectivity test
           cilium connectivity test --test-concurrency=5 --all-flows --collect-sysdump-on-failure --external-target google.com.
diff --git a/.github/workflows/kind.yaml b/.github/workflows/kind.yaml
index be0f54b57d..9d3a5828c1 100644
--- a/.github/workflows/kind.yaml
+++ b/.github/workflows/kind.yaml
@@ -82,11 +82,7 @@ jobs:
         run: |
           cilium hubble port-forward&
           sleep 10s
-          if ! [[ $(pgrep -f "kubectl.*port-forward.*hubble-relay" | wc -l) == 1 ]]; then
-            # support for native port-forwarding
-            # TODO: remove kubectl version after 0.16.20 release
-            [[ $(pgrep -f "cilium.*hubble.*port-forward" | wc -l) == 1 ]]
-          fi
+          [[ $(pgrep -f "^cilium.*hubble.*port-forward$" | wc -l) == 1 ]]
 
       - name: Set up external targets
         id: external_targets
@@ -164,11 +160,7 @@ jobs:
         run: |
           cilium hubble port-forward&
           sleep 10s
-          if ! [[ $(pgrep -f "kubectl.*port-forward.*hubble-relay" | wc -l) == 1 ]]; then
-            # support for native port-forwarding
-            # TODO: remove kubectl version after 0.16.20 release
-            [[ $(pgrep -f "cilium.*hubble.*port-forward" | wc -l) == 1 ]]
-          fi
+          [[ $(pgrep -f "^cilium.*hubble.*port-forward$" | wc -l) == 1 ]]
 
       - name: Connectivity test
         run: |
diff --git a/.github/workflows/multicluster.yaml b/.github/workflows/multicluster.yaml
index 9ba005c7a4..561580c642 100644
--- a/.github/workflows/multicluster.yaml
+++ b/.github/workflows/multicluster.yaml
@@ -250,11 +250,7 @@ jobs:
           # Port forward Relay
           cilium --context "${{ steps.contexts.outputs.cluster1 }}" hubble port-forward&
           sleep 10s
-          if ! [[ $(pgrep -f "kubectl.*port-forward.*hubble-relay" | wc -l) == 1 ]]; then
-            # support for native port-forwarding
-            # TODO: remove kubectl version after 0.16.20 release
-            [[ $(pgrep -f "cilium.*hubble.*port-forward" | wc -l) == 1 ]]
-          fi
+          [[ $(pgrep -f "^cilium.*hubble.*port-forward$" | wc -l) == 1 ]]
 
           # Run connectivity test
           cilium --context "${{ steps.contexts.outputs.cluster1 }}" connectivity test --test-concurrency=5 \
diff --git a/README.md b/README.md
index 620fe696f1..3e0e6f44a4 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ binary releases.
 
 | Release                                                                | Maintained | Compatible Cilium Versions |
 |------------------------------------------------------------------------|------------|----------------------------|
-| [v0.16.19](https://github.com/cilium/cilium-cli/releases/tag/v0.16.19) | Yes        | Cilium 1.15 and newer      |
+| [v0.16.20](https://github.com/cilium/cilium-cli/releases/tag/v0.16.20) | Yes        | Cilium 1.15 and newer      |
 | [v0.15.22](https://github.com/cilium/cilium-cli/releases/tag/v0.15.22) | Yes        | Cilium 1.14 (*)            |
 
 Note: 
diff --git a/RELEASE.md b/RELEASE.md
index 925d50a4c0..7c395e480e 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -19,7 +19,7 @@ table](https://github.com/cilium/cilium-cli#releases) for the most recent suppor
 Set `RELEASE` environment variable to the new version. This variable will be
 used in the commands throughout the documenat to allow copy-pasting.
 
-    export RELEASE=v0.16.20
+    export RELEASE=v0.16.21
 
 ## Update local checkout
 
diff --git a/go.mod b/go.mod
index 284225595c..93d82cb1bf 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ replace (
 	sigs.k8s.io/controller-tools => github.com/cilium/controller-tools v0.8.0-2
 )
 
-require github.com/cilium/cilium v1.17.0-pre.1
+require github.com/cilium/cilium v1.17.0-pre.2
 
 require (
 	cel.dev/expr v0.16.0 // indirect
@@ -32,11 +32,11 @@ require (
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/cilium/charts v0.0.0-20240926142256-e20f2b5f5344 // indirect
+	github.com/cilium/charts v0.0.0-20241015090923-1f4c1b5ac12a // indirect
 	github.com/cilium/ebpf v0.16.0 // indirect
-	github.com/cilium/hive v0.0.0-20240926131619-aa37668760f2 // indirect
+	github.com/cilium/hive v0.0.0-20241021113747-bb8f3c0bede4 // indirect
 	github.com/cilium/proxy v0.0.0-20240909042906-ae435a5bef38 // indirect
-	github.com/cilium/statedb v0.3.0 // indirect
+	github.com/cilium/statedb v0.3.2 // indirect
 	github.com/cilium/stream v0.0.0-20240816054136-71321e385273 // indirect
 	github.com/cilium/workerpool v1.2.0 // indirect
 	github.com/cloudflare/cfssl v1.6.5 // indirect
@@ -58,7 +58,7 @@ require (
 	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
 	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
-	github.com/fatih/color v1.17.0 // indirect
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -137,9 +137,9 @@ require (
 	github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.20.4 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.59.1 // indirect
+	github.com/prometheus/common v0.60.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rubenv/sql-migrate v1.7.0 // indirect
@@ -156,7 +156,7 @@ require (
 	github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect
 	github.com/spf13/viper v1.19.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/vishvananda/netlink v1.3.0 // indirect
+	github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/weppos/publicsuffix-go v0.30.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
@@ -171,52 +171,53 @@ require (
 	go.etcd.io/etcd/client/v3 v3.5.16 // indirect
 	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
-	go.opentelemetry.io/otel v1.30.0 // indirect
-	go.opentelemetry.io/otel/metric v1.30.0 // indirect
-	go.opentelemetry.io/otel/trace v1.30.0 // indirect
+	go.opentelemetry.io/otel v1.31.0 // indirect
+	go.opentelemetry.io/otel/metric v1.31.0 // indirect
+	go.opentelemetry.io/otel/trace v1.31.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/dig v1.17.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
-	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect
-	golang.org/x/net v0.29.0 // indirect
-	golang.org/x/oauth2 v0.22.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
-	golang.org/x/term v0.24.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
-	golang.org/x/time v0.6.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/term v0.25.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/tools v0.26.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 // indirect
-	google.golang.org/grpc v1.67.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
+	google.golang.org/grpc v1.67.1 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	helm.sh/helm/v3 v3.16.1 // indirect
-	k8s.io/api v0.31.1 // indirect
-	k8s.io/apiextensions-apiserver v0.31.1 // indirect
-	k8s.io/apimachinery v0.31.1 // indirect
-	k8s.io/apiserver v0.31.1 // indirect
-	k8s.io/cli-runtime v0.31.1 // indirect
-	k8s.io/client-go v0.31.1 // indirect
-	k8s.io/component-base v0.31.1 // indirect
+	helm.sh/helm/v3 v3.16.2 // indirect
+	k8s.io/api v0.31.2 // indirect
+	k8s.io/apiextensions-apiserver v0.31.2 // indirect
+	k8s.io/apimachinery v0.31.2 // indirect
+	k8s.io/apiserver v0.31.2 // indirect
+	k8s.io/cli-runtime v0.31.2 // indirect
+	k8s.io/client-go v0.31.2 // indirect
+	k8s.io/component-base v0.31.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect
-	k8s.io/kubectl v0.31.0 // indirect
+	k8s.io/kubectl v0.31.1 // indirect
 	k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 // indirect
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/controller-runtime v0.19.0 // indirect
-	sigs.k8s.io/gateway-api v1.2.0-rc1.0.20240923191000-5c5fc388829d // indirect
+	sigs.k8s.io/gateway-api v1.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.17.2 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect
-	sigs.k8s.io/mcs-api v0.1.1-0.20240919125245-7bbb5990134a // indirect
+	sigs.k8s.io/mcs-api v0.1.1-0.20241002142749-eff1ba8c3ab2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 801ce2097f..5086cac10e 100644
--- a/go.sum
+++ b/go.sum
@@ -60,18 +60,18 @@ github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHe
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/charts v0.0.0-20240926142256-e20f2b5f5344 h1:biAN1Y6c+77q59tDU74YzXB8ffZoe2KyryMU12PWB3k=
-github.com/cilium/charts v0.0.0-20240926142256-e20f2b5f5344/go.mod h1:M3C9VOlFvRzuV+a01t07Tw4uFLSfkCH3L542IWjf6BU=
-github.com/cilium/cilium v1.17.0-pre.1 h1:HIJgJ8mtGrz6fgRI6YA/TPAsx2s06rmJTvmVe8RiilA=
-github.com/cilium/cilium v1.17.0-pre.1/go.mod h1:OM+QqlLdnaaQiGA9/OTTeVDBLyZYtwVDIbcTMMAm1gU=
+github.com/cilium/charts v0.0.0-20241015090923-1f4c1b5ac12a h1:jyDHmM2GFbdsljXhgMbJ1Hc9bdNunKtzhjgiMEBKlNA=
+github.com/cilium/charts v0.0.0-20241015090923-1f4c1b5ac12a/go.mod h1:M3C9VOlFvRzuV+a01t07Tw4uFLSfkCH3L542IWjf6BU=
+github.com/cilium/cilium v1.17.0-pre.2 h1:Y9J4EalQEmtInHirFRF9qK7yAid3WS8/2A3/hnEfsV4=
+github.com/cilium/cilium v1.17.0-pre.2/go.mod h1:OoSUlF3lvdYOmVccOYWZnfs9tDHDyEWTtrwjlq8pDYA=
 github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok=
 github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE=
-github.com/cilium/hive v0.0.0-20240926131619-aa37668760f2 h1:xZn7yvMbK1+Au6D/YLKEMdcEsyMt6Qu7CUv+yQHGqv0=
-github.com/cilium/hive v0.0.0-20240926131619-aa37668760f2/go.mod h1:6tW1eCwSq8Wz8IVtpZE0MemoCWSrEOUa8aLKotmBRCo=
+github.com/cilium/hive v0.0.0-20241021113747-bb8f3c0bede4 h1:dTnQNUDijFP+hf7soSZtoBYZ1OTV7qATqE+qbb//zUQ=
+github.com/cilium/hive v0.0.0-20241021113747-bb8f3c0bede4/go.mod h1:pI2GJ1n3SLKIQVFrKF7W6A6gb6BQkZ+3Hp4PAEo5SuI=
 github.com/cilium/proxy v0.0.0-20240909042906-ae435a5bef38 h1:hbRPkcebWy1ZqqcnwiJJCFyzLa+xnXk6G/sM/eAsnrU=
 github.com/cilium/proxy v0.0.0-20240909042906-ae435a5bef38/go.mod h1:5L6S+WQ9v24ibJq38EMHEDljPrdx6PHqTDSHxRCJL2g=
-github.com/cilium/statedb v0.3.0 h1:RpM6r1+gv8TY6V18DcrcMbGaoCBs0Vf9z7OxGCbPVaQ=
-github.com/cilium/statedb v0.3.0/go.mod h1:AvMKi/i8VISTCvymtkTKSkz1uLlzuiYeaF8jvJO8ymU=
+github.com/cilium/statedb v0.3.2 h1:gXjEEVv/zSNU41nHjlhOVqqpTWnMt+l+9Z+FhBnqCSk=
+github.com/cilium/statedb v0.3.2/go.mod h1:KEdRTPdh54Asl6qimsUh6zFHVprL6ijp9/gCC+/3uA0=
 github.com/cilium/stream v0.0.0-20240816054136-71321e385273 h1:lyP0p5AW9fnNWmUcQ/BKaOmBEyZ+VWY1mGT1CFWv2b0=
 github.com/cilium/stream v0.0.0-20240816054136-71321e385273/go.mod h1:/e83AwqvNKpyg4n3C41qmnmj1x2G9DwzI+jb7GkF4lI=
 github.com/cilium/workerpool v1.2.0 h1:Wc2iOPTvCgWKQXeq4L5tnx4QFEI+z5q1+bSpSS0cnAY=
@@ -135,8 +135,8 @@ github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
-github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI=
@@ -407,8 +407,8 @@ github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjz
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI=
-github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -416,8 +416,8 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0=
-github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0=
+github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA=
+github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
@@ -479,8 +479,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQdrZk=
-github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
+github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 h1:9fkQcQYvtTr9ayFXuMfDMVuDt4+BYG9FwsGLnrBde0M=
+github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/weppos/publicsuffix-go v0.12.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k=
@@ -531,14 +531,14 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
-go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts=
-go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc=
-go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w=
-go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ=
+go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
+go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
+go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
+go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
 go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
 go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
-go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc=
-go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o=
+go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
+go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
 go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
 go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
 go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY=
@@ -561,8 +561,8 @@ golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
-golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI=
 golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ=
@@ -593,11 +593,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
-golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
-golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -634,26 +634,26 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
-golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
+golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
-golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
-golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
-golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -664,8 +664,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE=
-golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -677,13 +677,13 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc=
 google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 h1:N9BgCIAUvn/M+p4NJccWPWb3BWh88+zyL0ll9HgbEeM=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw=
-google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
+google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -692,8 +692,8 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -716,46 +716,46 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
 gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
-helm.sh/helm/v3 v3.16.1 h1:cER6tI/8PgUAsaJaQCVBUg3VI9KN4oVaZJgY60RIc0c=
-helm.sh/helm/v3 v3.16.1/go.mod h1:r+xBHHP20qJeEqtvBXMf7W35QDJnzY/eiEBzt+TfHps=
+helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o=
+helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU=
-k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI=
-k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40=
-k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ=
-k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
-k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
-k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c=
-k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM=
-k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk=
-k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U=
-k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
-k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
-k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8=
-k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w=
+k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0=
+k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk=
+k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0=
+k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM=
+k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw=
+k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apiserver v0.31.2 h1:VUzOEUGRCDi6kX1OyQ801m4A7AUPglpsmGvdsekmcI4=
+k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE=
+k8s.io/cli-runtime v0.31.2 h1:7FQt4C4Xnqx8V1GJqymInK0FFsoC+fAZtbLqgXYVOLQ=
+k8s.io/cli-runtime v0.31.2/go.mod h1:XROyicf+G7rQ6FQJMbeDV9jqxzkWXTYD6Uxd15noe0Q=
+k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc=
+k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs=
+k8s.io/component-base v0.31.2 h1:Z1J1LIaC0AV+nzcPRFqfK09af6bZ4D1nAOpWsy9owlA=
+k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 h1:Q8Z7VlGhcJgBHJHYugJ/K/7iB8a2eSxCyxdVjJp+lLY=
 k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/kubectl v0.31.0 h1:kANwAAPVY02r4U4jARP/C+Q1sssCcN/1p9Nk+7BQKVg=
-k8s.io/kubectl v0.31.0/go.mod h1:pB47hhFypGsaHAPjlwrNbvhXgmuAr01ZBvAIIUaI8d4=
+k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24=
+k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM=
 k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI=
 k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
 oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
 sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q=
 sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4=
-sigs.k8s.io/gateway-api v1.2.0-rc1.0.20240923191000-5c5fc388829d h1:FZvkIACA+ke1SEbOiYyr3bfWr6QwJcrFYxEKyT6BAaQ=
-sigs.k8s.io/gateway-api v1.2.0-rc1.0.20240923191000-5c5fc388829d/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0=
+sigs.k8s.io/gateway-api v1.2.0 h1:LrToiFwtqKTKZcZtoQPTuo3FxhrrhTgzQG0Te+YGSo8=
+sigs.k8s.io/gateway-api v1.2.0/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g=
 sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0=
 sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ=
 sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
-sigs.k8s.io/mcs-api v0.1.1-0.20240919125245-7bbb5990134a h1:R2c2r4UrW0aDTc79y4MLTyDvhjdD+jAFtnjLLHDiDnc=
-sigs.k8s.io/mcs-api v0.1.1-0.20240919125245-7bbb5990134a/go.mod h1:x0rgWQwGd3FJzrb94BNn3Nu7YxUwBWcgjVRbkrkVy2A=
+sigs.k8s.io/mcs-api v0.1.1-0.20241002142749-eff1ba8c3ab2 h1:kYmFRW4FG7KvgoBRdvrlhFPScYu+ZKhVt+FBRl43CPE=
+sigs.k8s.io/mcs-api v0.1.1-0.20241002142749-eff1ba8c3ab2/go.mod h1:x0rgWQwGd3FJzrb94BNn3Nu7YxUwBWcgjVRbkrkVy2A=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
 sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
diff --git a/vendor/github.com/cilium/charts/README.md b/vendor/github.com/cilium/charts/README.md
index 88fea55229..fcf29bfcba 100644
--- a/vendor/github.com/cilium/charts/README.md
+++ b/vendor/github.com/cilium/charts/README.md
@@ -1,6 +1,8 @@
 This repository holds helm templates for the following Cilium releases:
 
+* [v1.17.0-pre.1](https://github.com/cilium/cilium/releases/tag/v1.17.0-pre.1) (_[source](https://github.com/cilium/cilium/tree/v1.17.0-pre.1/install/kubernetes/cilium)_)
 * [v1.17.0-pre.0](https://github.com/cilium/cilium/releases/tag/v1.17.0-pre.0) (_[source](https://github.com/cilium/cilium/tree/v1.17.0-pre.0/install/kubernetes/cilium)_)
+* [v1.16.3](https://github.com/cilium/cilium/releases/tag/v1.16.3) (_[source](https://github.com/cilium/cilium/tree/v1.16.3/install/kubernetes/cilium)_)
 * [v1.16.2](https://github.com/cilium/cilium/releases/tag/v1.16.2) (_[source](https://github.com/cilium/cilium/tree/v1.16.2/install/kubernetes/cilium)_)
 * [v1.16.1](https://github.com/cilium/cilium/releases/tag/v1.16.1) (_[source](https://github.com/cilium/cilium/tree/v1.16.1/install/kubernetes/cilium)_)
 * [v1.16.0](https://github.com/cilium/cilium/releases/tag/v1.16.0) (_[source](https://github.com/cilium/cilium/tree/v1.16.0/install/kubernetes/cilium)_)
@@ -11,6 +13,7 @@ This repository holds helm templates for the following Cilium releases:
 * [v1.16.0-pre.2](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.2) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.2/install/kubernetes/cilium)_)
 * [v1.16.0-pre.1](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.1) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.1/install/kubernetes/cilium)_)
 * [v1.16.0-pre.0](https://github.com/cilium/cilium/releases/tag/v1.16.0-pre.0) (_[source](https://github.com/cilium/cilium/tree/v1.16.0-pre.0/install/kubernetes/cilium)_)
+* [v1.15.10](https://github.com/cilium/cilium/releases/tag/v1.15.10) (_[source](https://github.com/cilium/cilium/tree/v1.15.10/install/kubernetes/cilium)_)
 * [v1.15.9](https://github.com/cilium/cilium/releases/tag/v1.15.9) (_[source](https://github.com/cilium/cilium/tree/v1.15.9/install/kubernetes/cilium)_)
 * [v1.15.8](https://github.com/cilium/cilium/releases/tag/v1.15.8) (_[source](https://github.com/cilium/cilium/tree/v1.15.8/install/kubernetes/cilium)_)
 * [v1.15.7](https://github.com/cilium/cilium/releases/tag/v1.15.7) (_[source](https://github.com/cilium/cilium/tree/v1.15.7/install/kubernetes/cilium)_)
@@ -27,6 +30,7 @@ This repository holds helm templates for the following Cilium releases:
 * [v1.15.0-pre.2](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.2) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.2/install/kubernetes/cilium)_)
 * [v1.15.0-pre.1](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.1) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.1/install/kubernetes/cilium)_)
 * [v1.15.0-pre.0](https://github.com/cilium/cilium/releases/tag/v1.15.0-pre.0) (_[source](https://github.com/cilium/cilium/tree/v1.15.0-pre.0/install/kubernetes/cilium)_)
+* [v1.14.16](https://github.com/cilium/cilium/releases/tag/v1.14.16) (_[source](https://github.com/cilium/cilium/tree/v1.14.16/install/kubernetes/cilium)_)
 * [v1.14.15](https://github.com/cilium/cilium/releases/tag/v1.14.15) (_[source](https://github.com/cilium/cilium/tree/v1.14.15/install/kubernetes/cilium)_)
 * [v1.14.14](https://github.com/cilium/cilium/releases/tag/v1.14.14) (_[source](https://github.com/cilium/cilium/tree/v1.14.14/install/kubernetes/cilium)_)
 * [v1.14.13](https://github.com/cilium/cilium/releases/tag/v1.14.13) (_[source](https://github.com/cilium/cilium/tree/v1.14.13/install/kubernetes/cilium)_)
diff --git a/vendor/github.com/cilium/charts/cilium-1.14.16.tgz b/vendor/github.com/cilium/charts/cilium-1.14.16.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..1cdc31637285d61e69ecf4cb15d20e13e6350afa
GIT binary patch
literal 165189
zcmV(}K+wM*iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ{cOy4)Fq)tFSKvz5(M-a(p2OVD`81Md%xg)*NE$nPe0*lW
zZjgl4Y_uC_Npv>*w|@s!1vI+Z)MGqOvRTi5Uo3V5g+etR^{z-JvRL*`7CblI6<;R*
z@b&-o`~CjG-X8q7-|yG{JJ{VH4*p@Vci1294)%9<_y3_k815bP|AF;?2VB<v725Fp
zANs#}tor2sM*i_MRfZd>Qax%h#&aWQJTi-7+Lfvo<*^>IzqA-*tix_)8jsiste8t-
z?p1y}QHhLJ@Sd?dk!z{a5xX1Glaw#Th~XMbu}5ZmNTIv<v?~?0jit^KzPf}iI0&Or
zSY?=4=qQ(&fua6F4_RXuDKyJ+bthxNcpOXHhbL@Sq!Iop&5BLMN~JNoUvT4rN#8GK
z(-qT(r!miC_FXX*c`A(1tU>{%i)g{PW@aH6pGphZ12c;8BvJRw<a{=h5u0)?Vy05|
z?%z%?b(^W&wwcMqh@5f5&iP8@?6BKF_mia1M&$Q07BBw<QQ7%RzD6+imwcIx-R)P>
zMV6`Dut=pdIWKaV&Kcq8$mZc8(zX|ma;1^zA~iA>jHcLTGL4cVwqSUcB`biZV!>uI
z7xz3#bQ5*Y9*oFSp8TNl+eGpBSyUC&>7F`0kC<*KRvYVa8m{$ngwqwu1*?$FRL&fV
z9$c!@POz3e>UJIetYiuhh?Y%+I#&@-u0$+z5t$dPz{K{;so#qhAB@P{kS|$xjXiNk
zY6b`~hY`$wDm*Pk?19}&vyds{xQdMOE4I*rMO+Kb5_v1wrHVxdhdjN!wp;tV@$p3y
z4Q<Qkot!Fu?s-{)eBzX}lgLGu3oTNk-L#fG<#Rmpuwj>tVNV(^Q_Z*sqcai7nT+7(
zu+*?^a+R<<o=a6|1m{|LdSY{KpBwFg@ib=Kp0TFTOpD0D^!UMQr1xqDzbyPFqK;#G
z5SZt!Mv0A|y98^nAE&Tu>=v4|^nr=n*~!$dAQ2V0ZBpXFOn3_sC<`Ituum5<T2S-Z
zifLhhAPJv}1p6|c3&ypU^HjvlsPaZjV|gdzf+tL*ai*mG>`!m>Giv+1lh6Tv-U(O*
z{lvjXjl)G-T@}FuGZkyQ^I+pJnU*(kIa#8mCD+=j4{r~V&Qu<WrCo+NSlfdePb^oF
z3$5Xv0VYD2g~)M<;`L=;NqfOXk<hauNmfi{0=EKB9;5knBBO>Af+yL64;~}G?f0^8
zz{0Vf`6Zys=I=4jRguA8mCq3@$iJ1(F}EP!b0hBg>IHY5fPQoA_oBNFM`SeQOYXYH
zo{p8({*+dCL=@Wyj*U8xl?Z+(bma>nLG4%4s>mbZh%MmOwAY|zH9}}lFtBIoom!p1
z)$mgGRoJe0tGt|dg>hMB;OBF$VP|*22~Cf4fuzwutnZHOb(Y`RZL;K9CeyhNg@UQT
zFJq@HV!RV*#D&tvzI<3QnOf;1f`iO|3;Q9(gK0iJUPjdylk&yn`|l;0ovY4xBpxH$
z+xL@+5SDk|w81x?y3=`<Vb>S!@we|MjD~#424C+6v&{?3yiyy>j^%=zfC01J2ulyK
z!jv_NL+6UeZ+T)#nU5zErIHuW#mW;?>MXNNspPqgK989j)t>3WxEpA5DrPc;GyhQ_
zjg&%OiH#?4iiI;~*SHWHNn;u4O`B{ZN$dsqlAQ)z`bqeip0h?u)a*saSt7Nu*Km~y
zzZI*_9Zw3uGA?rsjJ|E2Wr?hEj*g3pExV8RGDnt^X_1J?s7B85WPEz{-tqu1AW$UZ
z9QlUl9qQxLD;AFNC|x{4RkGN}#5+ekwI@t2W+E49Bx1&GOUq6qs9~`3bgq^SN-){H
zPR@tNX{w48S(X<cF3FGw-Crg!4_P?$3l5nkoRMZ3{*7EfER4vPGWBwaJGkv$x|c~}
zY3b0ftSHM>py17O!5wGTwkr!E!IEpkjc_Nq6MIr4@)_T-Atx$+@e!4&_$4RPM8(fL
zk7^jP*q%>t!`c3Jz{+|nw1|OsvTuYP<M@KTl3mdSN-c}T$PV;^H%k?Z*WDJ+<oChF
z&a=$_9CQbJ-N8Ytf}VIgdDlVB<E3YX+w7WzP^9*Usr`sffw@q2_6uV&J?iy5iFz#=
zS&05coOXZKu}I`y-c5z+%@@>|{_}s9T&BHK6<KZrwaq=b<a42WiJGg9R*CBByLszY
ztnO7F>rt!2-cH`NI)HVn6X;!AodEq-$K&7X)R6D6n_LysMCgT5#x}k!roz)`=U@M1
z>2%QTcltZ6a8<O3A+bofDb6LR#3Qw=&a8D;r}=-kLjQ&TXf|*Y=-<fz^r-!3cW>{Y
ze^9so9PSSOu>bs5{M%;lWFpvHq*eyT+a1{FB<bDyP1n2Nw_+v}@h|N31H1fi!_H2}
zH{I4YyIDxh>>GPQc)Laeg!P5iHOnmNwpy)iR%G*>Tdrl9aU)4_y%0&J?ctbfY5=Nj
z#YC!$T#%%>aN61np4mgRwe5~;xPnq;ShV2jT(BsYM%qgUaR?w;!9b>k#oeg_+|=ys
z5)Pb{1(l0m3YpV!or-%mQ^!MZvv;6w=gTY+_E0!%vqAUB{+~A+<~d?JgYMBzs}+lB
zF(0)U+h&~(J4^XA5ey!(M9t^Ox(j$5kJyYSTDZoJM-=wjn<{O|mxw!&Xh5_MgyyC)
z)J1B%fq)*tpi7~(J);4HCyZvfNMNOa4m?@_JY7sXdZmq6dP~?V(VchM?VUC%7i|V&
zW}C&_@Qj-UgX_+66R+{+nI-C;Ne$4zWMNUUAH0T)SW06@&qNMiLuk`>ZvjxG(iF9<
zmQC0OfX9}rjbLv0@rleZD*Z{A(l0=l{&qOi&&)AWNNX`-e{Hq$DUa&k4umjEVKrk{
zB<6PB!X7z}BB8bYZlI5;u;vzRl;1|o<b|*sr1Fj7>SS4wSOz@Gg~3l`A6SBsx?bei
zP`BVelOjp3vGvFTBt~cpUUqEX4g%Yv@m^_T#l_d5%@grtK#Xnne_}D?MPh90&s%@(
zb?tWVVVkYbaNQ!(6K)nGwzahxuwxyq5Z}5z(j<C)tF(Du$4up6$BD|ZW1V)W(2}4&
zl(As;&|`^QN<-Q!!T8+1wMz*Xy**P}+iZ-62fkEA3W5WzJ~&A1n*gih$rvyb_AH2m
zh;?vKfmvxg7`eS+SUkb({bX>ATp5#ya^UHT#UkM=yQ{Y?kR>ZpBQ19+ay*fXcrFa1
znNde(<Wgv+3e&YDI{|WBaU;$xHhvY~ECkc`dX%Y%eP2LZrX><~BWf$w#&+TUlIaoK
z4?#?eT$|^1--a$FX#^1g?dN)-a)SUh7~~jd3prodqktQ*2f@n`8}wT((v|u7SYF<l
zkDSGWeMpm4^;9QiAG;8G0iR=8n8J!Gg;`h;kZfKs{Pkpfb!Laf%|!db4fsl?<~946
z%3lh>#;0pzUliH^|Bo%mn9Y;Konc^p+;$yMLq=-z9IiAqV*|T1hWq<ZO{EQ>mV9ML
z>@zv5PL%F9dlA_A$auv1w0S_gBHT_pjw09qpjLxXBDKs^DpCXYUw9~-xHmhRp{o6t
zf+un&MGXDBttwDBmXT2yfiP7$2J6xrJm7^<up@&;p-&6@kN<3;3PYy2wi}=Zhjwf!
zVZ<_1InP(Lot}~cI#D8fQtLwK-eC95frTM02Vlh=B&Z$4X)VsjELK9NJI3kh>=(U0
zMsiwQI~G}cEEITfSaFBvsz~E5`&J}N_qq6N2Frv^S2Tt}rbQQ`iwho%tBy!c;w%rM
zwp|ILoVpfx*5rk7Xn(M$$-UG9&Z!mHXyiOqxrn=-YF>4+RCmAwMmQ@#1-K~rP^U!4
zeHM0l&6ajE@I-@-H)y=Z@KhIphw*~d0C)Q{7FfqI0nY|(qWD>GO%!+h<??*^uFG@A
z_yX`*E@p|GFE(wH3j8b=9c=xA5iINYIOP|`bef0`G^_(ISHL>tLOus<Azy$j9lJ}R
z7sr{z>-=%blpQ+U^?1R6$f}e;B9WW9C>eA)3y0|XA-X2fT{}c~Da=B}e~NOI{{L!P
zodZF8`3yQvIP6#u`lS>47D(SP7yKrVAioHEKIij(A);$MBB(X-nxE&~a+e~P3hz`}
z{>ZJJa<NqDwJ_aQ(CNMHGl4GGz}e^#8_+0Yloyc^AomUc<?UeI7Cfl%{>RXyWbE<s
ztXziJ@Jc0#W$dc3!2l1G;2;4fD|WvSDP03g4jS<yi#c3Yxk{1`h4D&E?RH)>E+9a3
zQOK|#N!^J&mobP%cE@K{998*h#I}AZ_zK)g!^?B4#hBsq5!<>W9h!Y&1rpRekJ#3D
zcB#w+-3+#nCBm-|%em0@0Kz{;%$@{VoYJq5g0q>uC01+Su-oGF$|9es_&7E4IC#W7
zPjw2;b=T2C#D$f##&`+h<Ff}56`*M)<+M?mO4NMyomh=nsR*(2w^EM%c%(1}Tgo+=
zQbt~jyyPZYoP%pm`H->OBi-RyR{QW^DstwShDq9MG903ckkTWT$h3F}p&6BUnco7$
zwWR&@EuVn4A>f7WaxmHoHey!lhO6VmD$-U!j6`O1uLRW*cM?SQ9zf~vH13qc_gVoe
zqgJQ92ie(!)J8iA-cow&R;+N11otJ|I<uVTU$D7*4XOaU?(BcvLjf$+h;3ae`qJVr
z6R-#c4=xpcZt-f+Jzy$LR<E6?Y2}wJmkJ!aqJ-;;cSQB0xOOMD8JZfr$a;Et?aVE}
z%GdX^<+ZP#O=+@Zc1kChUYzPqrs590>utl24n77AN1STE1sz()r5Ck70yN`sj0&OP
zSPRZZ@nCX(;+v1yk3X%0<F#{z=W{R@XzG8Q&!5>-q<1n`DOkPkcrGmi>7bmYcaH(F
zJ9EO#g2A2PI(<t|FHlIa{c*+7?W45mEK}2ox#6^opg-z8V7vF0sp$pp-9RI@>CMe5
z6C-vCeyJ*7(c4_`*a~|7Ix7duRmSHWjXf6Q8|6v9X}WhRDVCl#-{Y^x=z|?DLgIWM
zJPNwHZ$6WA=K{G>1t<-{DPa{l<X2788PEArfW!+fAFXY2025yPb#fQN_xD)2)Mj!H
zcl$PD%N4cj@DbY@40rdos*k55_Lq)*#F!D<utD(mF!+0yrshmepuQ6iW}Pp<4VuCI
z4^63Mz-}CuOb9u)_)S#8Xu*Bd#I2l@%jaV~>Fx-|tZ*8rVbSa#y)xz{hj-<Z_0VUp
z<C&OFc{uc1{;6jRapVy#-zY0aY_H$%FWq_;OJErG-b;Am@T+tfthe7E3@;?jwe&0c
zM>o-`f)51G63v$VeO1A<rE6c$v9uqxfQXH}z}1+k816tswn&e)Z82hf*Ws$xkcmXx
zff7B-<(*8#92_J4kGg*U`t01^&ZMy~XYx5*b)QK;RGk)MT0rLynUC^eXdD=^9o^p{
zk^HJi!G#9U(^>S%FfFYVe=pdA-<6`h!3&NM1#7eu>pz06CgQ0xxkykZa2CrMxKtQs
zR+(U2vqYtHikDd-e6w)M7;JOLWddq+g|tKS0uE*1Y}^4f?F1s8q1jgonjo_D!Q)Ld
z^Q1!g0^Y$saXc4H3(hTJm{!rPFjgK|O07$WoDMtr_QMaCVHdm)Nh%PibYRg!CibJN
zNNDZ*em6cpuXaV!(@nZmF?!79sxZKK!Hw2t!bII}*Mqq{yZLl{dNICy1QrTVn&teS
zCesY(>iCC8F-k2@Z`m5nmP?-bzT?Tsr}Gad-&H%yl*tUS?%GpR%NWczOLb@GqiCIh
zW{KK$X1Nd^?De0oKV5t{{dj)n0skOaDlBY6YO{MbEeu=A`NDv5EPVT~e`5RH!2s_b
zD*$;gZdvTuA+FA@KYYA8Ios*__u~{hAE8oxM>C$-OL)cJPTs+eo19%;e7LNv!3y5h
zPjaG)Bu38|#uEt3G4f7$JbVxT<m!BUF~0e9Il209QUUC+^|0S6v#{vAv-nulEQ%z(
zXm)GQ^2AQ19WYCIks9emk!=>`vZL&j?*`rBu-j)UFI&g-V!zuDC^RcKYdgTdsuJ|=
zI}XG0!Q06@5A7H<{jt<hE`U48SB#^z%y}=PWwD~^&Ukdo?ST`RV_$n>ogSZj`tbeP
z)z$d)tTqts>zY08+=>b8)$z%>er?Ymo=>F#h44%!Lcbh?cOQPZJiA&STc8+WPlS2S
zm*f@%ho@%m$EPnJ>H6&E{rL2SBYphBkv`H$kDRu^n|31b>ib-~ouDr?IDz-&kqfpA
z?-#WLZFU$!d1P~abUjinQbPl{rYGNCefV%wc{I7XI;Q;tQ-~U;00D#@z0#3MI_gg3
z_qjAeH_isyUPIFlzGXSDD@R_LGL^^3M$q!MjQ@^iJz=6A4%UrXEc4%Sz8fycMDVmj
z*Q7Swh{mZxGn7lOZKHCQ7Ybb~fm08M0J9_~Gpq)CTq>MKF!d}zpy7dAdPfHb)>K5?
ziql}}C?AKubl%l)n-wW7Ua+f?6zzFKbUlEBeWr5YS0u*qC95zLYnz-&1o1zBdN{N0
z?{|Iwad-Z4cRq1<k^(za5urAhX_Ip!=BpO|zNVjct0E75rNC+ABfM@gmWRJ_M=$xq
z$JApvVnaJ##VehCj~-QZIk?s0w|cr#Q7Y@cF~{Fsv$uc#aB?{YzutN2`m)U~mGRzP
z=z=BFh+L);ff9=C@9pB?<OPf^Y!`xSB@-Oh9v8>Ig6m8<7JK!X+h<*}Fn)dw_nhEB
z?wZ-L72+OVhxVA8s2Dua?fw>;O@+A^A_b$Z$Xnaafqq6$=(k=#s3wcla;Z{wKJ@YK
zTFjTInJ$b%1<<96#T9_BDdSN&AlU5@#oQJd_}@t*c_M!ed=+qc>}a+WhR59SZi@^d
z;=3bl2k@YQE^A+`PQWkxSQ|c+{YdDm)wnY3*K%v=SznC4`y`i3p0AEER4shzE&&J$
z7-6{Lz&W#dzv=Pmh>=TYztix4+&}1OM9Ne1qAuu*^aWkem+J-H3N7+u3Ji9^$<H3Q
z#S=N@QywL%h}TvIzB{q+*je?vJ+YOhJdN*VY!(#t3H*@Cj9kiJ1-m(!z)}41bP}W}
z0FMUC*0%5l0*fE0c;IrS92*d(5yS*fR7{47v(p>)>Wt@!6xy&;k@4IVxoB;(8@Uv(
z!OyCgFW~;zs;a;+q_g9(-h!Bb(w^9D`BxV>pE|A9CoI!h&M_{@Zm?J21Cix|?jF!$
z+iAXid-Zyw1L$#N<efbS-oCv8vPH@=_ONrD*kplNDzq4zPV?&LD2<<(>LgLAV3)@?
zdk4MC<C}v$Mq#Y2l$*VShl4$eFs)DT>fOoFaIoLWasfUZ_H(2<dB#%sR?ZjK5l_T;
z67dKUdH^qj{1&nvOlJ6Q37I@p4&Gl(+itDWPpS(>7}pk}{!-&3QgRU&QE9EvCYO<A
zeNwr!w`Ur+w*4Y<eMB1ZOc&noHR5@`YKq_QwidN{)G1`gEU_+UVoH=Z-aqA6Iv=ty
zFi5wmfkL`I>RS6v3&}DhED>Cb(&af7_atWgJB#VcN1w&0$U&=@2yU5DWXOR*6)}qi
zkK2rcn{?SAlhG~twZSl_1aQO#`#SU+gm9lbo-l4G00_c{5D<JAz|1|RDZpP>_Qk2-
zaUxSOVpX`7V^f9k*K{sSF7bW_fIML{E)yMsGx-Yb`6D*eO&=qpV<7w>q`QCYo2+-+
z_+4D^Qz;c|k%CA3`<$CX8dYd^d^Kr==|iVRY)hC$f88(k?fXe<I?w7jzI{LOiB2SZ
zS>hx9g^A@<#G1bEN$7$Py|8twF3O>c_L_^*+N9kKMs){0mkk3FiKNx3T4u~S1Xm(C
z#}gDQ!kE<YB=jh%j8Fp!e3d1u<?^6)h8$mYcVZ}n;Bbs<Vf+bpCv)&1wPXPvG52|9
zh!?t(+{Z1{Ly_6Z)v4~<k3-t2Ny5|mv4Y2>9l)LTnQhf{l4MI$oJt+3JCU!Q-{6{m
zaq|%raL@uZWNFOCCl?bo%lX{LaCNMd2(H0d0=Y{RazWn3x@q`nHiJZCg;8KLZ1}*=
zQH6O|Yb%R^<_&BB)Z>SRNZDr(=(9atXf!;Xs=e%M04QQcg8er8Jk4g^Tq*Mzr%twp
zB8^3kNuwaF91Sb5{MQ_JGUeSG$1@67iKT|A1lYBiG&`D!hYUS7fn~<lVE!P~2+}m0
z&2)%7g}S)t`8dQJjj~>skp`v|eC6*kH~&ZG;z#03Tn;riOmB8xbF0U%g}Fi8jkfmT
zEXE_&(<|MZ>E1M(wdxBw%S9*H<7x&mfNaS#irwf^WKL>#j}~}PqY01|5C$?W(9;#K
zdS<WfG+K4h#nENcx!_qTOjSI#Yt!Nnz!{{)aw>AbC#4%B1*dQZhGz?*5)iRJ+#4Pp
zea5xExZv3Ze}GVtFCEJ^Al5E*Ns@9N-MW|_(EU7$NMvrJ--d?!uBl2pRa_7S!e=8c
z!-L^qZx3-fPFFQtp2EVN?Ny@SMXh+u+|h2o2&m+esiXVB{{HU4Z=Cey@y#=coO1JZ
zNG#-hF||LQ9?~{_AuR(My1YTo-^gyYR~b0c;EUI=b>O9==ip%XXs?{%EK%GX?1i(m
zM_)(FU+r=L_pu~lw2^~I!P3l&JGe`-dEkW*t0;)i?uoRgfh0ZBm-NImoAoT%-a3)`
z-F|<#Z;7<z+370fOBr3uU&WO@T{hDT?BkY9d_K<wdey)zoaHlB#^*oNi1hb7k+C<?
z^Bi`GXtPA!x7kv}kjaQXgzZ6~j>{27)NBJ%W|cwwqUB&c``U;Q1VUOEJOTx2xlMI2
z@|Za65!>3=TMdIE+imyxEa7v_OfKhhQ6CFjNwvj=mM+Hd$($mM;GC?5<q-z&EZ7m-
z;z?4Dk0vXZ>BgllbXF3hoQw2$;tmAb>n=H>f4_FTPnAkuJ3fPy$KwfGa{WsoavqC-
z*~QTFwFLzbaXq<CmA#HbgfzqyRFr+t*#JQ9(+f~&15fB>PRk2gV8D22!=qdF%3iv!
znQ~B)6$U1$TrgofS!OF)f#WZ6ORoUW*G$elPewXypD<Dy6qFNgETI>ay;LqCRub<Q
z%cMx-Vz4wac+*wJwPvX>l(LjAC&1XJ+i5tlJnd}Db1~=9>I&)cC<!6GXPLd=W^(o6
z-~WsW0^xqoMI!CF50S@Y0%3WPh%%bgN8?!9Q+ic8(H_IoKt7=ga*5QH!(2RAa!L3m
zcHxSceSdy@$z;5PXZbXnu|&;fM0CUPe(e7gMz-0*vFvs)&BA_5o~|e>tW4((c>eg4
zMe;7;>01B|h*re6$vYM$D!O$kyRuwO-GN+PKFrAImW1Iuo^&mveqy^$ay1n-JwzhF
z0+S$X=3{!nR*0H6SV^fg-UZRy14H}3cIYL#-P&e99A90IFW-;A=LWQO5zoc{(*j%L
z+iZr0#tq0|N)a-H{3cx3c!?rSZCnhCdJ@qFEPvo+P5bWS+p`X=;LgeM<?+>@t4kK_
z!C59a?5eGME=^~q^3H8B6&+ZOTi^~ET4UK1t(OTe(r5u8z!f*+ZFZq@pZ?0(mS(Cb
z!wDm`TuS5PsMU;3g<Y4EtJe0D;cvaHNRr;LKN#+|EW+<p{#`K@6WlvQh0q2R20@%$
zj_c_`)0j<VT6$YRmM`13lq4WV5urFYf9GlkCbQ>)w$IS5eNmWL-KX7BPe;M%a>iDw
z*vUm{bEPHb7nhIdJSDjgOd$r;xOXmp>B;37wILOZAaw!&nhFcrdD+F7$k!S3AZ<XK
zE@W`9<IY}!)+D3YT(KfWt+L}7z4g0(6PD*!wBVRK3v#Yz_R}l4uq^emq?pT8ciBW~
zE$iX)tOFd5`<vhEPLxXbbC&Ql6^Z)^u{kp8+zIlNgh=|_p!1l+;zCug(_=ux8OH40
z0xMPp8bSIPh^o6%y;CeCa02KerZ(L&0|K1D&Yi$HhFa*{L<{6vD+pkqgY6lj)J0VU
zI1kW`Q>37SkYyqyP}|WJJLOvHz^#8rH>_2=GP)Rb4t6y(O$pPs197d3rSNm}9EF-y
z2;F7Jkid%6=MmSUUGD>MEvJj05AXj9=o_9x5V>#D4Zaw@48Pe0zx7|m*uT|%DssJ$
zS($h8GkCc~skBUdH~vhFjTPZlDb(4e-DbJ4Tzd*`<REyuINCbNU>AJ;Cz2IDP5JHT
z;9Fy^56x1AwjeqNDF{WxtbnwkYm47)#S<5FyiM!G9v7Cs1ufTuJp<&OsGUYNsY1<Z
z!z&zuQgYzB%7w8Eib|avre^Gr#e799gF9SoM}XpbPazX9TE8$Ii%2k?$1*dkfI|T`
zS<T<cM2uMPj_19+Nb8}@sq7|d?q_g)D>HVVqj8Py%{9uCN+$HdA;$Bmo?sFX`Ap?Y
zOg>Zc`=kb>gcyZ3YH7*2`6vU=WXp%pb+JBJeU$+t3gA^bqi~GM!hGf^bf;_tKb0v#
zSD69mQ<;_|rhteLG7qpvR+q<kPn1`d;kgMGcuD<Pk<hip?m3=lcrVyT`G%WF6$X@o
zcAJN}EP`kn`piB)!<|Z)At70n+rXWag6-G^<uml`l$}xdz^T|n(l3|t`t0wM7a9P-
zgncQ_yU3iTfX64P#D#&8HkA+9>+g3oWaIHLx-!iQ<Eam4H)d#y+d(cNIJi-#i7xL{
z4g!-Vavj(_c!~xsFtcR2ptMAYmJdOKK8?pbrq+e2OUxc|PioxoQ)>pkkJ}}VBRfW?
z0&l~Dy%j6R>RA*@)ZNlDrKMCeRSJy_2<K|)whX|40LK!MC$`Kz_yF1!=}B8+6X>NY
z%5@9bo>~_{RFzp~z2{E9Huw`~Lun|WuiA{1U2JxkQ<-1XqrGZ}NHu*;iQ7Wmvl&FU
zfc!q^`PA;xNF@nrc!{4;QB>q!HRux(Z8s@{ox-r5pr^05KDTUpX!!mlQ2(su{At!6
z5~>uEXx}toj3@o0sG)l=Ca<89Dc<H2sbyA}QsD-CzZ<u;4O?Zw;Tp$KP24Lx4HMg;
zgcjA?i85S(^jp#%+y|^6S!Aq8@dhii@;f^n9Kbi~-M^h)GM|hyr0E5JXdr9AZP$GV
z%M`s8&#G;9DzaQe&Qof}?-Yow(`?rDMkVJ6)nzv-%)TL0Hs}ua0W%!#3P)SB8a9pY
zvbxkTB`)L|)kp3i^qI7xTq^pLgn|I%2%l|UWMq?<DKYk83ODg!IqMnNK}oG@O1<&g
zGT&d?WuC`Y;=Vz+!Kb+4((=Jc!WK&1(o})BKwSp8$J?)p90yO5HOswuHjs7uXADY)
zQIoROo=wg}*{u%HVw6G+q$q>aCohPl*s3vdO^RIZ&~r&|Gbhj0cmRssCv}k~=0dp4
zMs`DOQPkv;XQN6OW;@8pLXWn(kPlD0H3RT)-L#n&<P9T|jQKc9kdF$P#4fl~7t=^B
zm)s?YsyQ6ubsUI&pv&MLEi9*D*C{Ty^2)k)A%3OELYg}y*asqlZc3kQr)_W3YQ|uq
zTP(bA$$?fzG0j(yV<$isPbJ4|I9jt;;vo{5arJvpfv!^V+Kz%!nmsoCHv%l+QU{-P
z<TSTSe$dKZU`~xhEI>VKrLSqCqT98pmR;Yj+{bQ%zy+gF+NfZf_QY{kZif+kQ{%a}
zExYHp7+E4HBCt$@MxVj6M;3+V?+|{eX7r!&rR)^!!O`%w#wkgCkb4%s7Ef1nk!d1y
zsg&cjO+%{H%GV1_AYcQ6Fh{2fpyWx_uVw!qK8Nu)E=YTyz4T*Q38ay3rNY?BAe4WZ
zv>Rp0WwfVL7;8oAOSkJ%@Ki$<I&K(;&>>+MRPTXXlY?^sMuQ4%Tz(ZNbyP}$Ae~y<
zfsG|*uWVoFkQIi-f>KT2?YTM>uW6r&TARE`HL)agFq6W@E(h;W(e}D=RLfVgrNqKm
zP6Gi#>IM2UxLMqlDjqVCOK_6$#+H(E13<(krQ#mg8L#sz**Z6plTP4QxQD8WcL`ZJ
z70}5-bat^asS7x#Y!RR>pXtj&hf~EYlooCvs7U7qg)}6XT>oAsam4c&<+W|fBu4&z
z-4<ST#A=*E_ft3Dn$CU!^`wlVHIF<T=_<iKAp}IZ6bX?VkD4*5%HP53EBiM10+7D2
z41z&x5xVS_D~S@9_>~>xu-~S}7k<@wue)%VA6!uxpD*>~a^ec#Ai=dG#z~r8!wU?k
z&>Q?YkqIue&rkT>_t*BOuXsa;GC63K7d(v<Q~=q%BJ*5<rpgk*sm#Co9#{r+lqSzt
zdonDn&?i%t@O&;x&sjqIyCZ#OhxnGKv2ESxyX|yN(p9=z^86MCLPLx%0<%qYa$e^b
zJio0Z=OKW>1S=(wyi=V_9e*S%sT3<VO+TESL<pv7$cBPTZZ!W1*PD29h_cp7okv_N
z#$x$bXw&!x&R3WI4o$FNQ*^2MrYpLm$iJY8wRGwv%<_8a>z+tlUS%N^&t_v#`t|9x
zbEpODpD5GHlB}<5Aj24Ysx(49%0Wu?c5SK@ELTl&>*3uHrfw%7-~g^y{)h2SC>YG;
z9XRyzn7jqL>v`)4(N;^Qu-VC}GFf-kC(k%)=Nu~&k=N`8)vKa({KWKuj*aD--HRl7
z^t+kOW0J$D33>6S5KA5fh+YTI4ak|CeM87xqy;3`!U5~}p4RZFxnMcd!kWN{kxy}(
z#ezzTKszfa%yXU=3C|s#ZRSifGi5m<tm{=KP9Zg`!@z~~klF?w2A)Hq_iqP-ju4f<
zcud-@s*^C<qe?`}B?4v0&@_sX2uj-%8SI1p%Dg$h#uqYWW5S16&PXl8a22Bf7Vxkl
zEj`>#k*938e}r#^J>prUV&O~%SW)l}>uFGFLAC%Vd0c9M=eJ<Nt(qnXpYyk2CK?x;
zTN0U3D2HwbCE8rRa96Unn#(4mOhm*5Tkekrb2{^Cc^=|cKxMFo(}ac}u^)G+VRtGF
z?^YsncG}FpU3&pROWnCrbI<}WcYa!1!)vDuIE^4S!S3i<a(7LlfBdP7T_DFQ@#M5m
zuKf!-D<2u`>x?t{nrFXVvtR4{57zv~1K*`(c1xuGDIPn+>#pO}SFh5@Emu_I^IO3n
z)xVXJ!WqI!p051pc6HnCl;6HK?=B`@^xodYmd5Q0%q8V@UUHdI_H1X>LK_@|A!_^4
z?upK{wkH^vwCx$?6YZ4pqOVMpG<J1Pm*d*$sPT(Jqu@hQ=5*#06IMu0YqV_Mkbuew
zIfU@}+hAu?mP3~U%9-~!B*A(d(t4uN+7uvx(Bm*L`Z){|36^xAH}eY8RK<{0o^~w6
zehK#N&CSH0;Vw~8<AAQqCBeb;n9m+D81MRd16GG)Pmh-b#DI*18{xB8J}^Gu*$3U>
z-ao(gaW)lDFB^S4d3<WMwi|#;AGwp8Flq>d<si#R4fsnEST>|p^yw5Un-Y|w7Lg#d
z0oO7`BZMo_eKS<gP~_$DWL#%ZL*;_2_<1}TL!HRdS>g9!RR2d^GQrfJb<u>R`n$Vq
z)?&tHJV~ZJx@A$N_>NXd;cal<8vS5CQ3f=0CT?xpYpKBMKadfP3h!bf6^ak5n=RS-
zp|7}3rM~U%LH%4N@?_Oz*Fvy3EEq<GYz&tP9882$Y1eb)83i7T8$$=mayC75DEt(J
zTkGC7B*X3CB%LDQ-*2vA?(c|Vj-(=u@>S+i|5ofoIZt)QAw<@xRLj<n?65Q6h+$Uj
zE<3?l3JF>OnQ0L*C=rs2dBJlqj^L#R?`mOH!LU>-CKtYvJ^r^W*}GOA2sDIfZ3W*B
zOZs3QaNU-*1GYR)TV1NXP|hcqDd0I;-=EH30jo-t#`j9q7ub4b83QO2SaQm^?r+5k
zU7fbJg55hIUx3p8fS?6KIiEro+81PVt-uOVZbZ+JqaCPh%TI7CR>TySIM+b?5a<~x
zJzNT50)w&jWtHVH#CL1`uyRBN&qk4Vs|O0V%pug7p~;kPIc(~##Z*K>YmVMc7FO=K
zFi-9u5c=BDdqEBau{Sj0Fyo0`#v!aOB~TW3QWY9eu3+Jm<$PuYRhxzyI39;9f>Z{U
zZ|$Q|)UV66nA6%(NK$H{Mc$zc&BYIRhct%4oAzyaAk-BkjVAnH=fD=|(mLH}#RseB
z*WDbyaf>6~tze7U75(Cg`)&2;)L*_~zt-%+B+kM_z3R#O+*t;cf9@CllC$J%O*%Z0
zobYGgb-w5m`(x?RxxehN`&u)t9holL@ms+Yvp87@a9LW@3X@mU9hNAxO<6>3eNdi@
z_;(<y>iTsvgpa^PD^j<$&CqN_%*}{gg4;A=J5c26Hux1=uB&G`0&p2Yzl$MrVLmP@
z(bCllUBK$PQE{kIQyK=ur%E5nLsg>-8Lz^yQI`;lk~BfhGzx!nL2hLf&L`57y5-Wq
z9Nix2u;TJs@`6wv`tC@xO5^npAl9>zoh4iw8M&T8){R$Zm*dy<>{rdHI?&VyiI9$C
zp4n^4C7^ZzBWEW=D}J;X*$dB3hSU^nnBPlo#l1?b{guG1EaOR8sVe{oF1`F-Q?s)N
zdsmMqx`vyZ=jE96y7uy<=u-rMEl}%v>fhDDApYf-#w}|}5)F?hV`nXch2t0+h#*y%
zA=6#4skl#8-o5VZa*P>J<PF4ymPKToQyqNUW~aj<<;L)6L2$ZYPqFN1UvJs}61US3
zMu#qAjLoBp@1E09m1*jYoq`|5C>Y3NKV8u^MDF@Lor8528kLbFhR?kxNNpx$38^6W
zA6rs&t1kNJ%N=ixw(J6FhYipk+Od-3)@bYhgBWb|IS}!`Zv7|Da*en%ihUR#U$9(J
ze1cP^x!P=HJyio)LCDDRvxrP-0;bZcur6H?+Pw~{jnMUiBsz{EotHN?fDnwMaw;<?
zXXLsL^!-*OL|rQ%HpHdzd)?zp{;Ntm;uh;$INUn-V!BZ3)*k$Pd8J4&AR4?wO9pUC
z#WWR$jZbwb)yFadUpy*x4sFQlsK}?FOh4-Cx~1aYE$VGHUfR=%r;uS&jPMfkiZtM4
z1&2E4+CVt#f<wu0yIHB&p*JiMj&3cMKI6_lu30RyM6E;&to}+BcuTr?0GB4lO~ih2
zSg3w^`{j(41Dzpmg9ke~18DXN{QZ5jMkPfb4mLj3NbRzaMuq;c%U<37>F)I(^#48R
zZ@2%WAK>_hYdGP@ju6lJBK1y4^XGpbNA((ZEvL+~cUk=wD_{9@gLr`E6lyMe(T#IQ
zcNv<%jm*6*z14$c0HOY>+W^Wj74zG*jBoG3@L2V3nafnXAWh<9OlP;Xs4}b}e|d8<
zVHF27DszJ%jwj=;w<f{Kz7S<|I=`{48wE`lZ;lS%G?vx{CT=EkanF;a+p<63(XYmg
zRb-!bnYN(2bF6n{uX-CcPzoyMSiEY4ch8@<II39?QOkM$wuOJ4zg=TCeT$7+JQuJ>
zO_M1lTTVN<Qii3vBz~;`_gEXLJhMz*aEy{dcm*-m0cxH=By!5p;fuRF-5(a@tH&FR
zpDM`LCU01};+-2nt4sqOtnd@;6CM|pSj$|@i-hOE2)4G_t6aQx#rwebHb5U&rVqbb
z^0YwJc2F457oV$_pL?PJ9YWYbiy+pZ>vyeKijQ1Xxh=im!~KI1KN=1X_M`alXt=w#
z-`_v#4-XHAv+2Qb|6m%;_|b58Fg+X`#lwUBA&-v+`(nCx_+}REM$u7!c(mp8MwJ3}
zkWlXNa(8HSQK@B@K<`zCKSyerCBpKbKdUJfm_ce=&K_AxV-o6qY<s_xsniR*UI#~g
zU!$hEq7YS9bmbc}%pY1UF7$*kmstH8BuY`t>?*Oc>xnP>7@Bv1I6teYxAW3s499IO
zRtK5PAlogTEonokx|iAdo?Wbtg~;F~wk}FIGWZHyjIGz;da9eN!&T`UR^mdM*N-kb
z03fRj)({7A<8_0Qf;zq}W;2m9Eq^U5XfGhV-vNV4Fc3@_2?^=!Ff9>ys%js{UIu`;
zD+eMWEWlq1Q3xC&s6!n1yE%|$Lp&2<h<~#WujQ{^{f$e*r@OLvr3UK#>+lqWWUkRd
zbe(q&%wn(q#wj1Gi4W|t=c-T*+HAMY4%=+7-)6gmHapmDv%&DN&4&B?ZMHucwAr9P
z+-+0)VSn$i4WQfXXz<3qJ=i_kZL{6s;lW`WQk3nNGeVl5@Qg>&*ki%=ET=~JFNMiv
zq-){WYa-HSL)g?_j+lIZ)gx%VZQ88#8~wPPF3Fxaxmbu40)4ASIzCl}so@5iRQz+)
zV5dh$z{PI3`2dRyLNTlzjAXaBXOSdrR^sKDOlQk*_R_Nl2>PV~>0!CN{eupRQ$6~n
z5c%p~&=>vq`1m+{ovSSPX`=9#T~5JI87;%NmiU$N|Evm7=;<KfyFPKR(piWEYK7OQ
z(COH{;b=<}`qS2bG|i)Jv2U9wYg<g)7QeQ|>OZ#vpnl8$b=@o?9xTHIc`&Q%O{VNa
zCejOswaS;=gsCEfw`+M;Yr(meMJsOz8iHZ*VRDGn%voJBWI*2>>_6>BRNh|>ZRaCM
zwl^$3-{4L}uP*S&DJz?lz6jTq7D2f=NVA<Q%RGrfTPi`4+p^|EUG9X~a@QP!9BB?N
z#IfvJxvc`VM+v|u)opw>P1Llv<TC9E+#gM?I#C|?=&-f&MWk|}v>oRYk%eCB?usuH
zR}iS7Q2QEZ!DIL+HQM1fq8>FjvF0!Q3^+|rVol0K9pyZ$oK@bMii*HNUvGuIuLPh7
zX_jCemnj<`!zcIMf@;1U3Laap@@wCH`m_{=e=50>Pnn88Sw7}dP(2uV*L*GvKp6p}
z6THhsmT(lYM(qFnk3oeLZvW<AHYudqRWP;i5P6^T8BaNjxn4{a&tvkGE+K5QIkmCJ
zq67s^*xaXygp<+^0=y#J#ZAsy!ImJvJ$sCHq6N>5?wMQ&T>kWc8f|MCi-_ltX{#I_
zWdQ$k^w>gAkoE-dlkY{Zy@Qb>5cT+;N)QjWHY{6jR7m9mi<L#*7a=6OD4vj%-XQhj
zolk}gnjh#wrp#L67ZUqylal33!}6>YU{~Xt{J4(YFk$+ct<m0aZ*R-xA+dKf;A58<
z!LaLQ)n;6W8I7pw(snQp9EfsM!4k2cA(;)l@x?u8Og9M^s6~({MmU3F&TxuQo^Lju
z+#OivB8(=)jPO%s(Br*w7$b;rc6U&-i%{x9$eBZ<A_I(aN0Hv9>OQ49W=zI<UEgo{
z?$7p%-OB7Ewm*RqCF4^U2%8C!UvKo^orLP1i6|X{16MN7c%z?IjCoPPEs#@*5OCxN
zTJP;zO5B`Z2Wtv*O)G*3?T-5BacSH*G%RY2j{1RX3+9vBh-e#~+CbSFFb3Vq*WL-n
z?zYN95Qnqtpz2HGLd9qgk&W3X20RlCLtm^yGd4D~a9n0?m&z%!;us}<L(vp}oWcMj
z{|;JuBiQ+MU3=^IlocEky`B#pv+F=t2(AmM09LLt^Ak!|M&YW&^gN(8lJiBf!ldp+
z4%QS(MMiTzo{XJ}MF*KyGX*KBe9<raQBy6!%I+N6ENAI!3Ze5K@{PgKjhR8QLvudy
zHO{ci2m&+<^+BaR3t`!&6&CHdFskGANnziTmHGj*)}oY|7ouHrk1f?v?Bp1$7KAti
zCFV$Hx3qXV2LN~EAP;MMhi9HwcB5d7Sa^8w?Wn$n$W7(gC4g9n4!A_G7%Q`Yc}P6V
za+T%MPJ`rENbA_G-(>zHurd@462E{35YEcYByCIyLZCp38F^lWBE<nHXbir!LXJ@Z
zwUcDS2kVr&pJrIRNdXB-Y68uo2Uq{MS>rfed2cYrO{MzRMrbZCoJU>ch6?_S)=-DH
zouB}cNBAGnFRpnFBY+W*IQ)3;sdsI~-tk1n(yU4+Jem6Ja*hJuQ=_0NOaIM&WoeKO
z7fl4=0J#Vh&98DX=Xspig9J53GPkFKblH};5wA-MmGwU5%uxn%jo@e8f_;+8q>Ul#
zDJYtX9KxM{R#UI@BwKt5c#PJswu^Fyijy6^PzL%1cDf4T-RAR?3ray&%D+`Uv~LpX
zl9n<~p{^n+&M+%P%pt*qfD#)sRpe&DmMS$1%9yfB4S#?fDIVx^w3NO|RxfZ6>RBpw
zepXZ6+jc7W4vs*;-O~}<>a#u@uz%|9v40{rQakpKq)++DKe5!I8dqbj3z1)m*(lf#
zSkSeyw7XIT4Q^!`k9;m~01><;7ku84)i<5WUSjwbR}OH$n`{_mpK!UaO@LT#8p(<u
z2YXDUk+KKD<m|#bI1t-XJ(feGi#_wR9E)<@ij~(Y2(L}Bt;q#}q3de!3mJe1lXG@@
zd5!WzsnrMv!qf?7N5dKIm#~vOKr?)rVpstgd}{-YCjry@#bb=KV+X`(udP(MT4!h~
zS78}SM4!%Sv>@ksl~?fQH7AOzBw>NV5g}$O*0swV@JGID$ulsxxx^S2nB6BI3Nul$
zULOQucVI3-RxB_%k?VD7eOk9aJ#K+o1i;;=CqvYrJJ{<E4%}0F00fOYXq%#!&QL`^
zn=DL^+L!_<g7TptcUaYG1y-EgQ<{uy+9g%0Y@ks84q4?j<dA6uhUf5-$_6ptW5fml
z#N*jaruG&qH3=QiaNrK(^xA!mOvT5wN6bfmokC*QYj4;YWBwg{d<ONhDX0Vgb(m3^
zO4NJ>DG#gXuw`*;S{ab=uPMDqRk;JQO_SD#vD+iv;aTRKZ^Ot1V8svvrZdQM5UEs~
z9PC+Dk~oUE4%g8Bq-<V23)qrBT;Ga&OYQO$uFTi{s0LW~e#LBWu8ZAjA5+bZ)HBHI
zG-9XfQW?iLgsVfvq}6G%*){2RUTUC2Xy68xs#x^4!3aoS1O~7V>Yu1Oiqazn;XrlF
zzs%(LyBQrD&5r99#LAuva=ZFGT*ME;nSPeu)ge8pYOfs)R0Xf5(|V50c^yz-b0!!Q
z6`x9-7vSFfwutADa|&IdT(5eAil|7!TLYYCrTg=kFN<_9_5gM7NgeqG)t|%yJ-tli
zkw^{Y;)fdz9MoLJ5P^z7=TA`+YvHB_{Z6%Zvkw+@)-o&Ge6H7bPKzY@>|_j?9#`K~
zkgik}+K4nIBwO-Wu%aBv4N)6@Pz!>}a;c!oCZ;3_f&<phI@c6JjvHdC0=tvQmo5d_
zJm-;M8Ps<S;3D_JPHWdv(DS|Rh;<>!y`qYJWgXWGa>G5nR+O8uO@+A`Yb?(F6a_c!
z{J`&^+4JC8{YwXgjV=hy)UaozFP}<<DcpX&rspU4*v)gMsZ#U7{{HT86X23TYXq;G
zVPhU?D}-JtW#0KR6BYg`FVbUusnRPbVOM|gQCra-aSI+-aK`6hvHS8P#<|KuR^#~m
zeA67AJKLJgzn0bk`%=}@RVKm`YQBnSg>^>FU)x2QmW7s7&RkS_x3WxqleH1itc$zV
z2N3HpLqqB2QHP!SBni8N;qG3@jVo=c#s{Cekf-D(fC)e0R*@-cuc+8ana>bMLMRqy
zJxG+0uh=+Td&F#OZ@9N#iP(HZw~O?}10>Ov8|Y~vv%0{cvgVVbrZ+U-idDuXmfl5n
zA1~Re<mwfY=;m>AeqAaN3$qZZkwMMXFoQx}>UIVKsi|5{iA~@=7$`8on}MAAm|XWl
z3;@Ed>E(AIM7d>Z;&h`x{X$wlQ>?EG_RZ>L;xz0kX;>NrB7pEpiV-T=V4~VP0prpR
zv=0d2crx}1wGEs`6JpK<SBG|nni@OAkiz@5L#rFWeg{?utZ0?0v=czARiLXZQ3~X1
z$m&f-r>b)gTzPgEt<CLgFR>>Vm181bpr<KSDCM`>prWZjf3}il(*O<n8Rq<ysi>eT
zTx^2<R&JG{scYf9hFwfR>FbvXEMpHoK%o2;-FcU7?e_H+Ey-B&#3$qaYcTd(9^I<h
ztW-(^T$8UFmU}ZIGKIP}_HvtXnLrKwwebODBLWxvA*hOp{()g?=P9`1xsu!D3`GUE
zuw;{_qCsWVT{@$oh9+c~*XA`LHR$&VB?}9E{LV#M7Vj)=*LY)QBJU6k!p?Riw44*=
z47}nv+T!en$te@aoyeW#4)Td(1e(jXZjW&cHhHDOjQlhnczI#sJxG`5=CC#JbS)=w
zYKLs3@FZXa+%bE5REBI!d31}S$eQ5y-)*v9Q(Xq0TFcV)t%|rxgDlq&e~%f6oJOM;
zdM}m$A9XMBUT+7%jkE5c#%c*_kigzutA6ml#0ibP(#;`v{}X)A9=Y$H?SB@?k*vuN
z?d6_mHHgg~Y0vjb+vJs2(cG@;kr-vJBrGrxxF%vPa*c@`(>MTEUpc{I4i{12)l|O{
zU+N`SqgB4{QpSF(&suGWM&C7fJ6BniMW_8_pEoNW9x<htItS=Z0)-E<Y5+xh{pigu
zqLXF0nl<4AFP=nbP1RIlga8Po(8;R-9(PVwa0@S#HqU_h^fV9p2O!HAa#XqeY8kcz
zZujH3=0Oq|Y%EI<^F*Z;379TZ;KIvdws2LJ8OJLlfVH^o({cLz4zb8Y8jBR`zPJ&_
zhC;Zg?iTmXMm)&{k5|Cjx<dP<FGybcf+X&OTB(BlTm;00fYA~$Je7THX-)6vLET9X
zegW-piXX>8os3we0-AjWM{_DM`58-5tph6)HCXP3%<!M-39)4Ktva1Ter{fcPIVAk
zJ<2bHvkDvpKSD0M@}ss%m!6cDdLT#T=uRk2D4zzyU}oAo84Jcqe?>tJMe3_=tc%yW
zDh+5<aaB%mU?_6+GlbcXDvy1(R?H;a-|P2l@15nW_P9fl^7ZG;8^>u+6|#d!Lui$5
zXfBOduEA$828c6O4vKQq(13xH>4>PZp-}*(l!zaJ(%gukMEnU<Dn?LhU7j2@i*Toq
zU(p==e9esyb1o&Rh7<648k(BN*l$wMz~~_NqA>qIP+J2JKqN@x3bo5GN^e6Ge9Z{o
zWQKp1A-<3uf?i@)28Ql-2j$~>aA;rjg^1q_4iENs_x1*}Sj2ncFp8)BHwV+hsW{-f
z)7Z-G`+OM3gZ|NA$cKm1!7Mru@tgf=3Ax#P|Fi*rBcbZ5@U9mks@iaGSlg)l4}d;m
zJ8ZHZJ_lsQD6z>b@q9p`b>dO`gy&hQl#iEx?Ot-Zdx*8%p)qy>Qv-Q+?RZ3X*1Q?&
zJ`&~OhVVnzDaN9#7_mXW-(OZ9FU1lT@1Q^2y9nMme4BwZ!#LQxkU0BU4s{<l?Kb!N
z_t|bQ-ezJb-s}!`#q==ZvxB{9zke`@-^9ExX49C*`){IyXzyS!JBaw;aDRAsaP($x
zIGu@@_YdD3L<hgaHuDtvs{71C{fZmS!~D%Vtp@4$*=lZ({}p@9Erq(J0Hr6Bt3+30
z9t9Tsl-b=usR79D4nj_DEnGV=oTux~S87%jC6IED`ddBe??EgUimG4i>`{aAho{Hi
znWsmSUtfWn#{2YDm(vTp;Rw(lu5f?2!adKWh!)IK{zT>3RrBtl1i`<*d(U-^<EWpm
z<!SFv*9|T(ffLK1-yeie$%iF)JgYowBFM{pRGusZQqChR)$mx9_w(FdK92u~`n>Fi
z_E{)SkI~Sq$P<^k(-n9rsSZV=9EakKX9fg#M_4Q(8GE~_oca1$l^tMF4QyCN8jGB1
zwG>Pj(~ir<1-gQqOHeR=?tNaXu0e%|ZTmJ84_)@zmB{EUdDi<(^1c=y^JK)fdd>SQ
zs9#oJPV@k3K$XAhQS;em(@XWp@ioJ+W=T4i>BGjxCea-p!J%NeuPv|X2oDQ<won1b
z$XJI#{CS5AVLn8ZHQAlO(;>K@yk?M6G>4EnCea}WS{ZlyvB6u;v_kQI?m+aJJ%a)&
zuRce4{Mqi0&$o9_Uh?znZp*bi_6<?xxfSK{T7CH&Fh(nO&!utJbj(4Tiu-a<m6j=H
z{X<;9>-FvT_10&P#R)VDJT!v>o@3N(GgnO%6Rbh@(Oa3ZR2Zsj)>Oe>rLgBR6}Ps1
zQtIa<q%Jc<=0yt8>@sCo1f#X>bG=zHXjUW%`)+cDC7;-Z%7vA$+i1O~Q6gB=P!fVv
zZow$6?b<lpXHgBShz5eCa;1$I=s9q5X^&b{WZf1S0xs2wt8?!NM+I0(MJhACY^ZBK
zo-lGeVHj=&<CWE{DjdMZJVg{dT=D~Uv>xPW$3;e&Z!@J5p8&vdtr+}if~;vsCg5G@
zfN~;ZO&c8fhIlPsL1me(!9JK@o!L6DT|o|klkw>lX7<UkVy|*}mf>%i#_~?a1y6`C
zf?8>l<BLil`9!J2LYt`A!aJARjM$G`gMJtO*E`z!scG0H*SDBP>o<*h!SyZX(;Dto
zhB^4EvpcBGZWj0Zqfu|r->c2;;A_tApq$-c*bm2Hb^&Q0@l1J2Wy+RCVk9gtfa(`8
zhM!|nAY4@w6^|!&pejq^s%QqMvCQuFYI+12=k)`db=aWa9neRwDj4b?$-aO(v9)0i
zo;3^*e*hogsJ~&LHwRT-dP#e1TIAZ`mw|%__8jP2;8^o11zbK?c03t-7Uek6ieYXH
z%1dC>tw`ClfJ`S5B|&q|E9d^Ok356}d^{OL67{zhA;kHw%_#p;2&jFUp|`klmd_2S
z6Oifz8c-*sEsvHY0L+z#DieK{(vKw9Wa?F9&f6^@=%e%B>uw;xzfG>o`tH?~TjK5H
z9o5H{S!c=hFC9n>+mhJ@*S{Rk$yQTirnUpeCMaO8(y~^z-JZI&O|S7HSa0A{4%<P`
zWqNyV*^e-dO67&!t3irWSKIqsMYrT@X7?3v$Kc=XZuG5A$Fde%?zSY0_MN(QS@T`0
z_C}y1X1NJ_rQrq*y)NLSZOSBzDmb^<YF!RqkbE|*{^82wRT$sa?NKH3CNbQ>W#Ka$
zTPi?7b(M#316w#`U%_5@AH$jMZ2qAqk-aS|C3e@xt*5{(TO9m1VRlf*4Dk9+h>Vg;
z`Z^{~8RGOX_f?++;@?iWSgQ0|m~QJ<h^(xG;#8JT4U^?+DxQR113rOH9yru$Dl&NL
z7n}2bHH%#6g-W2{2DQXdk>MKj_t^s*YAjEdP&yOLjR3wO3w|e6;Z^Oq;IZ9d8iBA^
zgJEA|(IxiJY`4!I*sgxvVh({DH~z>D<*;+UYu>jUoNBZ$^Bv*|IgTn}Rl`;y?}SC-
z8FO|`J+LOko{85QtQumw{g$WCGf=D1vJto4XQH+aYaO?y!{17=oh(-mt1vfQP+ULE
zx82%ikQ2mLkm0!?dAH5BU^&`9oSJ!yy(*Xb>o(iUcy1(5)}C8IFf!H0_Aq{#G*AlU
z@Fz^FGs}hOwYKepiG6StCcq<<i7=Sc{8wjpfpDSF4{kHLEUq`+Jxx=-9G`z_hnV!y
zpg-I{*zu|wd!e+pLr?xRMzL<^$I<AghUN!lV>{;CRayVtRAVEWCXBU=etj#`*a~4N
z1Si8wA?J%zsUs^_uGP^wAF|Xon5rC8MnRGi%Epd-!n(sF0Qf*=;Iie8_V{|3_N1oj
zlDU}Kbx$j|3ppd;i5J>;`+BRI4F8<3M9vO<0xB$x)NLh)F#D$ZO2A97E2=rkCa#Bl
z?4CN4uRp(UtWXgpMJ%jzEFSPrh}?$^<~}t-S?r`#QV6>g@Uq_aIvvzNBx?S_ZKeb~
z`d6wzamI2o_Wc|*4cMs5#C%lgW`8kCxjJG$Yn9gOdLlKUs4jt;F$`#g(z&ff&9C9-
zx#AnSkR_id;totIV2(6w!SzC>^A^4d84%c&*Oa;$j&u9>tBmJ-DU8V3#cRKxoR0?d
zv6!LJq;xtKsezz{?GkKR;N0SHEy!c3OzYOUx2vw^kflYSL3YSnI1b3DMz^KoRf%T6
z>bYXeiNNCiP`1c29Pr(P3SYP*NOmTkx3TOhu!C>M@1Z(_t1&?mLTV*W4Y;6?0*&8a
zf9Sox`Vbn(QOJdGG!^S|@PoJG_cte#rZN&#=i&t;@4aN?y~jpwAnm~ykoMpS(h5`)
zQ_W-yCZbJm5x%}WzCrPlMh2^;9UcV;E55jteh7++1veH)t0)s|BabJfRkXwUI%rJg
zG5R&TO1DfK0bzgJYq&cU6-iw=OylfwT!yi_x+zIQMcJyjftJ-V4<?uMxyXTis0{@r
z<5+I_278X7q8!fR@W~AVC~IU5bY0O_x*XU|Of@`egW++_mOLYI?*UKVGwd;ftmu2K
z)}0aAsQPuk|M&CbOLkL0;(1qNjJ^8)=4|pBA}HoA``A<%{+c3x)qQK5SQ}S5i%iyv
z8J<wNPnpNeGAk=)!Le9CWp8k7a(t12fj0_p$5>a7X<^Sj%j&z_-T}l?pFN)FHr6;q
zMLgRYbm4!D+5ZgD2}*>O)Lt+Q2-}VD`@P{FjbQ)WYN0x)900&Te|Ew3E$$JXWr;*V
z!LIhQO>K<f{(jf}|GtI2<ofod$X^_v1S}GKU;FHJZLEip{~u$kQSd(;I0|(B-tusa
zS1xFxvP4GG*i9J3&Xk%|IP5rR@JT&yIWP>Mr8G%#+bs^4zqTv|PgjrB2o2qP1B)6@
z<CeXP(pdY=9t&+i|BiimpklSSoy)X%@QjZ(Ji2v33axFdtcON~6&!UIUCaiU;3T=l
ztL>%>O=~kGT$l8<Ee15fh+9?$BOqLi8yE#~%wXP#m%#!yf@Su?H%`WsIY6<~bOnDE
zQxMF^Ewd5j!U*?`+f2>^!%09qDmb`J7L<zpq+W}Ls87sX>^RwmiML6`1-Tx<g(j+q
zPIQpNwZfwX93$Rx?A@YO&Zeu@wsTKHW*92*0j}VG(IHT?gwMO6XSxJ*t`Hm4SbW*)
zJ@{kw{;_)hi&yW#W2@Jdt)yr?O19o@Ez985P*^KNjn=z7UAT*c2rK8XDNlGBS+3vy
zd<(xsIbIo9<du@7igJ(7_s-uEe;g~y3tPr?w46^shi8%kDo~Os!_aE_P@c?HF3n=;
z<d-z4`dr01Xlu6<iA^Laxw@wikDc>0R!gY$3z8XD-gCW2^xosJv>Y}Kj|NN&37)E1
z9f=vp>q}+4;D$^e46IXb+AP+2n=Mw;Tq1U8k+tv2X-AQ84q4^UF5ch2EkB<<R}v}|
z%>Mm!QjUr1zU}oMIN1RHsC?yyk9B@3bq4vwqq6SIJ%t&LCk`1f8IC7bg5;Sl5{Iy>
zz=$E{Tx-TXs^baCLg@NaB^GoHh9B9HJYEFi#(6QiRruYJX8z&vJ<kRE7JM4XW>fk=
zZI@CKL#G8N<JMr;7vlLLI}i3mi?QTzJyYlT;f4(b-$kT%YQ;b`=3Rjn-lZG9Y#8Y8
ztY8Zs*foOcuehWr?|P~AOQxOVuubq?p5K|u?|B|n7sK2TPPc&SI`nr65HFjTx`v=Y
zH@F#Nm1SQeAXXIOuYHp1z?mp4inQjK<VyA&XW&>}7Lf|84*?BF0llA~GkTg}2x}##
zO$$TorvvRfWTxYq-HRmY24lMYG4d4(*T<c%*gd8w_7!>kw7cZ9g)v&;PIQZlczR1P
z(vNv3ICSo-pzcI;{5*WB?)?7o2I90#dj+}W(G|xXom$XXZhdSTz`=VbQ_-1ImJC;m
zl`?+tXd%TNx=f=_Qn+I3WPowKgO>Bx1BK`L+wv3+_D9_Cng!)iVYT6C+U*%ajlyhV
zky2K20=teJrRvzQojQKt*Bck9Wf#);Q?8~mZ8N(q%qQB~ZFi-B`$KTils(oi=F84?
zCF_S>Z{_{$ogW)`0pg&Xzods?**xJ(k2UcIEJ#4&IZ@}?R)<FwHlZEpo%{WM8%nd4
zMc1x_yh)(Mf$AP897l8{Ol2BV(i(>;tPu;|zMJIA;O$*2vUi*TbL#Q(7|ZMv9B-d;
z0bEA>2^YJZfwSQP-Ks^l5KGG}13YS>nXCS7hqt?ehPNYJ;Z!R~xYDU$HvoH+cT9Cw
zl1Acr>VI1nqb)UbsPj24Vo7n(A@g?Q%hJ*+&kDn2YE-bn!HOoF?kKDpYq<^3h|{)e
zGoIY@6)N6R0X*4r%}UNSx`*TRq&*jU+xV*!j0)*+bSoppm48kikA%urtL1YyH0Nz_
zCDQ9Qm5LVc8TlG&a2j(pJS$H_4Uo^#ux?3g$b_>o@lBcXrkd_%ZN5Iu&9K#+;^yh}
zHvhX)+cbDHKP#n8?K`fy6+b_f%^IX8U+U+juxUzP^A%IqJR@yQQ_7kbrmI<_M?+z^
z&1K!5U({`LNw?;LZeN%hXKgx<mvo~G5UW(d5ewNvfb9a|7;X&YiW^pX?{0uQkX*jK
z{|g4~<b^i&_1Ob>gH~^GH@7f4F7SRvTQwyGaWyo3=~yf&X-_-6<!@Z&P3hKBkm10o
zrl%__=Gn#4Wv~7jVSJh?RpzBZdAEGgW>jhN)0Ct5Kn!;I^z}=;o|~()2K7|Ef8T~$
zdzH`oo2u>ozLoZ>Rrc0Sy+^9+)hg?)SJhjqs8{z-hg$0>F*=ib3x0ytxt^enIDGHU
zB~v!zcZ!T&cWTuwd$?>E)uX&x@#?vt?8ou~2hNpFE~un#SFyeGL6yTzw7|W;%(#(d
zMR}q=llB)nwE&!2Sqmhpy@Ij**gm`xbMY`@TNJ?$AU**I(DRi9C4T)3q*hN+6m)Bx
z5VirgjcTT!(9N!iuTRu`RCVe_cZeYOujBI*4jNv_Z3&8kIa>;??KFMWGBra~@Ro3%
z6<a@k^XJYt%g#43`{t(mjri%uZ_H0Wev|z4<2UI~?8k5Bqi?o<V&B{a_sE25GID>6
z&>ZcsGf6sOp029(rhBot>uD3Kg2KTt*G*8#8ceyCL=9!&IhgZ<U=?nRSY`$iJ!(7i
z7IUx3!8LHKbC}zYaKRt0D0*xn@{<yxu9O8?@&_jh>Q9--KLukuwXr2VOdU*d&0t5Y
zA4*n8sc&y?ygtqjRKot`lY|l#JP}!+y`rP`HI7#f;!0WhDL0H+WZL9{FL7`gC!!Mj
zL!QQNROo-|^ub`a2$KB(I|UM%73VA|d_bN@_n>cgmmP<`#~P9c{q-8=a6gKeEmQ{8
zws;;p?ZiXJYs5O>JeJ151lZ;<r-k6L$V)cB1=O7%HVIX<W+@E;%=lq8yDXMBh{Crj
z)8~h1w;xmd9s8Xz7GDeDGmme18rj|rwS9stC-n>`k7YNZTNjQzJRE#YpW&PCo6g{H
zc(l8B@MiC@(~tZ6V((}=n@*3Sy~Eu@5$*Nk{llX{{N}LF_xJlE9!{r}j_8rpB&;D<
z%HHr`u*diI#D4#1cG!>myS%@*ci4|-`?G_A*o|hhcsSfU815Yocz-JT`+IxQY%n;O
z4Ws@3lq1x7o)oXIDD#4N(gmrBgN$)V-|CV6U~+!qySX6kI$%-zGCZF{wR!Df9Ov_A
z_uiOErJhBl8ITpE;ecQIY$wq1TY4VkI-v`}WolE}be5^<*vrN%VgU-3<h3n&%hdEL
zE!==3w)x!+ge0GWepC5mzswgjsPG$Z&|GDFPSz5O{f+XUV)OKaoH0%LVjk;sQ6*SY
zYM8pC@?!-$!u?fUR?n%<f%oajq||y~xqY6P1v{QVdP)2>p-h~IN4{TW==GW&Uz9^6
zEY%moY_u@FZGbM*d53rW(^hj<flWCD8Z!#i^9gtsz$ee6ZA*5C7v|4v&YoAzRzSH2
z)<338`rJ?kB&>%0NLHE>PHR&>nn$wH)O%O+&;*x-4;LlJ$ba;={L5BB#ctF?_q2}p
zE$);DYp>Om)@Zwu(rDXdBHHumjJAU`M0@Y0k2?#K7;Ud5FbaF^4~Cd2tR8goqOg<S
zHSlC}=*gD_pEQJ@Ft!$e@}dxwjX@}17>3dm?7`T2D9X!%Q8tC6d}%;RV@S$|6eKXh
zM~!CJyrAs&Dh6KKt=lq5NkF@+T4N>>aYwOM@=hjVE?ly8`nj%9y*@+lBp2r5u7%Ix
z@$|XmC7`Dk(8;^y<N2D1JCTgoj_&XH7}_fe#Rv3s7JV{I%QO<~Ua$qf6W}&*Ct^}p
zJ2ZnRV++O3T!Zokb09EDR`yszk%H7<k`b<1qS849q^@uTXDtNBdT8bK-=y-v5P@p0
zlN~@7C(=~72(Rtn#q%h~nAZmclZ%NcbpN1E25LJysd7A-Tz$Ct@M%2hjVGUOu8uFS
zC&yQ3mp83a!+Lpk^Xd5XVtg3@|3P39Q)$SB{hmz=!<JB(*Gh5W+kgEN+wTqrDD?W;
z=LpE>rn~<0^{1<|>kl8VPR@41r0C-m0UX(Ox!BP@3-sH`I}mdwXIB>=E-T~=(6@l=
z=)YBFVY|Jv{VWIz%9}WD?d_7-A=?47n-{4STmvXkE<4I1XXTJ#x6f2wwvXw>ez#wl
z&8%D}?GiU<s-tBa^yoM|!$)r?@5;M7%=8tm5wK8Jigm*EZDhTI=a<#*d|CC*jkP;B
zR_?6T?Zi3xY5Xlt0p6u57GDSZYKE~JkuPhe5y0!r>oIG{xdhQ(O`fWbON&=&7^LN3
zm&%OO+S_W8`Vzd);)6;I6^k+?xM{7f=SzDeTUrUTo+}Mm&N983J<*%8rTtF1(!xw>
zElY-ycwmOnUY5lS&9`E;<$1)i?bg{Z1yBBhUCIV`q=|?BmX9$t&WLSYDwhoJFB9;&
z3Lac4Tted2pnCu*bzTSh&_~m_)jw53BDcSKP^XvIPNih~p45dO)c0LIoA~4r(J6h3
zdvU5E^B%qHZNrZaKDHyb7>iTwR6Bod5Qr;U^}rJ973{XhrGnb^++d<E?;PcIl;rFi
znuS;+y&8-jkC(t%JN4G>9nCdso;K<KZ!_vwzZCe`JN_mJvzgjEzakue;%WS8-C~P=
zk!C?_gXr#a@or2+`b-~!@{2YkCws9UK?rSg^1kPk!)Y#t^A-IGp5;-{>{IZiUIig_
zwpsPw!Oa?c=yg;YToE2~MtF%k!eb5zn_Lopt5d>nq{dU84Ef!&4zmqzO@S?T>&=^k
zy;_iZp+zYcgGV?7wz~N6XZWPu4Z4Rtitg-Dd6wR`*Sd8OEQVt^uq}LO`HV3=Y6^$<
z%Bx=rWjLj5tz4$Ah6M$i_@G$V^WUIjqpcn%f$MC+^B}GK{w*;!|HOu++E%kyCuM0I
z68(@^sWk4y%s`#EHR#{2=UuCgGT8Uo;O=ECw%pD6f%>3A6LNqa*MRTCN4%tJ7qN=K
z*5JHITH9;?TH6|VRnH+;JR46H$d-BGQ)|$&g)CE{N+3!EPbuHuM=T@+7DapS7?G@6
z+pI`wF_bY|zM7FXDszv~-P-WnM-)*KGy7!5Bcof}K8Og^3px=ZJDwSlk5g%y;<w4K
zC-4S$>Dzfa7n;3_iaZyoNmgyleQ3!W#uvQqw)9<e4V}R4wB{gcH{>df7P(60uWPw|
z;9RCulNf9v@|nt)?BsI7-k)?^y6pSik-h|%&=7XXMy(g=4f9%bTU6tPc+4<rOS6T#
z4;_;6TY?IoJjA2iE@#*{H|N(K4v`y_Y7m)0;P6o1-)67u37f1coq-7!5UMa;mFA3e
zZV|UrSGk;*kI0*7qO_LP00VUOcbP@;*X@x;?VBCyt@Gcf1fVqOw@;SHJvn}?BChkV
zlG^DAfF9gZa=BEg?T+P1G2$nzw1iE4AxK=jxRsYeFJM2Y)S3TW;jNUITAy|{RXIXJ
zJB7#%#eL^N2DTCdIN)mao+2JFzNp{hiJN(sjc1g7g;G_;WnnQl;pxhqWj@=RAJJ}N
zg^YMOF8g4g-AgUnP|VsnblY*I_TA}%^A&WO5e+}d{|J051%A+H%{8blf;*nb*xp2O
zutj6O(qZsR7%buH-4d{q<B~w%6D;RnF=B)MoBbwxBQ9)kSYXp4jgw#iO6?<KM2GJ6
z5NQCIh&z!(dV!5gxQhX}bZNp@aE=AqaT$<n1;+reJ6Ppvhs~rw#XWKrI-~TmAtG(e
zc;Gy6PL5gbB0}JzN$tIMpLUE~3S8)KVY2IT9z~M6@oL1`T!Rla9YI(l68VB>PTA;O
zKpH`!#he(hTq(0&<m)Uo`RdD{hc(73RtLt}HJpo(P(yH_GcTc2Mt3c+Rc*%O87oqI
zzCrP>Hr=?oh9Knjl}SSPw!u`iJ{a45duJ{Sc2^aS)D*AnTvnZenaYRR{nEV>5XsiP
zbizqBD2>J%vA=kwOvnCvd-i^O$xhC$ZpQD%C&xEu@YJ{IcDvQ~XP2j&TYo)>jY%vk
zL7MB8_wDy6QdbtunXG`Hu<Z8+$4gA|G0BxtkxG2}7Mad3fIGWUf!^Ep9CQc!7T($&
zTn)CPpLY)lM55cj?U8jS*78_GldaD!#3YEL#>6LfeP<3m(s@}P#=nF}URZ1PY>Yb#
z713M$2%eCk<BKqKv<fh#BLri0J1#~YLyYqps?Wg*0nrcazJ?S&-um1MK39NJxppv%
zj3v-}m>vOSn4Pl<7Gj)^_6~<YOz7FhhX?(m0X#$?jus#gHs{@2PdC6WZa&&iXs>|#
zTpAZ>Pa#|Ob+>hK^Ra~J0ygn*rur+$VfuVHCs(K47A-sX@Z{>$A6fSzNxn<feM%yt
z6uK$wj?RADx`X*`rElNllq*aW*WuV__}SexN^JJVSUo3sn<(~5wy)-o7Xq#L<qf<2
z?qRbJU4L(Sv^zYU9nRjo86LdZjfT;5?`U`W=FOY_-ay1hvo}LAi;l!#Z#Lxnvt2%Y
zv%i11#}D=eAI4F$4;_25&e#jI+~KsEmED0Oap<+zMC&j0wQB_SLYJ{eU_94@tkJ~M
z2=@<*%gZb-&#AYxVMRV&c&VZ6(u<2OJ-6gixlV$DON~optqRlcT!ZQ57R9IP|7@C;
z{!Ko1Pe6T{%iR;e>K=Gc)PdVr1r9KHq6XYotN^zuaPw<afBVX{-!@c!Lv(+8-M7Z_
zRh#enzeC5$-@KEX>Wi{<hq*`TzV6HXH5`qvi+nE1LVBCm!gz+vqSS0E7LbRzk}d)>
zESKePTowkc!Zcr)Zb!L9PA=yNxtl_0RMnB03jCw$5HpIMUS1>ZTSUMVQm27;4B4sb
zOe+-xW3htmy6HXveG4`{g_a|4SgGn@UH%lHNSWa0m2*^cs!hyJLOCt}Wa;s`8{~|n
zRoL<S<>cGr%lBuUi?h*i_wY?U=L0ePH|N*A>+5q8p)sWC&Mr)&0HH2>1yYKy^gW|I
zo&gqiO=@4&p%t2I>S6{FD&Rj!$ID(hh3@NyG7GHHWxcvHzLM8^9rSONMj9oML3gm%
z9UM4@&HERCT2n?H6ieVOJ#z9yy$Aob$VJ#59&BuVuPbfu^~RQooboA;5>>>NF2VCk
z-xta}_O&i%Gx<=FS1#A9*ph#+6DjN8rz{8D3ai=<UnW&OTcB!oAF3?G|9TIi0KYnU
ze%FJ3xc|+Dqkg~t&7&@$0loi*oj|1`BYqG3DE*|qK#2OAl%M{FM5o6z1%D_BzEDZ9
zuFUybiX{){i-S1pfc|d7IqQV@GA-Q~D(Idm=X`Z##n;kP{Gp=wJ5*8pjc6wZjoOL9
z7ilL3!=smLCw`-1qT==I3nk2XKDD1SQVFF!4u#zJCuKp3t^Flb3u*!vIu<rVw67k4
zc6}=|a5w`H+Hg~7^4lvi#!bocQ#h%Gsc&U=ayhw%*4Oy_#P+ERnH5}p6`^KC-Rlan
zgDSSJI${OfLh#&71;=yRJ^t1`EsG!S_8l;vz_2R0uca^yxYf-k%kwiCR=_o;GkhFm
zJ)vO*p3iDHsH;F8cL(+#cw?eN0Oyk(uE$X{5XPrG#5mhOVkDf$?{5xVsC@IU5xY<W
z_`8KKyf|#2hFHGt^3HyvD}HT+M%Q|`mmW_=7eM+=`RLZJ+pnCFj<IS^y2b_hNM5?N
z%ydn;=^C=rRc;%*XTg`u`!uZ)5pI~P(-Ue{zgMonQORkg;OYXA6Wzqu{j4pk1mWVG
za-gh2)w-4H1C2O(L0LiihSU)i<t#jOLNi3%l*KSSzX);I<RuSq@ff4j%Gz-f+lcT~
zK#30DxfIH4@GZnJ1LVo&*g3yak%rLCNAo2_&DSRcEQ|>!_}5A<Xe=PFQk0DtIeCYS
zu2F0UzQ|7L@t2GL%ig<p$894E;`6sY1x`D=ma<~2^{`}X#&cGY?L-?tw30Hj_uP9o
zMw94njMxN2uqAgK|33Tgpb7v15@fR_*-7rY@3|9;01AZyP$(4YL8Zvhwi7WvlRxE;
zo#blm)1c@vtkBXuqI^-2f01c*{JBW}2?-0`__-GhBos)rqGl8mJQWOxW-?@rmo`N*
z@)T%Ok6vgP-L?~(ZW{zba2Vhdbb<%yx;yFhr$M#!YM5jdz~{*Z#0uvb55@|&ej}Ww
z{8!vJRZiVjt0Q!x$#{8h<-V5vA{iGvFI^RX{Nx}$VhN+;qe;RJ5_<TQJ$XjsWPkS=
z9q%2`$=<<Uygvz>Aw5lw#s|CcK}-*xJUtxkJvkWf$Ggwi-e_-kba1%GCQqLo96cM4
z5BK+Xlf$FKQGCD-N6(VOC%falXP?sy$<Q6>r<Z59%Df`?-IdV+#e_xT&MG1cVNI1t
ztzBPTNJtNEK)HHw_h6_iUR}!n88xmJ|F5dnHC3(cDz9pPIq|gC({=?x1fpTt>HD2E
zBOB&TsM2rLwHuCZV>DVrx8d$EIcy7G6pk(QHA0Z0V<XHD&j`;;WXtLbuViq{Gj)TB
zU2xn=Mlkgtt+$1PVRGKQd-2ojmv!L4Rn!4yV-1C)0);~D;J4EsF5bPns(n1ax;Qy~
zX;;lyh*BL}`755<bXuv1Jr|*gDnro}QXiW(7@4=E^V}qtx-EEF+O#gt_H(5dug_yL
z*eU0^F>bbH!=&*EynQOpVZxn3-a1KiqTF~POEKraR^iYb)~tjXvY8wAOCi;6kZ}BM
zRiWWvp7VlTLVe>6uWEZ=0Et{ll%gF8Q{Ep5-J%x~8+pMdDWA?7Qlt^H3l?DoC)2mJ
zNP#t`eX_UO#mXkEhp}YuvK-NK?-*z#_b|%nF9BMD_7efC>JKUcR$%We16Cl`6awoF
z?;{0TSV41$KZPkoJ(yIR0P8KBKcfU&4d9O>!h)m<-u-?TnJ6Rh6-14e7D6kL({CIV
zBCSK1Q)v#?yENCaZlgS<+U#T%lp$D_S>25fZjsr`zDctX0#}LQCdQZU;I!ai9(a-@
zB9rej9qZ4P>OFb>4|WGwCAxZh>z;vieOPz7Q-qI+ukYvoh2PJs>HcHCod14y{f%w4
z=9{_6ID-D85O_6;N-_BbOhXG6#WbF=_jna41q4aQ(({6ysxnV5>luN)!uo}^wgsvD
zZqeAkTUtf^Ei*eq=ke2l7nn|40U>Z$LQdbF+cZ)riJQ!~T7m2Yi<r}EMx^z_m8`(;
z=GKe$yPQdFJ8T0V0X%J^@96LCVLzv8m<B_Ik{@oV%F(XbQkA8uCQc7G9+9CNM|b$+
zV$A-*3aL{jFEYgfp(W4Adq}%gvU#4;lD#J}O;fqO@krhGG08ck<GX$;Ny^6sE!5y{
zG&I=HKS16t49k*pMNvAXio6PwE63A<hEmR(LAXi6{Q>FBr3xj8xiVR#I+=8qK$c>H
z?{M&OdTnD&Ni{s0+|Vp$!wn>xIi=6tD@8?V>+5_YmYQM^UP!A<bYKmenGEXH600JD
z8;=yxPELw=c6gw5BY0DjB*9otHqa4~GoBM_iCU!)denxGy&gINLG1Mt_mLYbq{=Fe
zH-oBV1MYDr=VuVatY~pZfsi?7&YB5|@k2Q7M?VPdN1(}blVs9$im8J>IX}}$MU9RX
z79Ot!AEVN)4r2?#q<ye5A#F4S#e~kzu~<PtL=)|A12I@^n6(OF<8fmbA#&-Qv7$l*
z8l#>|S96R*?I-<rBMgeJU<FAX=mfv+x~)#MJ&fOQ8?M{n1H~s~DHb})NCF-R1&f7#
zX}6%9#w}#8LT^|b8-vg=NUBFRD1wjNO898z0&YhRBsEdJ0O8>0i?rl9s3Y;oH?zPL
zJ%F9tItsQ<E-z)r(yMUfxtE%I_h@gp`*gVX<jHVv<W10cWsEE{nmFZ<*tUw$v+YJ^
z!tg+DFs(&70~R;5{arx>SBU+Cn%zy+2+znZND4jYrH*0(TSW)I;gZN1Rm+#gg^<#&
z&>=a~XMn1{?WB=@L<Sf@aL|pU6+`vLz~t+8ix&0#+j=)cT%C&CW$KXIiDy-PG9ja!
zO7zqTdu17<!^OgrTq)i>)mu~fwnF_D;?Bl)C!~*aID_BFRnXN`bYUgkDm5J;CIH7O
zQlOt@MUNUqLNsZk3RrUOD1ZZ7Q<GtT_+)rceXYM|A3b}LJUu)d#RpI0gZ*dpDBeFh
zJc#%9_eU&wwzs!O$4`>+lkxb;-a+y-86A#}Vj3SEPL9U(=^ov$Acu*ynp{Rc_cGg6
zx?V6rRg`klg6T+sW)AIwsb4aPHre-Iqx1?^_lCXdO$xu7yTjg-!#CV1aW5+#gv!)6
z48j}YD&yUt%;68-WGD#TPRuIOHW}*>7c~1TDIBJ8n96l3&1>KNH$b<{r}cVpP<x0G
zDvel2YJ$~||F~4eZy*eu^9O+&nie)QOg^b3%7T>zXE&^hMr`xi>X5Ro$XxMZO;}l?
z2#t+Hk=itRE-DYh7LZvw<Y;h*8k1C*IMsdT*kF(M-t&&q-W|N>mjpzs`zEb|(E8|L
zp*ar^#IeWH(Ny(Xh7(uoNsL6{Etpy^mA2gx-W%Z+ZPxSQfwwI}o1(#hd<eUvy@NM>
zs8xR^u|x_zl?0b-owKztDT^lDWzWsy`AZqo)U%p2^+NC1un-IVzG#0DIeGmW@zci4
z-qydGF?>pQLg!X-D=n`@A=Q6Ze=8DpZURkfa5lgvn9AxGIDJnA(>H7P-Uj=T1^3UB
zi??TQzdv@hBcift_iP3XE{f4Gs;<pi)&u8%y?+;DhAD;JaNv+&+eEvh(y`F2ZqgL=
z;3nZV#2T|u$BQZ1e6)9P_-t<rJ@^eSc*UF1EYbQ;*d^x|gwOL7`o@bYq_8o>w{WZQ
zi|UGI$Hzc(kFobXrmA*ilk-BfO$)Ou=w!lUH$*S8Yz_tv-o*gmK}2<<K8Zz9Fqw-i
zG5OF5<O$H2nW(1)OTal0k8Y~b8)GovZJlH_)z`<{8H2E`u4PBUWNGwzux7?A71`9L
zVncwM>-fVpizw4b9g}@~qpPpb)QSE~&d#lqhhDTuf3-8*FwvDEi`)F{{MctF&Lc(b
z!sW{_w$Uq5knewd>Gg$I%F6zlz&q1$D#SEpU`DQRh{n2lgu8M87Oxpi2OjX3KVEhN
z*XwUMW+kn?VbNO|`CW0{$1xcV;s16<y0?J2xW{YQ2W)wTOA*h)wU|#3!f~S`gW}yg
z3PLz`W5_lmKX_puf>LW0{K42QoA?jA4rte#H3+6A3Iqg!esDSjf~Gjo52Rz25VlKL
z50HEOb{xL<xJcCQ5Un?edvu|nPP(2qS3hvB1|4|r?0oQC4bgx4?D6>7@%-8E0rWwi
zK)bxO9^x7F!5>0fpF$t*F|_45bRAiL#XhR3Oj|kNHj#^XMyPZYXf=!3M_P=nKZ@cn
z;8d(f=!yDnS@WUP2h|42UOVndr47=mkqPNz>UW`*n^6586ubqs+<^i%UQRrCA8}f<
z>}rX9bN38<>luA@n0<8^ez~S!!6~Z9(kmQJ>ol(pi$g+zamf0iaY*mrIHbkMt!~=3
z78|~caa+i|t<%7bbeXt$=o5W&s2jK4drWQSZN7n<FO!6sVAH5HY*yMH=&B{uRX2BE
z5m~HtCAZqjI<F*60}Y=C!rKwcN)zzjcMP~(<hdx+t<g_^srE<8rZiq2!`~-qTB#NF
z+nIj}guaY=QTi8YXS2A!g;bLMoRLjFWW#L@aBB$kvQJL#6O%sHTi{i>KA`v0x6d_-
zd}5!2$(&{jnx@O4%L(|@<N-m~#W_nj^ru$6weD7PhQ{4^e@6m25?u>k@G=LtpBq+4
zx>cpzu!7Uj=)~b=3=)8#2qjx!!YmsXV14lCtcZ*v!O#{BE>gATd75Hq$S#nWj7Mb5
zq)>6z&Wed?0Xt^vO$^yIZnsF^EqA8$@L*BCbTv-6CYfE8p0-;rM{23kf-0KGpsPvX
z1+%$Uqrd60NR|EFLDm1QTF|W&s&&u;KDfSZ_)%EIT#`AX8PBGZMT*I|Ky9{Si-sPI
zsmlv;T0Qz#h7bf+4yIbbS=<OSEBhdf8MxehKbj=gs6@3rab43-3z7XVF|Lv~&6ty$
zD63KgdSG4K5ThOh(=S>YGcxG3Qs3#6IC@l~_Lc?r5C}typ=Y;ikK7eTikP)Gb7`_F
zAvk?Un=4w_T>4=}M3z{U3^CWSYQ5J|b!+tCF1Brx6j^H)hZ;`8(L&?}FhOm@FlMQ^
ztpGRkxMFvZx(`=FITNUjT$CaTX7(Dk9zeL=XDpo`JG%&0F@S~i?_jLv=Inx{S<Bhw
zFb`ZX$1TukXmPbHs^(51_gZElc<#c}17Jm|Q<fb!2H<BjbE)#*G1*fyof-ZR#4!-t
zU)yVE;@WU&(UN4#>%qv#C<wWo6s%$ZWYgDQmovr-!an3&mn%_h%ca%3%-WYs42`%X
z1HA+Wp#INz3cEpxt)yV_q5uQLe~GbGt7}^-KaoEetmuq}YF<UgA~_Q!wB(MpXjeKp
z3=3p{x=W%y@lLfD3ug53Vo^q75{(rnNVqHuK3*7Mz%eh<7Me9qAsyAff{Sc^vtV16
z>=0rlT`KxvjyP{cQwbp`(m8Hh`woJs1PxfJQ)kKQa8Fpue1f{eL;FC9ZZa7gl2emB
zi^yeG(hp?HZ<r)=o@8KcYaJ>JS*j%n;jwR6;qKFkSQHS>F)L?7P|G8%Z6cXVg!MFE
z+G8bUh1^lAD*Bfg%biC?Qx#z!E-`e;F&T`=i0qPYcMiz6_61s1`S+I?F6lp=Z)y_X
z;HEy4a>0rVHu2wGr-fLkOSQB8jb)yxa?P{k*a!p&#w*uGhcx2#vdH5)1k2qtiXo-N
zuuSDpas44~z2^=HpGP!CR*RU_mW?Zw!<e>a-7)}H8|1yzJL8|`2wk1U5>Tf#DWDrq
z%nsR!EHJG*CX`eId8|3x<LcaXAU|x%Mp8G+>q!R4Ik^@U?vSnW_aKIAkVw|F1+58o
zMyb1c4H}>M33;rx+GE3`Yl+@nOUU5F`N$jFqz`3*IS=3x>AYPyh}~Khyq{{bk`Wb@
z7a6E7T<x3JN%aVPzkbg069dLq^xb_jXfo&71I`7&>pd0sLcM8Wd{5jF;Fm$(*DO8Y
zAP{hmL1^7w7`^jmI7rV40vhX*fW@CwlB>{pxGhiviD%?p&ayXEoXI&Y8|He>r7NKR
zLo*=PVp4-Q>;=PNN>bgeZM?}nBaj5l7F&nm8ejDqNZb9fb2QCf+Q;LJ=)jD~wS;aR
z3g#wUa}2(jn2iGm0bSGqn6Q%aw6bs2@c*i_ye`ROC8B4N->}Du`|&JJ7YQ@N12duN
z#rY|jaaoFKLFe_jkp$E{$7;**c%u(B9YlJOaeu=(QJS$xJ%ZMwk-F#mf30w&-HTvl
zNYW1Tq(ErWu(85jK!<~r64yLiTh2M5AWh&(9lFM0gX}}jV!XFac$RoqKtC+46CKxG
z6i!ggfp;b9j+#m~8w|9Xm~bdn`;^=})M@Yx=;}BaXw_H}tRHH1?f%=su;MSs*ZYt<
zz~r|a0Bz)cD1xu(zJ=%yP4*R7bd%mcfcntfJuSW@vD^CnLR4<+K1|-)DHqUoNz^iL
zu-bLMk>OZZ#FM%K$6C&if4q@o6Bxd_b808`txy8v8gemcYk)!}=5}}FMl4h~DIpeY
z?V66ba0h|}AE4@kCVSw=?}lO122$@Wp!c51b+Z|0=~P9Q7}ew>@*e9AXF`@2LX_`G
zPRp5j9dj~Qs|p~SyEe^e(+#PeO;`{8AhCdWbjDlUL2?`Kd3c^M9fKBYqZ=n;XvFj8
zC}>&Bp5Gh-8aQqnon_{DI%1L4DHwWm49a#$=M0Eb^MJ0$#pNZjNm$4!E{2muDR4qN
zqhYieFtytt1x=73frI(JuJMy;-Lk5MD7A3Vy}<MWf>i_39ZjV;wsTdj2etXl%pH@R
zVv$*&OQ?FYSKnZADdRG=UP&ZjGA{TSbxn`<Mx&#>;RaTk@DHJ2!8Hg&+(~xppg)%9
zpN7#SU<OsG5-($;nual&bd(T>!*>3jEJ~h&O$f~h!+1W;q=vNtTH}3T-V1>vV0L)u
z)r8l`rjU<<d3iJB#v?@uQ6vb%a6E|RF<GQ;bPf|};m4=)ssd_~$9pj?g7_^m(5X79
z@QQ`HZJE#^syjJbl!>^_HXc=p>VATD@3Ko>*2YZX#eppisWE~%&l0d#0RIV_0@Nr3
zAj*|le-KA%<B|7<OZAHe#4favH{Wxxpo^f3p?Q;6gqJZ*8}X;!Z@Zr5u)(n&E)@jk
z;4CttwtK>2E|pBajV?*n2SmeB)1|<WMLygB7W7t>7ivThha7Cy1{fU6IOy*{wa5ne
z8f<Jpj2H1?d0bBlvRMV|-ZI*KAuC4|O!_G@`!=mU!{mZ{k9h-H<gzRnof}7b=LLGS
zT?fS_bfUKBTwC3wOR@<>zdAi97nfICE`(^e0|b@JES?o26APIxji=6-#@C8jWEde`
z#Mi8R&9f;hY-W?)k(;&={cWV`Bw;!_$-h)**;JP!)7*9=p`!gWI3GR!cXge4SrpK6
zvXCtK&&NZ|#CQRaE_4s4aA((bY_Kgg^)=dp3)Va@(C!Kw<I|o^18c*lr?h|<;2F)x
zlifY?-BR7&%!9{^x0fT0?KT>YfG1?dc3x!iRCfiBw)zAM*g>m(r^6|z+qGKCBxePA
z^}k=dMPnIYJT#tJG~E<EZ|H}!{G1g(X#3J*@?_*LNs@rMs*cFQlaxVHfV^Ng94DB@
zCBJdkf;RMlmth?NBNgI$k>kXm4OFZH%c=#F@*9l1nWXI0f^nh}9g~q<Ir@T?CYDL4
zYmD8i`i`0ytKR4I!wWWHMZuB^i5KuvD$$sD<VM__YZLmCD>0@PVSgcU-6XW6D0K@p
zAJPUhQo9MDd3#kgvD(*iQK+TtL=Z6sRB|Q?#fh%2UT?b@Ak<+Ap{7uyb9MFFSO9W~
z40T8@ZBQWdP2u}1D+HJ(;R<#_HR)hXBGXIv>gu)B$T>C@%>e*Kd3IH%$Hd#$;82Z(
zp*n3eh_jeiLLE6MnxJs!q-)CEkXXhxA{ArfaVavrNKrP35J0tiwKD^%*M>F>&Per4
z$-B!4jc9ekAnZ|mSfVeTKlOSEs;RHBh?z(eNvMv@WaGbRR;EK@Np0W8OF~nTO^4*d
zaubT>rMllpq3D2<sR(B1q*EhT=A9Y4C1>ZZgStiEKz^fEcS_MIelEQPxqvyU;EZu9
z*;E{7M;j}N0z+JxrETIWp{bt2R$sp0o@h*{t_qsToE9uA(Fo0vR4z}i&aDiA-9qve
zxgp~+uM31wTgym8^7h@;%VTnCTvWHcV$3kEgbeecU}{e&dgtJoDhiB4GZS;2Dy4Z_
z^f7}Cyv!Mxz0@puowUN6V^-3w4ZlKtD7EHFNL4&Oo5IN*&MEeYycJ-)LQ8d67<Za&
zBhN84@7kpowkxvOaVj9rmiE$s=33=jw<(2AzFU+g6ojIWLdi$gg3@{f>G*&^zl!W=
z%LaC!D5n>==n=B6tt;wH(v-F}&AwYqCZKu$wTjd<qglpML-U0`feRKh#nWpT>pV3!
zHiO#WG$nHi9Oah<Td+(1D?^`<yZ7q8jX4HUZtn^)?GTM=!O$8kIm1M6oXP*)z$T=d
zYOWBoDAlM4%gTbIUD-5lq{{=g-dNf=sK+*+e^iRdYK#}<f~Iw{Vs87Z*OxFNIiuH1
z))#82qlKxdo-EYWOw~7=(j@m+S5BOJc=pNSVwsykNrA%496{?1?^SZ-y?^q8O&7FC
z)CNC0zhv>Yn*@$$ZbRG}bSzNtz)?C{o^ySm!1EoPBY2?>lcOSn70RKJv^tEO6>1<_
zXM(Re2YXLOx<`E|<Hou?KfA!V`BF(Sp=c#g1=NpIW1EM(M{794et)(X3?)z&B1LVW
zhUOT*frV`2HI<l3;pe6%oW_e2&;w2O=rz+pcCCq9jVU3qhd_m)9uoxfci$@8EMV0c
z1Nc-ACh(*O$SKlQ#wgCShmP<KT{^%J5-x-gSqPRjw90Nf2-xB(k0F2yna<)u-4JEY
zClj^<J)`JyygNJ`?*C7dV~DZIv!_pv#*@9h{oSX#EM}A4QSxj&j+4E~(bN5>ll{Y|
z&)BnZvUhOsWXuw_|73J{NRRgS*welJF4W9sr*SM6S?N^OB_~+myON<*X8q~d+Oat!
z>FV2g19Pgiy^I9_;QO3YBk*A7HM3S`CuPZGDGG4BN?EDI8sy^M(#14xKVqGKI8_=$
zZ{X&-YK7MgoV!(kRbG;b&@nxYKGOxFg+aZdO3BiR2dWf!rlR7*)sg};<5Fjt6Xx;*
zZ<Y$<p$F$Pd5Yn$77*S1`UXZfzm{O)4PYw*r9T9?X5jR7p{^N7y%+dqVD(zZEdkce
zuO-lW%UU<?v8@Z;%b3*x$aRhE*fp?3KeLx6{ybmJ5b`U+A^<0>9xJ53)oLLT^bJxW
zg@!98Bm<!(nwK-Fk7sZatMuO{5W#voxuo*C3f#?r8W!e`={(Xy+j%5e8I>~@)k`2n
zCsoaz?pq>0+=G5qyo&$IRIJAkBQ2phsxsfa)Z0~Vkj<X*hlb|~Ad`b}eDG{C9*vXT
z<mv7aJ&X?y_eKYCd=#^12mA5S{$xC&PY#|P(xazr#14{pZxlbHPj?S#ay02g?lVdt
zHJh6tX}pId>Ampt(!Lb>#<L+n_Yh``@mEi2CP=+DW?2h<=Ju^yLa--m9T0%+HAS~<
z<H&H{1ltkFrB?^-6l<7ttqpsXcxa~b{>Pby^yfRzT<rUauwP7GtnWY%*Myc-3G}ER
z3FE5jTw<NTe(-Lx4pgGS`odS(c-E59(I52#C{g+IJrC?C^!5kU>{>9<B^&jx7mOzV
zEO^P@WpM~$Yz}b_)<oQC>Ba4FC+YO0by8eUp4u`zJ%Pt%#d2y@PX2l6Td*!9(B|Uu
zWJq3~5>WPtX+iVZ(kP;&adh=yU9;sC29PTxjSfc74hJ3RTrS4{VsYsc0Ke5^t-zTD
z;a7jU9MsB0F{PPKgM3T|0KQ%ar4t=<LSN?$9-fWA&$@IpKjVy}8@}_?#8<&4&nA$I
z!kh&!-d^If1imkTx=uf~87J>eHk=O0-;BNxyyAy{vwD=j59Lj~IsA6(_;0FpgsuOs
zEw{I}ZO=8#P(4&IDbgDTZ}Da*<0ZV~@oY*Kx%(P_c8=;*gS;`$X@=C)UVX;Hne1Zt
zzTM-eqo=#up0F@<)j(=2P)9?;Dkml+|NmE;hF7m%Dt;hKlUu=wF*0FgJOg_?$J0r-
zhc+*CCIl45G#Y_<hSzg^Hmed?Vp+mcHig$AnscKlkowiD3OfN#FqZ)5oR%|f)dK_G
zLGW@1>I~Ii>!Dyh;hViXK?L$V<)}r6fS!)R;$&(P*3_0Pz*~j1s)PUAg1Te0P@?I<
zhS_bVz?vlNkL1Q*ez%`CvND-u<j&i7S1&Jz<%ja&`WTHyqr-y(`0r>ms{eQIV1NHF
zy9Y<3z5U%M`}<G+GTJ@ZJ>2^X89f{d?Z1UAY4MlQz5A*U?oaaj_%R}Uf{|-Bhxk4^
zwAr1EN_>lKs-w+TfVIC>|7w&uw$;`a`Glh1znSzLask4^WRa#zQqWBMg_vwokfjHA
z@LO?P3r!3eeBdqG+GSk4JbCeN7?_Vc`b-lNxr!jFvny+>&PqjcHDg&VKU8e9wrZrR
zh<fmjpGraIw76!8?tXV?7lEBksyrk#Lmz5M@|00{#+;yK7qFqX=j0!lHVUJ|#wNT1
z+B#tHq3MDrY`CH3h^3M>Cu+7Bk5lH%Qmvq1DP306VP?Zjdad??SCBqcB71o5s!UuT
zKa!G{DI>$v87;~oB)$3c36J(405sUCqv4qT@YC7Qq5@<49347cWQpp*rDT|f-3xXt
z9C}QgOYuONENPY~If*sr@LmX3fZh41&&3_P(14KQ8~-L21t}QrftxCy*~gEjnMrb{
zT5h}&1)<rJOcn(gm(Ez4Z<8A?d1)_y>bmC`KC*1*=Ho}QDcM|!rasiI;T!rdQ7GVD
zb$AAKcBZJBQ@#F<hw>NvHO~K^)!11fhh?5VP#@jr|L*8$@340MKN&qa`g;C<iQmVM
zJKt`cf|3&x@}WH^1hUinl1eY;0@eZ**Kp(89nDn}HsKi~1HCPw(tt#|G%t8oPRQWD
z$>_hyfyXauOyD<@Jb(=T$AAoe9+2PEy(Npu;XeG6&o38~3I9L_(ZI5F&1+yV7m#2O
z?Lj~Rtu0j56>iFJSf;OM+k_3L#~bh8zu&NlPTX`R!OZI$I)lm0?r?WB+}#MJA~D%Y
z=r~T;WIBT`!2jgEarZT3f{q9FD1txVZ|Ey(xhOL7K8VJ#?*D(9KHj&^gzm!3#5af?
zIetzyhZcA8n|&SzdyXwdYF1>lSdvXMdH)lp4%=^$K?PGCrq&IkIpu>uDI7D+s>lCL
zLj7tU$greSi*@8oc>UjI_JM2=fy?+@d(kx^1*aZs9Lg)X@srf6p*~w4oB`QXS5EQ`
z`J4Cs@8oYmuz%m$fJ^N0#<%3X*W&%LR(iBy%!X6)z9D2cVurp~kb`}{Kkgp#Hg+*U
z{~Z%rGBR}s?>BT1GBoBjDjM({sEtJxzR!62Ua^o3QsLc^$@96|IMBd}Ph08H2rt_i
zO>Iu>G6xT(<L88D3Hv~XWK<RT#C7WIR&|18a_jE7tG@;k#HT=4H33wO7x3&sqBe{o
z+m{Bo$$rs5FHq(JE{n!V14z+=lRVfm!qBOh=d@sC@b~A6sYIiJ2GEv`){0HKcRkiH
zf)+nB>QJXg{X1Q+&j6cfWf>Soql$(|b8h;ah=TBJT0r)S#!56LRRfPTh6a2Xjkd|(
zc89yq)X4h{+Hy)V$XIzRiff)thu2Tx1>|OT%u2dD@EL5g_y7B#eGcwUU7fH7NNcYk
zJ&2ssa%T5=3waOjKwXW`@rHfMM3p#R#-atU3eZ|#T}B>|(rR4zKyY5L3I7m42sQs%
z11)Xrsjttv++ugnWgizJ`<EDp7_ctszwGyR@3iv9w2Wu|YHLUjRjv9yxaar-*){^S
z2-W)RbV1Afm4va?dQ-+k0|o2r(-X&ld*iJr*)ci6%<MKFvAI2}tAe&IJg%7Z&v<V7
zvQ$iml9h{mK!(`!m70et#C$2p`)_^*al(e>9<!K2?kEPYfy|59nvl~oNF7e5=&<u1
zU$#z9-fyUb(f)Y}u_{4ea#QlOUu7(&?pd3Ok_-*V+Mz_%fVF&Vze?LJl<Mc7m=5YE
z8i*}MByi#i`t`2aGEh%_jeI2^NEr$$G_hJXgXwcJUhp(IUC2_*PgOTnWfzjKqf=i%
zk%XRaWS|z|04X~l0nx)9z5t6rbibqNbBC-YD|i4Ns4=SxWWBB)cD?R3TQ=+V99>uk
z2@q`jTXkCs%}G7-E%}Y`tlV;7ySPl5S}W#}_4H)m^iablOI%&8*`EHEk_>$6OEM$_
zvl0iYtF7wqYOxQzIfy!CBxD1aL!VEa=)aO=B12C;xC(5WYpSWTP1rmyb;xm5FTgBk
zR2q8O8~it!xK(3P|EYLo#;{-${`WVC{`*EG>V~vgipvtbMu(^qRZWI9g+N0$pjGay
z8WQByw!^s5<%u((5oQ{%LgKpQfYAoVXaF?^s_x2m&_A0Y{|52lUxbI(9G&6vBiS<A
z{`#MW{!cR|eB;zNK`=*N()k?~f-Bzt4vwDe`TD=T(f+}~SN-3Y_&KM9_qc~odmRsg
zdco~{yYVAqIfVZJ59MVR<I$iOl5N^pOdH?sz$&f;rDIZzX*|?P@X>Cix@~ND!Hq9O
z$~NY#r0Nh*(uNLgY}9nAlbML-dClBCr$rfwiLDReDvmcICH{S1h(!)9Bht9_Y}8U{
z*(%2CdV`P~R*ZEaW?hTGIsyK1tHji1KM9wyxM9VzwHxdIpYr&wy?|459er~~OZZdY
zHSiCesm|#fn~0<*28QFAm4!B!?8m1P(hPn2)DuV5;f^e6x$ydZM6QG}<YXo+Il7-<
zb`9foXx0gi%A)2lP6x|$Pk~%y=<O=qm%#?Mu@FUKf~d4j9SB1;f}vfpN4tedKID)Q
zqo}*cHc+5B*D)nUCR=fcK?E`%;h5sah}c1^Hh<Qs&Qtm6!wub?an-A>Uoi>C5ieuf
zz`mqQ0Jq3Wo+=SuhjtN*lFY;{xE0+9o{+&*$&gMYCJVQU<OGnkv%MQ+I$<W`50X{S
zEc=BFuAj<*C&HmLB)`*&h`wu4H)}5ct~s)gm4S(YqEyhtq<`gkE<`Gw((yFU8B^kb
z!(~jNW~;Y6VJy25OC5+UT%*aXOeF^Tl_@RREnSAnJr+>=mRgo!3WA7m>xk?PJ*KJ2
zY8>de9c9CZ+`j{(=Scw}q`XeOJsyCai=>)|_6@TBOb2NYB5r`oYNpZIDey!S9*6(R
zTD-X-zMVy|7qSi_npLeodUv1>Jk93JR$3o!XeoqFj0U&8Ls$NKtU6h}-I{eRJvxe3
zF5BQZ8>d`Y{_8FOk2wSsxyv<Rh5SD{+O66D?d={OjlRnNU*dOX`QH@z&QsPd2U!)l
zmw5jjF1ZJk@<qyYRu!}BJ8;^lrBi_$M-2mQln+-2tbFOw!`A=!aTUeDO5r#1%R-b|
z6XgUAP|cfKwYy&WonQC<Pbiy<OtSJGxBnIUe|L0vbZ}6!|2aB3{CfZYBES3G|Fr^u
z*f>`@=L6im#x%aZr9~nko*gau7$acnOF!D8V7ng~%d3Pk=Y<$Ecxx|<1vC0c=&0V0
zx{T}&pORZDiFRLy%u_lmm(x}F;pORoY#PIe0sLtOtSxX)UDUT6t!XFf&(Vk`q*jf{
zH;P4_W7sS(bb{xO<L6{E7BpotW)_KH%>lq3ATk?K6nPAm=DDnR=?mDtm#pk!p?$cF
z&uFXk&Xx1XYUUfR<s#!m@~B<OuRStr&rGcluZ2m_wkzh%)D27!SnJd4%JO%U{Sq3!
zXEi~#{6~-p<tZ7QWpE|-eb0^|fgFV#!p7}HWaRrFU*ZON+==*OlRa8wSW{#0*a<cR
zuVK=_wv(-0R?Ve&yi|P-$x99fwI)1Gg%KqQpG+78KB|T-s;Y=?6iHT+&`dmsCHZ(z
zf3j%)DRUO%i?*AVI*>^`w8Yk073-{v8pif<t6~Oj;%KZCN+zuumg3*&JS9VIt4Mw$
z8OQK-2fkej{9%q=O$TR_lA4RM_ncH)#8r}uYAyTR+m`z&J%Z-`PHnY|!PsHoh%Zh#
z`0aiAG-zpyG430&L2An*FtLS5(|3y!m*}}jq+9n9VHx;pfY*nrszcbq=9|-8&rRjw
zUYUxUS65Rt0-qAOm;>)KZ`5e<NWK|f>FF7MM<qL_<%|p(AV4x2Y{86U7z4SO`*Pf>
zVY_ox3&AkV3x2~>Hf4!V1GUd-o|BV2KPl#-cnsOnKnq_AGFW7QV8)UGCUZv1J@B~Y
z(pgy!$e3mr3q8Sr>QoYN(Zs0i*O|E0!7p`3;A6AY-YzCSt^<!}7CR@MoQZTWq<K!E
z%nW%rW+kmhy>SkPV{ce@hL|#%MaKKGgy0TAxV1G|k62!J7`X!~5J)`Ixd0wya5T@;
zWrT6ZqbgKu#|Q%}GVsY`hq*}H;0v{?4g)lt?`dZbsmJ)+SpOQbL%4EC90^Qw_nETZ
zsnVOA&2H{MNprRaI{_>3^F^AXL4ea&z2tZe92&z54Xz$G$5yUKo4HTNRb&+dCL$fn
zLkFgDcz%~feu$e}vSA>5?}86y!`v2joOCi}EI*l)tbmLW9xs{CY35{+iO9~FXFFpm
zXU?}McK?W~4Ny#_+x9od?f-TL$3(GUe<g|VgA6Eq$o}ZB&eudZ0mo8)!!jl%Ty@-7
z1nfh#{8~nUnAEmN!DzxC6k^DnCqT_G->8u-(g%H%@Z$MSInS*h27aE?ynSaww#t)Y
z+O@N5LSi?ow96-CL^$eaMCbt1fv+2cpOt0)J*!2Um<d_>t31Csu!msfE;88NJHn_3
z12Q;1-W`N?kNV~4UO!_rEoZ;_MIdxKePN|@6gT|^8_$^9=099r`9XrzAbwypaae+x
zRAdZ;alzT79uA`|oSnMpEeduuE0~;#H1Rch4k3s2nm)!k1e?FaIPUF0ylOrK?TqPQ
zvfH&{S~sj-N}^~v`?NBnQ`6xg)_cF!PGJ0K-!R;dQ3R7z!@9n?zpmKOiVduVHvaLq
zJFyQm4q!&}MiTJxHW9wex>L7>G58GetYjIcd`_2`yu!`btiYiK0L>KQscL-9(-e{;
z!R{dOGETwRUOUP|^y@0)j>g0TIToUnWkK^CQW8J}Wp%AFi8D+Fs#>f+lN1Kr2A$l9
zic;I;mO(sdj8W}wT+o>?ns~s>tqW`o-F`H_5H#Pigx$T-s#$DjBHnJlD;HV8?fgEv
z*`1DlVo`n4<J|wsn7%Tmdorfr#(Hx1ZRIc4&$O><o!oU}1%}458&{~sN&E5X<<D>5
zy?FWa+mkmhH)_-Nst|L3u7P>!$5Z#`zCPUS)(W8!#!*t&(_tnO@T+Pdb9(mr?58(B
z15PJzUS6J`oPGhEjKXzjb?R-1oxc9*^6KTqo0peA{CxWE?W?oz>)0KWof}&0q<n0z
z2vy3<omO?jQ>h<}e-P5!k#?GX`tIe$+m}}_FMqy#dGU|4)0aR0@b2=e*}b!pYEaiw
zMmAy8c|`|i=kG51Vg^wAW7fP_z07VN{9a|1eHkB`*AGvYo-hzW0>@Rxyw>rI@{DKG
zHzHwVKyPIfXM9lOH$s*mX!z^5d0e#|SaA0pQ#q@1-iQpMxcTw7+80f<JSCgMS3G5M
z_&qDh0Cc-L$eBVB<eP|Pd<cDQc}khRQIn518Ee5VOOfAWm^*RCqeZ6YWay|s`m7gg
z$K}@YjJrI7w63DvQNLy6h%SM*nOdA5lixj{PljYdP0pROO69oW5>M;E&KqYw_N3bB
z-8U?i_+2)|041B;r+r?CQp6%XCReBDZQCnAlmLIJYV{gq^IdAyusU0G4y5+__F>sI
z&tMF@@{tZ}g&yP#J)lOUmrGxg_^9Q`bdAkJD~A0E_)zfM$=&aTq8ZSuV_!wS7xg+M
ztpV>zsFkhmGyGOPdQ;on>v2(GW4<>64~MTglD+2H;={YVk#Qryjq6zWjqA6PmdAkI
zy->x*$rC%*1|Kb&Bx~a7!qP^27)G=w#s|GHCL}59N2OY^C$C?3AG1z6-#1K3I%Vc*
z;uTHPF^#XU#A`8??=nbOYTIEdY<Sabni*J|upViX0vpUp&=X<wRA&tE{E342$B!i8
zMX%m!QDuGNsVmgGEM59(sroPtkNviDUmXHAJPNn~IGL-V$xgG$`dHq@Lg1&&DXHGa
ztVa%}v4#}ZJ8~&^GFDbe>=YMsV3h)&`QbTP$NP3D<kCR3^nf}8*IZY~GEy}nxs;Jx
zV|}ErS&^~y;qgYeD^Rah($iO)y`68#>BU*}j?ffSQbVU0pY*%)S8m>PZLe6Hdso&N
z=aYa10!CqFzf>0xL%54YR`NL;x@p`7alyr4D=1=&^GP(PdE5F{l$pq#ab8z^-QkQu
zxP{2+RGZ6v$I%A}G{h^9oc6U6)9i5x-to9v@~RUsjce)V5h|6r0)Rm#YT4e$`GibN
zs>Q6H8eZqLb)ZS-9EDkg?4~moKnq|(0(qS`ub!C&kVAW@VJ8vQh5t&N20(<DXFI>y
z)ObiT2&Lm6)GcF7_WmuO4Pg|4i6}_2$WzQ;skeYmRSSPrVZ$3w_XxlB;AlZ3AT$LQ
zyzZh{WW88=^HeBfb+K1mELn|V#sR%kkxgFk;*F`)bu5)}(s?SCabljRb6U<iMv?OI
zj#E8&9(lrE^D+zANSXQ{<}{<z4)iLI$(5)zt9IbFS~9k?TxsHZV$)RN^`=*))PF<e
zFCZay%^=UCIhDUOvKYEpu`=FSXVz9Lw-DMJng_|1@u)40M*GTEEne}I1()?Y=t7QH
z#&p7+F(Z&Kr4$4L{_7KeE|NvcWCQn<kE42-PfRtv%^EG}8L%Hp2on^gRk;5;T*W1H
zwV_unaE@1LVtwoLW-(+<8t`1Qco00YH3x$l-HY3qFQ)@&IJDJ*w|854-o~<4=#m#>
zhB<-jZOtga!o9J?!^pQoyT_&&PxG!_I-cfhuvyJL#?$;hsJRQK7NorPxlA3U(u~R<
z*|JuJ3@|^2&M6XJN?ILKraif1naUk(bEjdNZp(Sg;lAURC;$b`rp$i@Q1XtdjrZ3O
zc(rn}THL9|(h4qYcQC4w`78KxIjqZKtHj-^+qO1$w9f^){KL7`-`hmDwpZr9_dr#z
z#*=hC3-|Z4x_oG3%E*}|2o9>m^N+j3;ge5)C5a&a;i+%_okW)n<$xy6?$3LWLx%h(
z`S1Uoj0;Au$#1`DJIvkDUwuf4$k<;!=sH<Noz&HC`36o9CsdrBy&IO5SIeA9@7Af>
zk^vczPoJVlwSE5aqXyEw4j)$kbYB7e3+#$OCx*6P=)q~#Mujm~xh4I2rq`Cb6%vOX
z9oCXp*7<;cp#P!vf8#<2kpk;7h$bj%Sgv`NoJlg^=<ZkHi*C|dsJ_HWt}9puQH0a~
z{Nu;2cCI^ByKK-8A;{Cs5)_u+=@{%G%%GwXaIV=>Hjxa&dPr=?N^0(dZNjo;H?m<+
z{gCY=v<{-^`l*am6-O$3-X)}VcKy{rCyY~vfzDS$nlEEW)AuawKF0gY_<w?H<7byE
z?j}mr)jTU579Wud6I$6mtzfG?_gO;dq-0sbigd}dscR3d7)F(G@t>F>HIpnWSz(S{
zB-l*I^0Cw%z~vTutO5|4Y`4Rj7~%R!{sDxEAhSOG{^H$F=RaS(d)K{hJG9gW)OTlZ
ze?C9C`k@<6#)o5`g>*6A@@%YvFJ=oBkh%QJ7OQSs=tv+-3fUaeB}sX9%@XpxAbBCC
z1)Y;I2b*Z{Be)UQxMq#Nz|w(~u$(Cr<E2`;i&DSXlayaGB4^IZ1HS>|^~@z0^NS2J
zr&8{EMkidBg^*6_v*w;qGdd)vBF8LA8eL5H=YWFrg!lj@ilxqLddqCA1%023Gfwh!
zG36PN0uf~&SWI%o8Km^Gzdr(B1nYr4bT6vzO))1s3t7Ou*Iv-!HC3Tr|LQsbn(Z9v
zJ@_12z+36=PA2t}5Q(s5y>y<HWbn;Lv#LLN-3-V#&dzZ=E#_gwdLB3ihn7>PQS9oz
zJ2ZS6qkCU^zuN3nn0+yu9hk^dT&%yJ%}(#zJG${t_=k2yTZ_N{AK;K|%nZ+XdGV#r
zp5PIEpL6w(dYJt`e}vgh(l{+_N%$yR>#VY{1}lyzTk-2L_4SzQkEeG`0aL$(h4jv{
z^gr@})zd<4^-|e#@1}3+hF5$-c!@bkv}qShhU&@*c3L?rCZd?@ghW(US^3dmi-e5D
zY)YZ9SysqY>=6-Jx+J%vxYo8{K`XTI9d?{gqRH3ex&EH^7)k#dnHDT31INygz{Arx
zpA5)vzv&r@N>~x<|DBqTyUyx$9{WB6uWVs@_c0Isg2tiUC)iy~M*G@+_I~hk$&iVJ
zsny&tmaqjjB)}`4vZhddOL-YhL=mY5k!tb({DxgA{>Cj58)kbbA$Kq2eAlt{22L!U
z$j-+w*%?%M@LT5VH!`M@ZEZQ!ZG<sm@l24xKPfM@Ky0T{iL=Eb8xDt_C}$!c?Y0I!
z`mE2}c7&1I?@_{w@OEk=TQH8L*H0tr-5+30hZwb*qo|5{=d7}@+7+LrPF}zM`SR-I
zs>hR*wS4@MEdwu8zU6WKWkLO}*|L+K_!BwuvKD(njrVuwuYO0o73*FD_pdK*f2<d`
zua~+%(WMSH9y)Mbmb4kd<@dPHb@~4N7k67~F*|R24|Rv@`I>>h4(huwY<@11wnP5@
zek|)a{QNl$=)Ry-8(61G@_!|YA5GkSvYD}#fc*nm7CbIpL+Zx;0jv|iNB$2WZ2i6$
zi1jbW!C)W}@h<VTt4A}&NfqhTXO^PIDfxu(T)TK=lQNR@hLNZwbDB-z$^nXr=p}jl
ze~&kn@DQDyU!8pS`sHQx!`a)b-{8~v#k>FWZ_(+=+mnlb+j{(0lc>)B;mzcgSY!!l
z0wSUy4OkX6QY<jZ=Hm`zAJ^l)5W+t2l8kDfCp<)h!#@=f+OfSK6^yeFo6>lRkiF42
zu<Je0zVqsI{UG!CP(xX7UYuU<JR$y7ej*A|u~j&IG0~KVhHPH%gBSb<x#Cycjy&q%
z{Q)PuMue$HCS?f77pHH}@C{Dq*Q6OabIq-Z6y%nvAv`X16n=1Y2X{FTPEdr=u`*o;
zL+gBq-GK|M>FN(~Rs}i#V8>vKuZlxA?p5&2D%dXzCd-;2ALol>vO602aUSPvE{dfp
zc*DQmlzLn_*1SHgzMnj-g01tZwE0-NBl2=5&iGFCYU=Ilz_!)ZbZA<G>q&Y`mu3&;
z1s5<MDV6fA@kXofCa>0jY^Ge6<Qpf*QVj?h;7tVe({aJU&cKyK{S0$=OFq|x^Y+e(
z?9@-)|A6X#g1jqn&9XjFZTkwOvtqt4Xw1%A<9Bw}tN^N&@D@{cHXdr~9=xvSyC29)
zl~l^2EuXy;(?(SzbCIxZlZt7+kfrPHtaw^_gKv{B-d@6TCSqcNK>%b0#SaCSWYR1~
zow)E7FJ$>oUe12N@wp3JF&u}F*~S&t4m^jVfr`N!mdBsy1kz4BZOoU4%{rkr#-&a%
zRaJApK5T!bNLf)&hvIx}?X5jZWuNP+6P;kVknH6AOszRq1S_CUIQ$~-)}uL>0A+Z6
zBTG>*_}Yw1r}oN8%Bie4z2kJKA-aBt0c7;2nq!&<!E@ExKpOH~x>s$U!*W!$oD)bP
z1@`2}<liA_m2Iv)fQRZ^2S$mQQ=XAep9bVVyJn*M10G4vv_B%RL_y??7D|ZqVk?j_
zD{mP?8Et??1K+RCq&*LcaIXIZo9E^71uu@t$4^e*R|3+ufk_&({po{Ck{zP69m*Q$
zfa++b-L1U~d|iX3ov?~U!;Fr=d;T$bVXVjA6{jW<KKb*!h_69XxUr1$332q3t!m45
z>W1IZR}(YDLY#mutv(_>Y*2v+tDHvQ8X^ibR3&xmxK=B;4nowd<!U5o8~VC4)*MlI
zZ`5?Uy|zb9!Mn!xfKjxYS@NtN1FcmCZb!6-G3+Wd+Y$9SUpv0RuuA=it0U3e5$9gf
zX1Zd{bgbM^;2G!?<I+_sj96sxq9|Barb`qw1f=d%OP@)}B-v!c>CjPxY}GIehO6m7
ztu=OyA=@jSvH*LzYlO%i@gX~B`$2+5-i>=!QE`F+BOj4Veaho_aQ?J}|5CLvtP#wp
zl}t*;OPxuCBENKYYIpR>b{Y-3j$=PC<>0|c(&k~=<*nIkQ+K&;cCOFQZY#Fhey7&}
zTTPwRLJubWxaZ<+2`dNeNJ(AQ<r3$Mz*QhoEL(pF$TO|M=&bFEON4HVl}98Kr4nyv
zjHHklV@iHyg&=cAGl^Ed*<wCs1$t2s5tlS21<MO2Syt-T(L{i?Fy=xg+zqg%!(6=)
z2|FgEgORI=<|Uiglu2Md6ONx}CKRYzEA=UQ{ZyJOJEmb&^rYJUcp+Iq=6pIU$t}&`
zX?Y<Txq5xsD!=s%$k!Q;5C3)ti(lTl^V1TY@AsXhpq<j{+gW{5oNFKng}v(&MKCYK
zzaWj&@gIgd0fl%Jm~7J6iouwNt@N%B7Pbz!^C+a*hdkvmFTo2+mMkGNR<La%c^2cU
zXITjk941K?V%PwVj!@?8%ozlF)sw}NZGA<iCAk%gG{My9gxbVmVnUQC3X+Cw0H-Bk
zH>_9^nj~C}aR-P^(;<1y=nW(en=uSbftPGDheTqG#xspE3}o2=ts@vNN-?+oV0N((
zo}qV@))){f357ccxt$5gQ02$*?t9Ia!~S#WtW~SgiPWe{7R9Wn6S#9~8{Cjo9I;I0
z@S4@fZ8%~q=5vuD_lQ%@vNBNFffP3o>wx4}{@9F^4G`&fi!4clQOdpUW4c!FQKNqN
z{U-9%&@Ms?$uQ-voAC?hbYK)gZ)iRspFV}>xD9YK*xkKmxUHLOwruvYHo;a1XigB-
z(6{!RML4W#hal1xhqaY%Z8Acuco6EL4-M`eEVNgs&~7oHD|TpAuRD0CQ*Wi3yMCRo
z#j0H$skURL1KNTb_*Ga1gN3dN721JO)no+%>*fK7R)*YPp=k>Q@ega<!ada@<oD^U
z5qZC-hA*&jK4Z|-j*zMU6+}TjEG;%Dd7&;e-AiC-KWO#SQ?o)Zal<@Zc@;jdVDMEK
z=phWOBLFl$tP%9LE97st9>$b5ZCn)FH>Fp#D5!=xxe%Il`VF(q*19EX=gRn;&OiUs
z@iU>E**s5a$>ffk7Jnz9ayAyUNTfcW<}@EJ={)TM+4zk{qtW5P0sMC~8rA>1d$>FL
z%kII^Xm5Y_$^QP6zl`?wMhAO;A)~c=x#Mr4E{J~_-Mg>);Ql1Pnq*T=xXTw+rElOV
z3?B4#uE<o3O|r<AMYHqm@Ly770|P_9?5l0JjQ~M-QG59Kx#_|5XTgBPc>J6cY|1`p
z8~l?rC4<fXJN$NMYjgPR)_?p5bo9*tfs?^EANM{%w^0;r)S^vZ^DH?gr-r9)m>`pi
zGg$sn>;5;zD6^Ox?rW=!%f)2EKafGBb9&k+cGx;VPg}#0lD`>Vu#{2BhHq^tfJ^C^
zrJ4y}Ka~;9^J6z;EzNV#ienVMAs0KIh+kbXniX?el#!Tt;Pfg8p$(WA4%0F;QwPRw
zj<42=@R<yD2j(Rn6e``-J$K)Y1{1XmGz5ianJ8WB9OuLFMh9a(sDSI9%ra>%kWZgr
z1?t(avZ>;F{Ed|2e@Tq*zCMrsoWE}VUx<{g&+qHM75snyVE4%9|GS4r`$u2-|Cjg$
zu1)C3<{60P1)HRNIx9UxusUxo#x#cKSW)m_@iq4PDexT2buUE90u0xC1+v`B=c#>I
z<!WvR?g7Ue5urK%z7UHXT1I3r*r-{NN5qOe>hg2Lin0Dah5K*>8g2N;EiL2OhP$0N
z?o8JeX0Y1bp>pDys;j9wMhlUqtZ3YJn>DoN$CA;C$`3xDx^G9<RGZQ@arBOW&o}QC
zx~nJscbM}jE!izyo}8aGCfh0ca<i;ET{+7uk^AFL?-!h1u+2F2jdeq1Uv7TU_C)jM
zRg=6L#Xs~c|K7*(7yqr6|HeE^cs9L<7`Q_IJ2*JntKI)cdq)Rf<-afS`yJ%J?{Go=
zzG9$AnU11kcu5ET8-zHFvI|?e82^jKrDiwS$ai?!2<mLtaHZ-)jxT>~J(wVh>xz7q
zh4n{}LmzJ8)urn{*4q1%NW`C!jr}3y;)h#q_2E>@t#z^8eX0F1ncTf(^Ut`_{y-A?
z!>zaAp#DIM?)R459_H6A|7+6SQw6+2{@**QzyIwX9qjLZmH)rQ@7|m<FT|XcGqz~F
z7&_02P9?ph-ZXQ_2A}El_HO5WcfTck=65xjvsiVcO>xi8kI7q%HiJe3r{?<xA<}b8
zZz7h9!pL<xoH#2B9-~o?D)bnhL+#uNfSDJf6tPH;$<^sOd?{%$W#u`vuNrLxZDs=g
zPQG)}DwIAf8;FI>1ywJ18bBS3`a7GBbl|S^23EmCJyc<{l{8ylYAH8fF&#9y*pYET
z)iN8D#X`rB@+&;>9JLA!f97rWM_kzt`+nT({HG{7-Bk=&asH1E_iFFId%L6E{jcZ$
zm-v0=o6`zjXr%U_3C?Gc-vg1m!r_M2G8*X*tIN9N_b><Pwf{|8^Ut&Y_jeBu8vFm?
z$=Ch=C4Qen{$ES#uj@qgTI1Pt7>j}lIgG`8r_MMuptWVGm6(OB^d9EPA!z8^jtByG
zt=-x!)N0mnK~~kX+XmlTt8XKW`GVG*mhtShL#&YOWeI=TYzuV9zoRbJ&axyIJTo#J
z%4)9k#<P+YH#F_J7)<rL8hj=)QRo3x7WCSa#qDnm!WRr?oM%%@c;{0eJH>`!`5L_=
z(icq}8U=U2Bp5lP7jvj)u_=iM=W-S7ho8|^J${LKU4_GEpI!S0UR$cY9+{o~N3eDM
z`fL8$<iD6kV{q-ckK>2_t-SvoJgM7%92|YU|9z2PK>iDQ#{~;x^xl9Ve65ZaYq`8#
z8ke_I*X6DIe%Rvg*6%fE9e2D^Nu@7nNe5(*z<<yiuiGi^Smz{Al<uTrjnRG?hS{<I
z@y+f2=Km}GzxEIJ>-PUo4!+udeUYDyDYQYzrs4vdZg`;&u=vw|isCvIG-+P(+CtE7
z1#48XWz`0ti&6w58mwrdgdCBO!HlKz!B(G0wz%DfF)PZgt<XTJ7hpm=h$}H|+2%dI
z;LWRWe}D5pQ7bj-b^PJm;rOftcu(yU41Xgs_7dOxOpc#7f|18`C|SA42V~gI){#H9
zaApkuae8uD3;EE8CmU$!F6_e_o-$Cbj}H%679&g?Y^~mpY)QO&U&YVxua*DbTk5NR
zo&10IV6<P?|L-0ie%1ednV%#7ZF<~rtB(b+j@L|HXiXVpO_X>!9n<*wmKKR5v6$zy
z<d7I*X@WMRk1w`+2_R3i{IaCwLjIH|YAGuAgs+#42H)kAH#C2-%;=oQm;6_DK}#-F
zgVAslt}TCAu!1JwNj#X)REEKxrXs#RFT{9N#VgDZ)=}x~{NxRk>q9BZg-Dy#-sP;I
zr6^8v4rk{{l0e+_K`LUJ&V($FpY81*gt0BJ;`|N$pz1%_JJ@^rG+gT>Tk2YShkLsR
z2URVc%`+u-@^blx7S|!NPYODnv#h)-Xnf7HX~)$37|NCwq7waeQLvvRJ1_X07E2vu
zr33Pdx0e7ISIbpFGnvzZWf1eE-i2A3^_4ke8QC2^CAU;UkaZ3b*%FqgV#yMBaq<a~
zY<|OvQ?+~xMh1U>zB_z6Ae%-nJb*vV4$<+WPu<17rQ?(LSnNLfev_8v4y%2%_oS_b
zUGg4D8x@@;-%$}(b8s;?6ns3tIjDzKS-Ik$lfmxZ(Qq^z4R@Ud?}So`)&TYI$H%+>
z*#zV2tU}x9IT^Lk$ZVl-jo_kxP6oN6YPFJ8|Em}0vpX-&Xa3@Rw*KOL(1GlZ?mUv+
zkv|mmci*w>d`sRkmPj3Y(FsABaEXg@%rHPCF9AcdRz(I;B5zRGmE`ZwZxpYfV{yZV
zRknf7jaFlGJt?(!cS`NmD7Dw0Qf~Ne#f_V>kh(Z^h+_qJSlgm9(-C4f-ORpmM)V}}
z!QIJxP$TofS_|^W^9%c&I1vTnk};NGu32%zih?JMFj}OX6=n&VHj+qI;yT2!gt{bL
zg2kT9S<ENA8dbm9=vuhn@SM)o5xW@+nlc$Xjz2k_59ex9+>>IfI=#ofn9_tW&L_jz
z)Ch3pI;={VX@jL}1o*cD3)OkhPR))2SBgvcXu*Y2zizoJMP1bEkOqItc=~q}EiTm8
zb29J<ZBPnkn)Sw6htxHx9-<)Nw`a4pTXCzaR!$4Gak?wn#JC-GVDom?z}0AJNG6o0
zWDu-t@@6@VUhS4r5UTb+Pml|cP1Wl*0m$3cS+JR~ykIdcS+ccF^bl)bML}>_-uErY
zKPj@3XA3qQ1cJM?v(DzyMGm}Z)NO&`u4D-0|N6V|mawH(p(Lb9!lt1hm^kC7Gs-ib
zO|3+oiOk^%YQaOuo@<^ZXOawf1_U1X0W}>UTb__n@8NlCJ5p^AZMVBd$5-$OxvJ~I
zlx3{oadgAVS(ESGDR5LhntgwLSN)B=5upDOxtcMeb8^)asYtSrc#>cn2plgagxUrZ
zSi+bg;1NXgr&Bg0S2He2Of$kbq!<}9k{9BJt8)o%@v2B`fh{aiU|BgsXfu}Psy8=Q
zywHL<xt;NNM(|H20Uo3k&<Vo4$k@XTVmiTK^#S7nKf4~%Mz@JXULKRj9|uk#{=qRB
zK#KE}k9VB#{X1@*ZGue<(gR~Q{ps;WJ(lBr`>H@{A4!~AF5Tn;M5m;ZRUQUw+oCAF
z6pO-;a7fPJgPL;$_WF|Ku+Sh%IgyKkL4}D(Q*jF*%S9;)#pifNW@VYn;~lN}8>T$F
z-tiM1IDZ|J-y$@`iSWOk%?)WuH4(^2;P>hU_HNrMLwOS)@9iHwbE6%4K{h`&<3-{|
zGPH9LP`#{($yl?wxI^xRvQTrBL@|ZTAjjmfzd*EK+fFl3_G7eBXUpCVhu3V0tzuS`
z{hQg&!ltNo))b2@D+?N5e}8&rtZ7gYZwjJm9C_9`_K^XYHZ9o;&AA4hP#qhce)znh
zA39K)(+~GS%LU$znIBBp3RjT*N1rFBGZtU#(1E&GJ3MO1KZ;ciKdoL1m^N%6;iy*Z
zse7%!3`vl5R9omtG84CiV<pZoZ-boC0`AC|BF$RpJ%VgSl8iyVf^^(7WG72(2PtBP
za83!Gav1JUaghwv&KYRlIT!-8NSDAj>0-e%QrS`xD#_`^3rRNPg)GI~26|DKBe=?m
zYzrY0)wg7Dpp6+(w{orzvSVF=0OYt#$&{6PY&<de7zD#OnX^mR+Qx(vTx!r&Itnso
zskj}Qv`<!_FlG~Ve(nwriCpBlC`wQ|q)SZjfM7MWF^#WTmJG>HHZNTv=BlDP+S7y;
zCb60YFK3whLQABWR7!($I#3fBi@B1W)f|dN38i|h%cxo^5iAuL%r-s|KZ3aMIQbl8
zY;RKAVE9oMbfptp2P87s3l_kP(V`qPT1F+GGqEW9?pSk%+ird^kggDrZ~A9DyaUf_
zbQR`Zr1EISW9VLe86a(a!5+O=4+=sUdYHl4mSiBWd4Br#95vgQB`wNDews3xX;!Do
zqd3bW2{j^#Riaqc@w1j$bXsAOPoD-M_UpWzTb7A5JH2=T#+^o@eu2e0`x2dk%#54X
zG*PU_<I#Ew<07%XbsdM3SsAA@C6ze2rws~r{l!otnyM;Mj&*eA7x+f>H{dy$(QoEd
zBKy&-MX@M@In<m{Nf2~GcxgG>lHBq%C72wi;u9LUJrb5f@?ue#{5LKh+wjG$s=5Lo
zCU5IlogSJIumm&^n8y&05uN?fTm)wHh7k(5#>fLpp)L<4gM8?ww?!U{IdC7-EhG+N
zcGw;p3J|sLc4(iu^$vfu;~&^doUomXg0K(xPq1=lNfpBknZ0K4cBt%zrVEqjLVF*$
zoK^b_bjbsFRWSL*ibZBS$w<P+iz$i+NI1+(fZCH%7`tew=1V5(i@mO{W*FGf;D!}r
zA(;__)W=AFt7R|*_`0ZV+h>eya@UH7(X^bMi=x~j&z>GVGc$0>a5Y_>o`Y>UT#apZ
zWrEEJGAMF#ex@(UTDc0@rvz*ohGGMxi$w;HZPg0Il$Q8+gcj`XfGXVDMpIu#dYk-U
z8xGbRPc;yzV>AXq<joUbEBXy&`i>%pl<_aKi6~Hcr%wKXtKdMSwE&kd$|^+`-d>Rx
z6-><nq@QOMFj%_CgS1+7o6z)@E+sIZjNPyT1x0iDOhjzG^tjkz*$x=NlshK5$`1Cj
z!?UswJCE?M$mugOed6kma-Aw)kt-FqPBQl3*xLx#9bKWmleL3_eaGVXj%5@DS`5YH
zXWOV8HOqLS#X3~esLx()JSKoQmovtTs;dvVkSrNi>I)S4iPewd*)^y}faydcnk2<Q
zbAM>9P0x&TM`UuKSBf@O>+QR%mv}w_Qv$q1uJfkDP((&fUcc6-%k7L6b}YF_;3|T;
zFU4sWDdHZ)?wAaYJHsgqntCaxk|B|vs5kmgz+H>zV^+O67L_X6Nci@t2tffDbqWs2
z=KsJ?KTm{k)P2s!ZK4VJ^OzQ@iiQqAsuH*{X-tm;dXu*C5Jzv)<^~dC&fSqD9ueRo
zYCy2Abf#R>Gp0KpJbQL{FxVQ_3Nc3yD{x7SSw&8cDFu;BL+(EFLdHN$2-v>gJt72*
z1DZ$9qH6Na`^F0xtfX~Ag1$2o(HqkM>dQLbS>10R=Fw|ogZS6n*!Jd;3p|Xu^!K-^
z5cS#UA%Zzn*Bst%n$^<3e}}nv0Xcd(rU5XQp(2T5{kaRIt9a~)Lbf^#V<1)@nnO1P
zS3#5SXsX2VVzA|zB)dh!^k}Gc6=VRY4Ysz7JEo)8GU{U+kEE_A4vb1efz;QixQreo
zrdhxJ(@slwbS4U8Y^ynA)PjPogmOoB$VuJi2UXQayVj#2iCkv!x?wC;o0=k|2K50W
zWE#-vII7%>qr6}f{(-F`hyL>VyA#{=T(=~@k$(xEkpUTmJJdW?b==fKHF{F3daPHq
zqmeRn0j;P4rJXCIh9gplI2b>z@=6MvIn8Do@5*`}UqIGq5T*mpRqv^7L8Ft@P8aJ!
zzsnvCa5HzSn3$C`=iaWY7q;)EuHc-_O%wuo|Dd0Jv<xn@Ce?F&f2OTN8aR6(N{^0B
zX|pK8U`d|(q1FS`Xx*fBcr=}gf|s*-Crn$bg+O(M2ilL3v-6t+LeX-9XH$4H)eB}D
z?n>1YAuX7vwSu;&*uwThhZW~H2mUg5O<!F_h>y$RJ#aZ}$K|k&%VC#Nrn=2Dnq8K(
zWR6%!iDU&A3rV<?3r0j7FA7N#)COwtORI0UD>0jAH&pT)^8iHVbg4vgZI1)G*HW1L
zm1?XxD<lZ;r8Z2UB~uc<p#X@3N@gE3NaigHmY~9tTxa4oWyzG`y@>*Vyx_v#c#B20
zO{BmlDuqhHVy3Xm*ey9bH$-HTEOOAPJu(TywXTGws&&DqQ^+^22o-6ec$`ln#1=Fr
zP6>SNBOXGl@A65V_O6Bw>KGl}cjvE=LPiqj(vbD9(D(ufD}l1A@|@<?yAdQ7mrGf)
z`H=jSi_8pm8`}D-&eGagdJw6&l1sF0G84D#hT$!MW=kTnsZcW$i!5U?z5wbKkZ@Tn
za<z)b1!ohq^>{>HTPC2|B`oInlx6O61(U3VIdtGdOSg|3PI1A4Nr>*z;V%gqgC%@2
zVTD<0hX2t?$qGB~^~to;+%=&!^=6!LGQh`5C6ikH)=yHcqT87uw_MH?PH3vR)Yl_%
zn-TrSdHVLOX5#}{;lb2RG8_O_jZ6+?c#H!Sw^7f2%cZ?2DVm5IR@@f6#P<#lIt<$f
zSJU`qd{~XBuexvSIu{JQlUdO<R%H>GmV1oLYu4cN+8&Jk(&EFQErVBe7H-^q>aMUs
z8|RZ@3HSTj4M_Em1@&?2`uzr}U5;7?=ycF*6CPKc-)J_YLomUnnNAC)WED~t6!z#u
z-L}=%sZ@zvl9b&*(q?$I8KmNNuuTSYmhi=V0Opf}IsL%ri}?WU17>_WV}(wKe8bXh
z{ZA<k@ajFv@B+zLMtEk?6N@rmz>d{lB7-g0iTGSX>pCY@703FDS)dLG8)1e_)z;C*
zSmiS3F-=Ly=gitj=+@duqT~~<Z7tXhXi*i>7>#FenBTI*;a<Q8q2aqMT@p5#sPD$k
zJBXGv=c%EvA}~_4g&J!=20IiBJ_L7>ZIaTdBnc~7G3Oc6`k|}Sb6o;|Z^Mymb-)u|
z$dZV$;^6>go1lk=>A<C`@$3KtP9+(A85#oiZR_e43{8<{qjAndwSfPYdBD;3`nbMe
zCdlS!IEr?MqyL2GO;OU6;K@zqY%YqW!d#I@Evy9LqWr{v1)GkEeG)po+9sLEBJ=OJ
zCs%O$)XyhIN>GDVTx3r3NCS){|CL36Pjl3P;k59ujIHux8x2Q)Hd?G0(Y=q6nULjc
zHl^|MLM%$2O=~9#q}flQLR4Ul#vC<Zbj?uRK3ZFTn?oWaN~kdg*6`4VEE`|+p@1bM
zPZv`TyQ^R_7n$Vh!lNc;ktM81m#%bp!^<U#o>G{jhp9PGh!Z_3cri)f25>8i>us2?
zl$C^+WTM1eCB_l`M2G~jO%;|aNVZx?SCpiSa`uLTe~KoES{~{vtdTkWV4ZGo;p)TA
zr1Tf+f>##2vU*T$)mqal%>~t%N2mApJ1?q;J!c!wTgJgVE~9BG#x#w-?S;A{Y2$2J
z(={3wLQ4P6x=m!B@{){~PE_ME&J}vFScc?X#z;;%9+zT*x0HoM1SB&~TWZ<Bz1=|o
z=bvV{>=Y0K0Dvhr5Q1^&!l+J*vx#3@U3}&u0p}@L-kG`ZqWQ^(vUc;e=T~VQqs64x
zEoewiB%x}Tz$<mZ@^p#!SCoEigF@uFHlBeME@%>kE=(X{$dZmzE@#>@p^g9=byUND
zrS>J<Nzk1P#5;9a)Pvj|?tzgC`lM~ET{h<#pYvbsNVvW>J7m(XX=?UkCbf|0ue&nF
zO;ZZ8i{TQ6W)XWU7#3}?DKcTVZs*o$ZUrAI&6YK&y6#FPQ-E7!w5;v8jM|>u4VU!d
z6#zxCMRi)K31;Se^1=ESHV=`(DvTMQ&gwX;Zx4Vqz!|ICgok<!dI0$frx5zJEB82`
z80!*bl>>Jy+HB(vyxOoe+?yyS%xO+Gb5_{GEj=i|o92*Q{MHy&It~me9p7a*3SK%k
znv!i_4+6Rnu&7>oVo=ppb4UiawTAOjI~3W_{DW#wrsK%?8%5g8i06$XF#w~>>g~K>
zjzzLQF)Ur+P9{mtiU_$cNomQlc&V=$1xpq&=w?fODFt6cmZ6W;B9A78fCqGtMxBm~
zC06b52jZ&hlWVG^&FsL~8n3*T*J{9Mp{ik+Ry>m>O;hOaujUNYS|%{cXPM-17b=Av
z7aRskI!jn#&AE*>5k;cvlyHrE(0jTp1W-ibVvmZ0VfF8QSWL#3nNKrg)?PZWRFyG9
zvrn~j#bP>BQk`=(t6_3BaSal=T>q>#YE2_~un%0q;2q_sI%(HE%>iEXM8E54ZtV)4
z6Mf}rZm6Tl>yS}<c5Cub>phN#y_&A-lqaPCXuHD$^;NByLX(%5*e~46MaIA~-w_04
zKng$`D`ws>B7Lor0p?iMdZXk)#Za_Pd%8$zp|%{nn82$-8P9N1(EmMU<V>oIms-*>
zEr^;{5rIa`h(e{hq7;PB)h>cZxea3KM^60+YJ`k-bmcQue!-^fLxm)~U+SBt^~(cg
zM8Q&aL$eZf5#t3<LC&IN&g2ZlYpgC^%ge^|sex%8lG`-T+L(Hv?vqCAobg{4jGVn_
z;P*y5PA{;ABhABFQxd*GPAysez@u;G8CuKl!eZWg^5j0l<w?-KbjXv2rWxPSVw%fE
z>bNt39jlnn7n#w#8P!~7Z9>n5#QP{p`^F<EvIb-J!_9}3W;Wczmi<0u8M|SPH|XnH
z;0(tg+0@Y&PPkfEwqApbD%L#Mvi~BEyCJx|Z{`Kh$_W`<I1r4-yWZf~7Afu^^BncW
zTTNR%jg2;nFnzlgJKD=ZRb;aHbPl1ZB1KxPa%`B4r&q9^?bmX=6miDyN~Us=Wh_->
z(*L>>nXoOAsew{&VrdLEh=vzcx7-1&n=lRBkp;jyi{Ga~Q(@!M&UxO~qjQ3)bWe5d
znV}8_hjLd6tOSocX?^&*UBfH;k&XBgQ*eX6GtMhbP7uJkZjaqJfVv@p{rdf!T6H6v
zBFc17&pzeU>j(JF)lUd<UM@UHs-PbTR^P}gxdvU70<9dGc~?c=q1|0PJzTA)1;j^t
zdAfI!(7a^DYd+`YKR7)(Kf~U!Ld4>|h+>r}Rdu2pPCdh)_B*iZhu%u<bN=!}%%nU!
zH;I34WmI5E#GokRdC>eb3>B?D&}QugOP$9jgl!xLphA?`8lfHtfnny{61!#w$%ic7
zJ2^kI?rSvzLLQa%M+}@!enqE}{6<P~L2v(;6j^;S)CMLO<BXMOFXStpDv1LvTH#~F
z6B$k5bEBhrv#@bcH%$?S!Z*;j8eVtjPQ%~G9lD1bR~EB60_J-s3W3JGNMQe2$7UM)
z9`9<3>&~Ao_1k)Dc5y{b$_NcUxQKMUjy2T6Py(^X9*(8-lvx_+sB83zlzf`8#CXx4
zz0liM)reG$i0Uel^*Q8z%==DgZO`(ygDA(KKasY&K@DX~RH2^KPWhOQX`G5h@;UkV
zDvQM<uuQPm6l9Z<ygouN3J~elA5Aweb>q0<QinZrX80&-8d>OmRuE_P6PPyMvrk|;
zIu1TWoW4ENZ(sI0eraDxz(Y*mHX@Q?a!UBOV*hc*&7YH$s?*&3>Bc8A-xNsDKN@oV
zAS7goG_Nv1HdK75dka|eXp}2avoX|;d1?lT^-WLgx}VeHy2cY4p=DbhAR!J|pt^|@
z*3qAL@9=nba7s1(?5w&T;O8PaJ$rEhq9Zd;inz>wh9^m2suLQ6!U{E2nJBf{;4cdf
z(J%fv<IXbK*7daR37<qUTA#j+I}fAP3UXY#v>-d|efbL6!8+!u(cFfs49(X0&4Clo
zGU$GwfQ<PxD&xEb!gpuiU!9(}wLa`_eYmRissS8^2e8KLd(}h0kgKJ8zg<6rE(g&T
zqpn(K;kKQkOJhHS9e&mN%q(i-qmC7vo+G>NYiE8dq%bC)&qJ=-op@;%oNr-In;ekB
z)P8-Q?pYQWOHfS)6%Wp})Tvo6b4CU{mn^O^I`yfx;u`RM8>yhXhtmo`4(DQ#mFLvU
z=T)n6&6ckeTR}lneTu5cP+^Sfus?m;>8j}UP`_RG>#;{)p<Ws>wpwwl_^+N9D6f`h
zHz{hZeHBHh)m?iF_R|<;O><jEmkh4i@}CeEq6n-*n2cL2?jCjprk?X|P3m8><%M>@
zGWLS?)lnGVu0&VpYi`)9vo7>o)J=_jeaj0rUC<)&X=*>OvA?@%W+8&;4}LwbXqtkx
zQn2U9){7>(VjD7Du<ts@6-;Ke>l#XhqEoaQHy6&zscTIYX#p#F=cWDA-;-HghuYq*
zkB^z1oDXG$(No)|MAiB~SC>#HGzFDq)@JasyH$O6v}(>*N1d<3<%Vx5TaFGQRl;FZ
zg}&oCm|n=JSfp^BtE=k!H}xF)p#EENYHFY9$``6`Kq%?BWSD*~XqJfit3{fci(!QU
z6h#wNR&#S|v|ZDA&OmrA;%glwtlm2~54e%Y>b*N{+bt2`{+#fF#ib*^`*c-xUO<(%
zB4HO$VRc9yG8oe=x#dYYdjk<DJug5jqt@yK#VlJX!dRC6`O*p^B(9IgD;kf-MGrr|
z+9+mxI=hUilJ#R6&%&A`RVk9HR>X6t=3&wbV_mn)n5GvDr}P{&75>43ceO&-u+d>W
z2ge48o{AiG5qk^oIr`BHZm)XX-W){u)?;j4qnIZ}!&fobzPr!E_C62$^cim7gV^;X
zG<C7)<{&avB4fefb>7Hg)1{7RR1PX5S~?9}$m^8MXnAn>;qc&lbOa7AVpGSsDtn`8
z1JJ#A+?&Wu$nq60*ey-d;K%UJ60(dYx`w~0LQU5?2NDKR$*p?kHJ2q36QaM{DA%+s
zX*?t2d;*%8p&*-lo~NK5lxQp|5_T?(Z=;7Z&;V`y_0^SU(=CWV2ED+TtWMqx&Y;lu
zjZBUHVv(sc;{`N*!AdmW@u*o~l?cH{iK!I4-(v7mZKhIGA@ET*5DbnVI5~P`0YDVP
zo$0V(zeZ!8C7xc|zSmb&3-yCx!+!maX9=Y1(I|!qS_QXns5Gh~t)xtRJ3>{Alra@o
z?2%URYWZ0A{CAlZPMnTlTVyg4nHEo~P8+TJA9?ltG1J=KK~1=1zw}7i&|b+)w%~5_
z#(T3tpa&&asG+p|=GnRY0)w$8rMwn?#X;lVL&`ME`2yns;ju9}27$GfdA%_ifNhsv
z;kKg)zCw3XR<^ggTbC&PXpsQfr45b^f|C&_kWGe19RPAibdY|?r`$;0W@}(vM2OH0
zQ?Y6$97thq=Moy&YF-F?5QN~WO6RstQ22(+hK3V`=CJ`(wa`G--xpxxx0Z6bEeuH|
z>^jjrWJ$AxrXtgLC$ywFRre0K&ZlEwrmN@81xg0<Dx#z@UaxBhJS^rRJFEWP*?1&=
zpFM(^^oeA$viCS<DKpwM4*{p70|%$pJ<v#G@q){omhsHTB9TRu=#q9UoaXmHLOV5F
ziCm;&TDymtm`$ZFZAYdCrc2)IL~c%}DZ3#9P!C-4U+aq!ilY*-<G=bV6ibJ;ZJ29x
zcRZtVcFF2Ok?vO&Mv}24)U9dR*{f+I(I)%Ec#il~hqB1Hm3W=i8}>55kvH)rm>K|c
zLXPV7coRoxi-3$SkVYW{V$ECs-do0}vlm>(;)WH=LB|rURjrGvMoqA%J)#m*(O;l7
zC@T(lLTHhz)3RWbg2~yMk*^!QX)wLQUmGBKUWiF8IHvmKjmxj(9b!=A-7fq_v}yBV
z8Z}O1Y?1djlB@zjHb+rKlxz&ArJ0AK-#j?L8kpcnYhW5fuEAJi?5UVuf_MFELG_SR
zF^$mUK2of*#yj2Wz4mY_rth@Fhy@SXlzgzJ&Tpg?9mZtgeRus-l7TkLI6J>N(6$}s
zV*6A^x)4=3xk#G2s_Un6*aUGOG!8q_IP8PQVJ|c)H3XV+Ve*8!I!Bv%VW@NH)0nX+
zHs!U{;m}R_u{O)v*5SpsNfrK5ZmSsuCCd&mS;vOpYz*$ib4VekCwCzkp+twr`w#8G
zse%5-V9+)YjZP;G{5N-OuGQ(`&;5+yy!W4A^WIopKb3D;c`J%*t@mv!2x6vIPlmMu
zYUNfCz19tcdotm-vDbpp#0d^nj}0ZV$t#|+H!U^*9zeB2TKcR)Oc@m*Mr=4HH@m~#
zeeE;|sV;Q(RKM9V#+U=+Jg?6ULLl~)9YS<FV_5{5DjK7i30W#=FL>b%X!JyzJp$a6
z%d(*%sM!-JXsVCXjO)NzD@j?a9$rFTZhoHxTi$p5OlPQh#nRMC4p0gkL<hiPcre-$
ze(ZD65X}@J7l!0FtO3fF)UxViJW^*z!zM+wNyQW_O?of)Mdp!80k@wT(5uRw@b8kd
z()Mo6HcKdKZaJ@ISkK-c52FaHg`2^N(aN(>pqW71PE=gQFa~Va3qzlWkev&@M>#G1
zOJl9gN<O>U;M9&HhG$ir=`FHp6m_i@qgyTI`21dvc&!f&S5wr8H<L<MvqIImI!yI#
z^i}hs?l>XrA^(rI2Zjh)8S8~YtHo?X+w4)RT?bZQ6MnmuL2FF2Tb8CjX5uzGvsu@g
z;rAOk7L6SZOVj9DwT`N!Z4G+&YSN@n^;*N`qSWeFV~FfK??HvPBC&?dectZnGK*)0
z$oQ}9$EQ-YHUOwVSHDkSP6;0PU`y^@XPa%;yw0NZaI#3an~p^Xv!Lp8Q-xM*)5E%6
zKMtAP04F)WWW^1G7a)8`S0~2tv%UR;LG6x%(Uhy8{f;5*|IgmPcejlr`@-=2?N5PM
z$()XRg|Z~yGTv{_dK}x`?cIsv6Fak?bN1dR1Cfx#Hbt-j(1|+f@BS>@NRR}0kz~b5
z3v11EECPkXtxy1}eq|-s?w~VE$Kwc<BO)j>|6jyMFnxD@rqMDC3v5}mIOmJhiaXU4
z@c!!Z{{;b_!!QQ&VMrM2t7=5!1m2<yW&s%HwMm-V1gRnpRh9CyO(Is$BeDqS30T7a
zm7>(VnR)_VrIQIFfQEnM&g?VclVEZy0DL8mu7=i=Fo*pNgP<I3<9P<0F*d5mAqomH
zPZZ7HIeQ|b(HEj3PkgH0n&~kpG_KQmt<XQRH_l)J{gCC3D*6ZAL#jm#%b<~>Z(^pq
zq|Ca^?fHs`lmBAn?bH}mUInNq&ur}_lm}T+<5`Nba&kO49`ttmS>PHqJ3EJ0QSH`Y
zeI%Ju$c+-qMzoD5;8dOq0YwQEFppw&2=o>mQb&79^uY~6;6DfdE#@h_hhYSbrsW_R
zI`GppWV3YK_wif>Al{Rl?2RKl-kU?p5ZOD&emY07G(+9fwB|vjZ6}rhI(35qz~|5X
z@||5lws<%}u}Qw3?%M>#dbpOE?^5ij8IsNP(-^=Y5CK+Uq;a1c<W@F|4n_wDy<KA-
z$Sl?yFV&_37d8H;Dm#lx-Kr|mu^L%q?B>~57E#ZLkDP@^R?~n*R8Ixjy1q|Xv2<<+
z-(2_(ElO4E7|((Pt))?j2VK%(tZlV=B-hG{grEr`m&yH6fvo&lLCQNFog0o7dVjhL
zllQUEv(A1dI883ksn(bE4tEzOUMll={*-6(!oWI5Y}A&1u~)sP4Of3cC_qG*ujXsO
zDTK7;r_|4>5o$}S?dpUmK=lM+AdG1HMl{jPyi{heSlPNc?Cd)2K;Z}zI6uka3wjC0
zQN=V^WZ_yD|5t14L^xNW^|(^{UU=!h%Z$qT=YkKZa^ol3w!BS<PG=SMEb6nKXic%@
zyRI+Z{b-CBly(@ErW!#XOf&Y9v=#j3!EzP(YmB4n6}6<X_ai72>f6hxfC>VT>wefD
z9z53}7Nj-?!-&EO0+8S|4n&q?@Z%ovjH(2TN>6awsm|x(4!2DSVa&%@1%mqdtFQqU
zx?5b!Tg*pWR^tjfQmtbS>0MQotgYw`q<77#r7=5>R-PS4OU#a=uP{5xbvDnAqa|m@
zQMcJ~w9M={T4Ht_wU`~HZ8VoS^E6_imPA<}Jmo)7aPm^_J=yP4;S^t=gQqk>KF?!k
z5~d7`@N-ByhhO91^7>lPHHP^qWQ>$*D$iG0QI9X4o~7(d0F#6_Q2m`DGi589p8TEm
zz%w}n&wG-f6r$p@Rt`Fl&4)>lX848)BszoiTn$T+y3;Q&Z{<<fRvy*2@@UCc9yPb}
zs9h`7e99}6e`l5boxbE1h@W)}{;j8Y+TFD*P75$Zf&(v1#9THls-O3Cbsf}*Jovr3
zX+FKa6gWVyQbL(nZ1N>p;Qk2J0w$q1=3i?TuA5p*!Cpt~e_h{LnfkpP0I-ot7mM?=
zIFV1JQW;W<TkD%f<bA1b*}TEDL{j%L7k0Wuv((xOG<pdCC{#U_qX1LW8_;@RZsBZR
z=PV%vfpT8Y{3V(}nhJE4&aR$`3x07$%4KYn#*=oT9?&Dm$1z_iLZ!Wx5vDXUPtg%S
ztFchTQ&FiLNI!*E)mGNhkf1<t4nJM1Xx0+g*2Zrc4cW<_jarLq>wAWh;+q8jrBDz5
z!S(Q69U`7PH+)c}`Hyz6Ek(SFv(-2kWJP=zFe|C3Gok|i>k`EIK422(e^-g~UzZ~8
z7is%8(tdZ(J~>pszMvQPC}zLFIKcNBUdyn0kT<C_^|@7~H4^*>44HP&l*%3nypJ$s
z1-H%?r_K_sF4CE|OdGO9p^vI9%WQI@vYESsLYJo=X^y0xGlZkT6`bd{|7YsKA7zo$
zBoLFpoXuf{`s$@to774Np$cN{-3!_;SJlBcP1!TRD5AFC9M3k4A5(l7MPP>UoxH15
z5!FOwk%ZtWfpar#q7Hk;sTN<hEw!~Yp&P+C#%U})I9$BG9)Uu(f;DL2OUV}0PQ2pS
zUc-<8Gc1BQl<V{);9&vCp&dD!hka|N-k}(MJV!8yLhTk%;f(M+UZ65Hb5^9eB72N1
zlpU;#IYt(y!EI}L4#qxLoF;RM2@X!(GcBJ@To<pKQBFDqo@|61a3~g%IV?(hAuygM
zr6A>|*%SY&nJENszP#S8$(hKDfczYzE;nBNd@b<pRfW&NIAtKl#YGA}B7$_5KDZX6
zsG+)Wj4}hq;$ZhWHnv3*CHLcLk`0I#jlFWLgqrfp4MSa*T3E7Lv|7v7`Ux8)RRrnl
z2*!5Le_p?`M)eY&tKJI4mc7|~JDIbzYL0Kx<vC1qez%fh&Qyy0l!R=-TZulgenP_g
zFhZHNOG2<e;m3}>8K!KH|Jf!YsR+D5FlL4`2>-K!V8(y!rc=o08tIz)F0Vno;#4Y;
zzxQ?SmOCnE?LLC>t3?7SZGM|UpOPr_Ll!Nvh>N^92!kK^KFj|t;MK;0UZod|sv2Ke
z9OrPMD!G+CbxBgz_u9i}X6oRrh_VP-7*8*XM;Ak{WO*hRa<H3RxA{PQmN>jz_@|=n
zlFyvyvxfEuF_nkL_c51iZ{wR;$^!f`HsT)e58(XjMq`MI=QV(1FeT7OlQaTU71{wH
zh^aoZrlO>WV^4qQTxU;muA1B8uf{QEkZEfzb%CaS%#6Ic%!Rub^h`Vzzk>{kYa_$K
zKs_Rtubrx8`oAY7CljN1^(xImKxFE$uVlAg6bZ1KTPPy16t?axk9<(bv+b()iERHq
z6MYCoKp8vbH}I3RkK;`6yiVfaB~U?Aj8=HnYY{gAW$4X+Ej)8F@!556wD+U1h~hbc
z%*ksjc27u6@upV~CZNKDvaeE4IiD*Am-b!~*TgbClV-He7k)c|U4w#5&E2JxF^X7+
z-m(pZ;zapA$UDml?T~t@*!87xOPd>ntb#OF=BL*<P{4Y96+B$llVuRfkHYA)U(?kR
z)g^8aXS8}>o+&a-74`<TE#vY`obzkmCbK+Bu-_6G(*zO}n<k@AvWb}mm6{?(K|+v^
z0u=j5%2|11pf&}Tld77T>U#UuYAr`517@`z&RJU<itRx(O$5@<=qqFESj3AhSYXq(
zjnFsf=T|qP5f?4nP{P7%u(HXzNa2ly@e~ntIi=4y8N14qG!mJtcxH9vnt82I31a#V
z{f2z@PJ$n!vuw*_c=9{nbou{?$m1!5WaRnIiC`z#$XLUCK9A`cp6mEhy&{8ZjQKzP
zJX75~Es|TJ+q91M27bCst`YeKQ>H^dnT#pzaSlI;w>Cs13{Ckiu9<Fk7Q-MyXIV(H
zpSeb5UW{lSc{VQ(UFHeZ%XUA~f^c^x=kU`xnjk_@kdr(|5z3x-G@rZ+1C`a}H;|d_
ztk#lWg4-~@Wl@Q*F!mUW9QDfr-D^q+I)nbKG@lZJyed>)wa_y4;ZF-AnoU+A7fKc9
zWlOOotJFf`4IiioE^O6jLPt)4s06dtK(Gy-X!(Tri4iC-+p{YuhW|I5N7gJ~Kpe&a
z-;zcx&ql(x?+UYb2nGwGVEu};{kr((#h6LAJ*i=Ncc|ECD+M>M<s8wOjA5<R(K4dt
z48=?ZX0zWd<`f*Z{Usv5+syk-G6IS?56clE+LE#=nEN1EJqgUJ%HdX8ydjn9v<GFW
z92|><<|#{I)Tc>U4xW;;CiCQ@lD)-OvPj!&Vf$2CjrMBGhyo@_!IFe&R~knPg0dZ=
z(2dojrLxrP=t%QxZAxzCPiC>&qqnDQ*Fam<*E4_ax2#=RBZxSV;_~ayKl}9FKY1~D
zG3=E^qk{uuce81Lb=BuZ3s0$)p%3`B)ph83A=l6sYM4y8#+_2;Nsp@5Rft08(hJKe
z%;c`{X)^KRbS~>bfj7em^}={snJXy1$BX`_$>b`X-^$Ft;Do+DmX}1AvPcQ1#9amI
zT*HO40ySFJQI<qi4mFsTlcpxc_eO$#PZ4EQ=$ZLUu#la@Pw!ObYeaI@$VJ)Ix0I~(
zsAR@Y-O#pF{u<te3aa{`hAhvfI--W?4gi@yv?yl@IV9=XLPAvTih0HePy0#c1TBe1
zcxoY;<!lC}@;uLW<z|bqVf*H1>IqE3e<C7JJom#LehxiRrUGwZvNJ~v29Uv%9RTFH
zqY$P;{i*;yc!N}sy?%y>$t%$mWVI*Y3uj*AzSQvd1t`_%pwtzA+opC&dmW*95<!OO
zUiLC^j~9Ego98g;FW@{{wvNGIFgQ9m5dR$v2Ic<_4h|3hHas{UjP{3z`}>D~8;k~n
z!RT*bu->NHQ%V^me;ce^SGjTDNV3R?qWCJ@#wP?#qHsE6c~Al_cet?WEGNu~=E;fH
zNm_8upRptY&-y=w5u*K{BRmE@;a2CE#d~9n8D#_}s>1$n6vw^Y{wY<5t^RKLy!D++
zmHPD`Ks4vaUG{+Mf3!c`-><Cy;lXzOZz4U&`iDtE_c9@HE+)|pVhuu|<?06@f@2hk
zh>G%!5++H765vb-#26AI#<d5$mq5ZiJkfa_xvY#?`K1Z+PsGbognWjH<Y*3=KYMMk
z=w_04zJRJKcD*#6zhMM2G*x$2#otacUk-h71ik=9!nq;64lI{tdYLOujo}b|As?Yb
z9A}(cBbX)nK5UNI45b#77SRk#hQeg3<WlCMZzKRjVTx&PjNE)c#a%_u#3d=SrtT^9
zbC0ub19`w!6ZHv9%%HM)=NQg4)(}g)B7&pnZOX23K+U{Q0E%f!5J>n3o=GA8=nYE^
zd;TV?ptC}}XW2gId|#U(|Bj~f!cCO)>;X^vw`%<RuOLO@l-;XS_<FlyV$m5K9Ujqi
zUOZhjbwPEko2;93uiPNU7bZAOl2bCr<Oj-!gYWEsVbDus!DfttULV}f5V+@+NIZ^^
z8q?Sy>BAU|5t!p3oP;O<kb(%uQy?N}fx8%g1RrOiKhqV7kev%@O_1S981%w8<F22N
z4vrZNV?_EeNuc<qo7^8G21}C0?D>;IvzmI>A~cl2rCPt`0*08-^5I48C`JVVRwrj2
z!cl)}EnwTr?D}4iqIbm((4yU1RXB%Jbe%@g4e|+MMqTAECmndG41v3eH^p_77bz{U
zm8#DsbJhy4Zk$Eai}&AJSn)5t@@)(M(I!u_F1)USS{g<BNtVSd?c@0z#zEe25A3Cs
z?2W^?C^3b>1|s>)BU5UY`oZ%hGzUp_$vr6|t!IcI3Prs!q{s^cF!;f?k3K8EMx${$
z1-*Mj##s2&Ju7_as}H-PAm|A;df*wLNfa{S&|C~uW0V2Ah3!)?7vZTFp?eeoMxc+1
zENTl1!Do?V9*1r<{wERsxEA(BRtx*?5@9^SKhz1=EdK<PIb`-LIQ8w%KP#hKcd=Kh
zKzwlD@Rf<T+XTeB;VGHciNBJXSicQqEu(0DkH{IGCy*e}`=2j|{n5Z1^g#a%CQyX5
z4iWADnvRh=2K3c`O=4ozrO7qHV{~GeiOm>Gen#x1U^yo6;6N#0nQ^TuZehs+^oFD3
z{-8hT4|||@ax(1M#0pOmL2XaPFDia2zk133lv(qK>pW3^hPW*J<@Wa4_%MNCloE71
zBZ$s$RE{Sqlpv!I`sMt^YNVOOjq}R7K&p_rNQb7rk0>>`8rBVY6yBp4QTqK3lYLVE
z|CgH60#<j1Kp2NCgj^~`a3MU;*bHTT$@R*yfV>N1hGL1S6)ivn$&_og1#<8nhXH^w
zADD<2z6+xW{12e*4E=>42`L@Mq7vZ{3D^uW@u%XXKr-94k}#eE2JetmfDvbt*Yqht
zK0`sjQ0j(PClHJXo`YXA%?$9KdJaA!z&kFbJc~IQHIPSv7&gHH&3Y8S!k{9X?8DKZ
zG+?D!+Ppjp^LW|y(P~W>YpP$=tnk=&0uHlp1i>KOF1+>&&pL4qSDiM+VR+DaQ>tp&
ziG$*MQ+JhG`mZl;K3u&$zxZ%<`sTtQBM!?y5j-!>Cb25tp~*?fdb@P5U;HQvU5jZW
zFi2t?per~>6=u#ZUthj|^Fi=*`sU*1`t)oAJn0Lr++4z?u-(0&H}dxB7fe}EVN>1t
z{?*01tBc!<n-4b^@BVptcJbktw>P)tMwERdOsbu3PpUM^%dCd8>$mUPa#l63tL4n4
zbY8^w>(x0e6%iyu`xI7T_Tx!u-MgzF4%!XDdhR^U+e=Ist*%sgB2|c<Mk}%t_;n?s
z&5GBY=GLMjIzANrgkXk!9G!sMv+KG}civq%PFL+N6FCF=cNrX_ygigojGU3zVVr(a
z@n?#%$1yX@yc9{4_eRHM%y4AOSlPaOV~Z>@2ZLZKZcU0ZOIwZ)T5$|OKyXqP;vP7C
z{kndy&fFGp{0319r$}E4>0tY}_%)u=xA6rbIKRxf$5A?$u}GZDO<Jd!%Wba1RGc_&
zeyT<I{{2=&d=>6uj;gZ9?bbC}t0+ufi-Rmo85V7}i5|_-IGK2Jn7G<a7j$nz_r}Sj
zl7Zj^P8Apg-_CCFnU+sYvb2bdZ0s7G4zF1bm5pC6lyc7p3(Gvi+z2pY?K+-G|5ePR
z`?1_cTYY8^<kh;$IQpW)p88K?8n1kzZ<V3i&Rkve7IT+v(yb-(>W^yflGVXguin$>
zBV6byn2-<)X%s<9uk@goFOdtmdf=Jx^nO~|h)SeDPsJ@0-h@60S?I$ITM-ChFSMXj
z-{;+2^iD2((sfkbWvXPZ$__YPNbzMXX4Xxi&@H}0aSNhZ@tmR|Mh$lw_W`Ije@<4!
zwU&OC1>t0!X_?n_UOxND!h$7x+xHPzh(sxRREMAJu!7pw#wXT|djHQeo4-Cptqkj^
zt;Tp5KRWAlE8>-^<tAEr{ITzzGbPB)O<rCnn6LBFoTyLISVw~@Y^*)=u)9dm2{;!a
zoiSOwB@(>U%1mj0&0>C;%+%SO>GTA|n4uGSZzoRXQ}72O7|aojsl2?3)A<+?d5;IM
z&tL=yN(iDlPQVEWuz31b7`q`eYEb&~8{ytKI2f2$Tp>gAl0xSJ;h1B6aVlw3va{=R
zJ^{BF+#!_6n0#Q2*hhq7EuAUY18FiPFvtuJEC-=RO`}6C;+AxrOn{-0I29H56tinB
z^)tx2(mLxYby|v>U!GfkwQD2#>+K>bX+E-5CWUGqYunn06+`QA=mL%V{r7Dx`TeDO
z`%fMEXcg<vM*HvK;r?;a{&RSII2dm2KR1z9w*Oqq1)0@&T<O2-vKn<-r8Qb0%JLQK
z$VLl6o3Y~BF4^23(aW00I*fbT*<^)SMdH{K)rq!c2C@nv|ML0-T*)YfavM9-zgLWC
zU3_OZsP4PdHTSdH<f_-0GAyUOIxTYXE$xA=<Uf>0%w@NMCjXzKiv9m^aJcpV*+^QO
z{I}mm$d~|4B3>1;Nctu2P&(}f4R<MJgWAd-V7Vu2CRJynziHXgYW=H_j1RQ_M+c+h
z^7<bR2ix_(iS!8cza_M>vcr*@pkX}i`<Nh1MP$dam{Ei}E0ity%SxHLMGF_EH9IP~
z%*LI3M+Jj<$7%n-{GP{svB|?ul~+V;Ck|Hjz{<w#rb<B!nf%+U+e$R3meNZTi$*9k
zWNV;~hVBV1xG?f^DaJ%KF~56P*I{O@od<*<F(1M>HzGEEvO1pC&ygi~kPUcO<)rdq
z34WyBo=*=?PmXU&Z(mn(?f*K83rs@Kk07Nh+yOQE{~wIX{=cKa(RTmeL@MdQYS>S&
zFSG5|guN}8XP#bPstuU-e}NSARN;Os9|ieteD^|ZRrkX&VsN;pLjI^n+|sF_vAEjJ
zO(M>{JimL8*zOS`@>Mp!sL)e9&tV|X=l}ZJBlNJzwf+^<(aLN8Z*A89(NX#S_uz25
z{x_0J>t7A~S+*n!V!&LjwpFSYsKUHzSfG_Nc(rb=McZ{vm0!-#qG}vcPnDGu*tnL>
z7j{)boEZMq*#fXhhp#<q>q|}Re;qGC4eNjZ=wMjI|2f{S|4pRU>%aRejp><EA*<(A
z{%YPG`=hd03$HJYEz>Nx&%bSpHXS)yv$E8MV>@znmyTKzR$f<Tj3vgS%8P;HEhNSP
zsu+>G`3hrUf-C|6<X#PCrRG!4!NLA|s<l;`+fy_aXPKczjZf@BJ2xh;+q{S{3|^_w
zO=4SBi=q5;%a%CE+2(8m`h3mYiz4hphF%+W>8{U$2-jw6*_c`yj)v)Q9!m~^j=oj=
zZHdm;ggzI68?Ay?hvTuSR1YF*mlB|+d|rzv{k8;YI;H~l!vhNE7b$rfCMTdb{Ku$o
z{I6FOxl-Ew;~)R{#|CerT>2jutzjIpbwI#1=zqtDhvoO5!Pfp~L#ec)^stv7Tgpgo
zHncbAvx+dj=Tw){^2}>{lhT?VPI8j19}`?0Rqna7-h6b3Zgw`;j3H&Ux!PiY73ZR!
zKWzcP%D`Oi<<WkLbXq2@rqOo;!c|4V$`2~lKIs61mGzbr39B9pt61IvhXp_sPLO~L
zsd|Rm#6Cgyh_H9a*RjC);Uz*9c!z|b8&>t{M4$2z%TooED^DJXDT+-XF7un`$;Y~v
zWgmb2SvWd5zFB`3Kwx7?XZAwA_2(~^U)5wX;fE2^=);-vln_K2PWrq?1*VvR3lGYD
zYW1BhKs(eeI-3`MH%E8}2T#Dw?diMQ_tzh8&fZ;K--1xcML>NLCJc}?1~`@>3p4kV
zKHw*?0+AvBjS|H&#(MY%3M7<GNEKNw)3ZOMx6M7iLq$Lti94ev&~rdB2n9b><KoOP
zWj|1TRV|EMq-$Jmsv&3;s2T<N#t`vR4C9FY|8~qtAw@v3YYM}uKo`oBr_HocP&&40
zQ+By_PY5eof&(w1aiWY`OcXaO)P+|F>iz!L!q&1*<c*8X<(}*EKX<#)H!VXqBb#z|
z%qm>L-?4-5p}YP~cs>fxs>}0&Q>)9_buHe@x#rZ}fw{qu)pnrM>#nuub3Xd(aDHx}
zwzU6qz9_0L&>d!&-3hMb4g1~r#5Laktic7K>HYuc=%8%>dpO#@|7|2$?0+jFqqS^l
z&iR1;05xJ|EiM7Mcv**6fR)-;a13y*e;t~7@52m52_m%5l4T75n%@5h!%F;*;nDW~
zcO!{Us{l>HI9FD(sN{Zx)1a3b06rCegOit_H$^cbq2IH`#7A*hFdCAxSQUN=dhjF7
z%W1f2T^Rn68qqAR#d(ez0#P`IV<@uM(=jp{<cv7~DsTDIPF<IY%b4?Uim1?ojLtK@
z@Gi_CvWrFgDb<;BCjx;jwQC@H%6JYF(EES>PA$>+B_%aRlG-llbr~#^*-h{YKT->y
zttZFE+2xG1VYp#3Zk%s}9~=AT<TrV<EP=frcithEl2~0316`H8wA}e|PnD@%Db_hz
zVjABgLc#!LS#?Wm8d@nMMy4vr%ICDQ=<5T=@^u!h2!M=4&bIe=`geN5|IgU~f)Y$a
zhRH&6>&Qsc$t3*b`pV$6ek9F*f9<Vko4!J7)c=(4KEct_Mxgcj-*A6$Q1$;l-ui!U
zBw5aXnG9(<|K-xsda5I1=!<a7n1p}GXv}3xaRmVJ4o5XGAG(^(Zj&U9khH}~!k-CF
z6J==A>+O{8!95XyYX^XPM8@iuDPrQkQAp)KK0@ZtTru~9kn+ybMp|d@&U+x=+RO*=
zYEC2LGwVR4@f^l*ih^q#{0HX(k-m-v@GM3a&B0be`x53+jl-B79qfVu*ahlF@d;p9
z-oQa|(-<v4fFi^Y_)i}b^o4i$e+My@5z8o+K?fi~68>Mr7QkSP<fF<Hptu0z1vu01
z&7LB;V?W)N{uxdHCe<#H=xSFuK({cA8Lj4^i1E+r()NZymQwI6+qh?tR^##;Q(unG
z&u2O^zv!S=Q;8q#OLNIGhaRknZP;{aT$L)-q`1Wz&Q84ZG4au8Y_&nHc~#^oVnBU+
zA7{oEQqKiA*3l*MI`^m`u~WF&HM%@0_jILGf{^-LQCujoR2|98vo{L;@{l^jLyH+A
z)>wkb1d};<{R&)OYdhEw#{v@X)z8<WtP;3cTMG<G`yr#PZL1a`0(o9e9uc6UuiuAk
zk(ptOdogO6o^B6;8XrP!;7z4PhI7!?)TwNS03$G_k?d1E0T7&BT}x@DOgbp|*DV%A
z|HaFOjOOEA=>6hU=(0(y+HI=Wd<|S!7<45>+s*aNRiZk{<tOz<p5Q3-L)B*aMJa$E
z!vIw?WnJ+ENO(oDd3fUP0WuWuUZ+C4I1~R8ab&Jlc{v=yyy^!ghl2jl*kYe|pRY{2
zgzS)6q)~#DE5Zy6l`1#7s>@vK+I9J2ZSFzK!hQnY=gq0_Oj)>JYM1J;?(Hbfe)$_`
znF%+BB9FKEVw*xThEoLcapB!hQ-79MQ=YIZ_jwIpbP@YAg5&TH)SkDcJI%7$+b3_m
zq-d#@@Y-^fL_anbhC`}Ze5)<DUTDxZ<!i}S*X>Fx%)Tg-x%$IBUPybiRXW-#GAnGt
zBt)MWiltY(OD~XSOZrD~!xf4b94CKmh0R*)&pJit%n(g<-$ob)W95qyCJDw7?VBT|
z^NpuTf)EMgsg_*UY=)pSN3AJuNhn&gBe8v|J+eNho=Ejy#WZtdX<(g?5Q$;LndUuc
z&y|ZP>u0X;MFa%`pSZR`ZMsJ+NavT@aR>u46*JJz<_N|yPGcX<QC!bwf`jTD>MjT@
zbJAMLGMZy815K3}OL{G>vdT{>m!5#1Fe%@E0FuTrKVgS4_~jJLae(?ePj;Rtkq>I}
z0fK%{Ln1BOK}v<8{5!?xYwX{NW5;U*14O`uR<E99*xmCqVqp>?gEVElEwsNQqaP*&
zO%Nd{03YFkQxCAX448#f7>r_3>uUrlqJ@ef1t{RkH^b_)xK4-=r8`fA=`fCk&ND$D
z5dnDo8}eCZ;i;sE9Bt5pQKX3U`j$b$m;}lc&?#GmX+X0eSF*K>`*ek$3WP$H8%0oU
zh$iB}vggq*m8uz9(6ZG>t!WDzDn7Y^p55T`x^LZw+?NFQqfdo(CqPWK2`X#eQ`t}Q
z4;E2^Q>H%67)y*l#Z*SIkER4_bvXOYcKB)E`%5>$JXPqHn7`#sFn`UO+3p768?jm2
zruC&R??2-(4)~1i`V7=$|93nr+y9LYMqB)!jig8O{_{#su7`LA!VywIM71=oVQvS2
z>f4ly6`D$Q<YdPKRtv@!c8mGpekr@f6$N$U`VSzTjWHwvRWW7eFzF}(8rJ{tcz9S|
z|3`zv?fTzDay{4N!)~f%!W2fj#-6+c+Jh;=W9`D^o;`a%ieN<9tEh~%^E82M_FU2w
z4nQ#zq*W!l%8ZQgi8y%)2%4f#?@$s!ADu=K=so+t{U7&spY?y-{jdKL6+P`q;-L5R
z^XSiBEwsj&ju>UPI4)KH1u&AvJ~-M}ZY4L;2B+usY|Hj(UEkU;gP*qXiZ21$w()c~
z1ZZ2wU^P2xn;^K#VUOBn7CobF*P2U+@1QsADLfi9Pgv`6ySrs4lM1GYIK|YG>t^&_
zYsszWS9NCn`KOq=YTD%ffpQ{$0Sx~;m0>2=rl~i}f0RUcF-OaXe`t{ZqvPSIg8z0r
z+}eL{B)Q~&4cNNI`%su5+5Bjwx^>6@C`FbjNU>GrTU&{#kqDlE8-zfBeF|_abUj20
zSYMV4t}q4ywIaEj?%lnhd-t**^?&<QEC^390dq_c2oQr|B%bvMN}|w*MI<c4SVMl5
zUDk+NQrC~}o_qpOOjCmL+eLK`gkwO%cp52_kh>RDU&hhrV7ySy*#t)s|F0?}<m?=N
zGE6*P4hMt3^G@=i2%!7~;0eGn(v25KlUQ6I5|F_X1mGP~rw*zRRQj?on<4TsqzJ%R
z*E$cUGX|!J0m@SU4g{&d5MeWv?YSkM4i!syK34aIl65wdEDE3$7M^PFTMZk6?u7!A
z%S`bUo!y@1H?(@_u)M~kT>8i2Lbnif@frHvV%(LL<~za-BVjz<<(uQK$X~SuD*(+%
z7`xs(IWY3AS^JaH0vHW3v*=kgho5dzGDY?&S*of)p|6YPK9a>=KLLCyh))ugufU_;
zL$h%06%S4a7q+H#$Jtp2=#JIm3P;h~lwIS17V&S?vJ-Z8JQMghLovvXU}|pX;W2YC
zOtpx!te!CVq3OKfnk*d#z|;P%YE1tXq)3FM>{UpJtzRJ#&>0*Z9?^7e!z^)Q09kJs
zEYUy;@kVSJ?NLE?%_<uLui2<pW2)ImS%SRPwAwy9*9@{$#sjJs^L1Nh`)#x9VWY7_
zz8kop+E(7UU@)8z7)x+a1uXI!#@r2ARCd<s+g3;&NKwfh#ST(bfd}%+ta^34nXWq7
z<RsGqUX!OpnHPlQ<sO?SO2X}_pXV?s<POj{oxXhf?CkRO<@+}u&M#iQ|9Q8?R2J9)
zr({|;mEAxTRzXq#0MbMG>x-KYS8vZRK3tu?xiEo8I6prTJTIcCOhOa|>I&3MrOS}w
zM^Q)wFcvFI*dB2;y~2#@B*D|^n~R(4)3Ximq<7u?3dO~k7`<kOvasR5qJ@Po5s6#O
zi_(X};;O_H=LsiV)WfI%9Ae!VO?S*^#Ym-LKZNslI6|PX)#<jL{>ROS)3dXSo0|{6
zUi|M5m*>q5md3dD))pECKT=y~)Kyv2Y?I@gi?eqZw+5BXa9vkzOU}<PemZ^s`u4-S
zi=QvwUTubLXPq@XyA`rpCso@Fdwu!p^wsHyv)6CmpFiAOGq|z#Ln|)Y45EvWoE(p#
zNfl038t1zgR6S1pf+@3&@UQP*UA()xxV_*j<lR3n&n`av^7f|E6@?wXM77hApi1M~
zh`8Ip+4b9ZZ8^Jk==LqvM#1B}DIZP860k1B@#VR74gH_@?=C*vyniL};x6A_SyoS>
z6-|`ewt=A-#;lI3+l#BytJ`+`*r>JTM4P#Yhgdf|?=EiMzJGUi@!{upZ{J_H;K@nX
z!dS7Yv)7jw)|Rib=s8c;)$XX$%F_B}Q7g7e)pk1G+HfeBI@r4JOzbh_b*T(dz1XjL
zA*1=(VW|>D!g)tfK<X1namy90Mze7ALKNPk7*Tpn@VJ2DI%6#P8I=GNIY-5K0LlG9
z)=fEHL~l4c?hpEd{;&snCnv+69f3BBDLF$hVzWPrpCn-YX#b!%8T}dJJ^st>t+{T6
zjXI3ZQ3Myt1@#0R4a_b<BowD)`E6)^W8oa(lw}|Hvu^~!ApCASsHT4oTXhcr6BtG*
zLANu4=nO}JS<;SF>Ddl79&e~YRv_%jvslB4T8`1%I9k|GK-nRO`L!A-|K5U`dr0=8
zaJ*+^Z_SF~u_w5pG%Eg}9hzP2X%EL1tW~qt@MaN>4N6ryM$)c9-052Q<vFVTW3X!~
zQ%-7Kxi<BIl+94gLh1S1pQkK^QJ*HEUFXt#iwqu|qL_IU`*(;r*$+a}sy0FFM$lTd
zebTPQzAbVUnbWUg#(IXGSRSXvF(%ocE<SlC{THY}%kmMBBnVF6R6cK6>dU{H)w;?o
zHA%<Qq;90g)1<?CR|04}Z7F%WsWdLM-xYKldu>+SW-DrQ{l#JtRk#xiHF(W6Xw56K
zvm8#d3zye+xn|1m;_Vv$lAjli3$`cVGR{COcsAiq^IW^!%u~w17y*G*z_1vm=wABn
zo?qRFX$<frBgTIhRMaDu`Vhoaw^do4{uC0*{v%|wUu64?R+T}<a%&|`C1>9tY*SDz
zB`O1>a7Hwl(@6PHfOUZ%8|tzP{8$+lSn-cLz!=w9+Eytw!WcJDTN=hVqw9b%wlCQ#
z5V)AS%Kz(m#g|OHD~svN7s40`r8G#nAU13gGE&0E1FC>1AHygDegx@EGJ~K$lZF>M
z3`!#i`6^i8S(_P7aD=Cen}kdGGaOS!4A>GOR9sn3ESvUIKl?7sTXQlZ{=Z`1%w@Jf
zHOjW#@-8-tN!!FKin@BttpcfA?RjKsdhP{{PrmK8?heE9l_27cY4Pw7@g+F$3?l~y
z(k)ThDJe)7g6GE1AU_+mIA~?hQs%h3-<(<<sfx^s4N0*^8749qN6srPG3z{rbz~JN
z$->Zy;3E<T`6>7V5e()C##FkG#_4>FhztS(u+Lxw2ucW|C}v7M4X{{a3ZtkHkVjc~
zy}<!G0fU2qd7us%nitlSCojY7Cr5qM7kz5$^koi@#i6)+LA8D$trV19oOatK%9iaT
zjG6YSy?uRS8=&&(QvPi=R{nBjj*sJ9`gKRi`r^?}K(#mz*PVuE>bz$5TGHicEbZ8S
z3M2HEoM|UwC%4NS9qSH`_3Z1f_5-5+dYc8kEw;&|P|eeMbgT!#rek1@yvd8SWT4Ys
zM2nk<+P+`QwS*jpbAca$$)e2!Ydqf4V*c+U!o@b#rAGgc1P4J#Nh*Z!I1Q%VBf&QL
z|LqUT{vV^G;WqxqMp765U(=THJew1*<eVsb3Ho@R;25c+R0|5A<UVZPB-kp<^D5&%
z>5p<<&HBh4Q&w?e(KfHS6I<5r{i1cf<iBij&zma0IDFy^a$$U0B4+&JB=sPEDck*K
zU8zz2uLAt7QiJ>-4US6jzlX;M#|K;azlpR?{D<~fr?yD@;?S9i+df^yewY0E@Kg3y
zY=J`24u0HIOc>|m(w@<g*}|3a!y%jJ?Aj5n3{b>6K%kw6m?;+EC(Eb$xlxz#;U|Tv
zy>U`Ba`|n|hOaHQwrNeN)&9RM@RLeS`~TsveEu5_MqB^?jil}VFGYQ8_^C&w1}ukc
zRR?KRX<iO-C7ws@AXlrwTy+Mz`YY-p?I-A?P)QzOW|rIa?Srp9g4DSG%idn;2A~Q5
z@$j&W|27zm2HX9A6R8FMPm@oSBa$<pHg0L99Z}k>GWpW=Hi5sVC_~RG`O(OCHHGHV
z>y^0mqYw#yr7vK7bbw;NxYRAqFKy__Hd<+ZGjC%p*1wRLs|bLm_n+Zl8~^!hrRCm#
zst#D)5nJ*n8?|kh1<B)nwOI$8n6hiVygmU}IOgI|in=rX`;Otxri~8fh>_5j<~hp2
z=pRSY->2$R#vqv@<)T*bfGa-BbnleME!DQEZE7q3q12d{+6J2B|KRwjeE)NJuzmmE
zNLuGfI@c9lm?kzj6ZK>ao_+u)FGU>4X3Ka3KdXoCXdlkuA2@~|Y2U|lab@X2Vg%4C
z)u)749VBq+C~3t7exO5T#Wt-~KZt_0ptN16)q&w{MgMn{+RFdAQr;dw{*MkS_`k!$
z<1POCM$*^S|4q@WW>^?c`#vTJOIcnP$co4^hlBPU+ECfsoGsRSN~pKmb#osTz!V*J
zya(p@%vj61e{`+CvMY6BLZ6Ku2+ueh+M6o<EIgue_;L+-7DG^lY!jy|^H`=Mt#_Sw
zx?K5rWQJo*RO@pm2n9T0R=mt`5hNx|80V;k#!qdq?JL&i%djDv@vh2D<--yz$zyOn
zf4t)C`3tKwuKhnDXcC3f88ZVwEqMvpu>T(%?^pK!(P(@A+ej)MHL_tZKLG6gxbrJQ
ziG;EbV-aOpu5o>#KSgnMvh4i02fUTyLb-SPgdk5cyEcod7Ge2nVxYGV0~mzV$M=XV
zoYhpqA+IG$ej&C$D95-@a8M0)?*U7Q>-u2U*;|QJ1kkT9sE9{xi|J_P(Ggu*_)2P`
znZKlPO&2p!f-?L-Gi+FQXhVa`VuV{-8-elxB8V2cu|;g|wMK}p#K?XEZdJtAl%hal
z&fmi*3?K{RDbTZ?OMqNd$T9*IAVw$v3<JvGLXb;i7DnJB0y1s`z$pVW{E_E@_c#nd
zZ;DtCgfR^RIi?xi=i*etW=ID5r!$;J0T?6YKpKEBKro6H{j6Kn$fDmt@9qW7uYXuX
zwTZ(k=-;`zwza*au50P|>Gd&=tI@WbV{EsItlbn(+ZHF=89Un%G20peyD9FqJKA+Q
z#<e}NwKbk~V-)KaVWpcyY~x5<`@q(@7Ae~%*tC#|d^4UA9EX2Yg8qj%26zH!>d$fp
zTQR%Vp#DXAhLJH}O5N$&rh+}jZAscLQB`q1n$dNemRmJ%)*m&W8mDbd-0<$_m`?it
zl6JsN_CLp?O8nQuqpkhVMv~?JuX+Y>JsspZHxdDM6@`E8F<=d5)?tX4cV+3(2t2GQ
zV)ObBAe!Ttu3!ULzy62E`<3|5BKvmzZy>cf|JMZn6LaIH&d@JkCo&FI%jw+u8n_e)
z)mER#RuB&wP)@BvBcM}#Xs^n}X5L?}uujfsU>)Q7l;b?LkJQw%hZ-LyoaNf~ZJR!P
z_()KBbydu~M%=okkjcJQ?5RS>ZY1~=@4T~004f9LEJ85$)O_M<tcgYMjzguxPgU9_
zKG=b|>%vl%2sq+W<&mktfA;pqVZ4X@8SeeJk)ar8O57pLP!!>wiPN(bu4y%lR|PH3
zxgNiTuB5Yuj`aLuzcS2^umWkEAQ&wE4bTXo1Po_pXFI|20YIN}p-|?k^s@(i$SS|(
zbr(KaVcQQ2S!#gW-RSj?mE%G{GSC>3%o(%79RjQ&2w02IWVOQ37NG((;}?$_AkKgj
zPQS8pNg5YwE~8nKG~O$1;;q5*Tfyab0nB$|Xs?8O*a(~72{^xj$I3W4f2^A_E(CDr
zPFaM!?p~`E3EY7NzLx1*!%Gb$cr7S+BVPwC_*!lY&Ea>Er9li&eh*@LP0$(iX9)Cq
zz=A+u-D-I${<qIdJ?bsDYYVz>(Wtmbe<_T+tT=zp0kU4<3Jp9@^}k?DaAI#_d6@qE
z^WO@!l+^;0t|0qwo7N609DIA~!h<%Uq(78lTAfkqK!-SW%SEcIk&3ON)zxxXidVN>
z#Ja880k&#Kq2vRo9d`Y=VH@A7I$vMaDG+l7M#(KaW{8NOB^1GVgeZ*`07eo12<G9G
zK!!Z^9K7I}I33Yp85yxAvUm~{u{5E5a63Z)Qku>M{wA-6%^;J}Aq12;1s{bS2aG7r
zXbI{xjD2YWqOK4{2o;%og2_inBuF|zzo&>Yfa89#O+h%BAVLkieZw>jWbYWy!AIG2
z)ekt17I~|bXcLw%rWAQ;^kM6GEe{?%#kk^gMo;0V<5feaIG?Aiq#9$VG?806c#3hk
zTaBJ#tgW93^wD)uNwMpnb!A%Jy{-@rW5rwFuNMg84xt2y`&}?b>?1<4UJ4ZKfi#&C
zC=ED3y_VueQFkjW^|<I6rhGE-jMx^nRnZ0Ao6x;+GHG2+ORZ@eh(o4z1>#t5JdLIG
z%)fjfj%Iy!*+>JGAO5<o8*51|>_1Qv;l&&+>HObp|8;bHd|bhQ+}eL_CUvs^%D*U^
zaCCNcO&d%^vgxyS8<7WazN~PvHaiqAUq`yc)+D8UXLYqQS=N^2Yg?ym$X2A*ydX|I
zwZ02s0w3QC$3wqZXesCUankVY;LfVe6gK`4QDmx+?^}3;crf;tzi@Tkv#)XyyL}F6
z=CI>)$Y1?#d$~L0&gZt$)lWU+b*DMkRrRB|JzZ1m>FovT(if<kGSgklmF+4Kj5l?2
zYhIZ&pZ`}60N8~8cW_+Be;pkkjkf3iO{8_4|E))*<pKoOk|<v^Y$8J7TCOI#9(Nz+
zDg(4WM1KcS1t01<=6kztZkGS61Hd-<{~ir1_^(IDTl}AmqzCo?T??9OovOPQI8{T_
zY=NiR1gC1J_Gs}`UF%<;PCee+aJ2xSP5R&A!Jr)f^XPDk|G$w`edE?6|G)Ua=Ws~R
zxQKWbBikzL@x9ZN2j<>x9$@G$ixaX7EP+IXS(Zy=yffKw>u1Gz+R?dq28p_rOmOJ{
zTj~XMpTG-n&6F0!5cP3l1C+e@ln_K|E<U^rrt$<_YBLv6TAui?&1(pK%_0~&$xI7u
zR$VplR<?*PPSop`ot}kc+EDLjZFofeU%nUmc0#@sl1u(8+Y>Jv&=t0T2Km1~I;!A5
z><_l*|BWPz{<oI!jg288TgS)Cgj1HaUVmI7?&9Yx9>C5M@HUPX3VKV}S><5R;RJ;2
z2W@A}H!opnd?_nbW?V*oOtNnw6&6>jBm1^E2}{NwbVo6?HhTwvXPAIzoSSElWYl+e
zm2iC)w{J-IO4c#Cy2MOe&#dBO^s}rLoL*m6W*G&~!ik<(yVjW{;Q7vkounlaNB*s8
zIBWCj$pzy;jOOE=WyN{c*r+AzvA2ISi+ts#HdnBg)zr+8bvb?QJ@b1?RsB!uwR1#g
z9!x@t$UP!^A7&^@5TSjRbXNkK?*9%)gYx~~!B+p<Oya9bzyl-DvktvCMKKcYU_K&@
z_F*s&W6#I)IgZ8YpeF&o#m~mtR>U&3PM?W99lyC#tpv?6|D#;(=M3?;R4*sj&&UY`
zV3@Mm8yw_SN)n266YCL0M)pE;%zuCF@$8yfuK$&S05q)s(eS7o|97-MJld}RO(a8I
zd}cbjd}4^iF!~Qn?jj6>YM>u;ouw3=USHmbsj}<588=FtW(#v2z@fH_D%&hxTbO{(
z_{27FUl-VN8`Nhz*s>b4k9y3iAj4(89u)Ao2K2ZBT)Zw|?Q$1%2i<NPT;U;c_*)^<
zmx44n<2pQ+@D$(BrRZNMb>IKHgMc@^{|)xb{$Kk?2iyIBBk6nC|7(E5*P{lk5j@<=
z&^iFbt-ZUP#l%)p|8-JJ`M;7AaJ~HBKRzB+&VR#$ZT#1bBqjgXCHwO$8FBS3{4IJB
znnHik13d{WB<ykXJD4wE25E=uo89crWdg$p^g3Mp%u~w17y%q3fG0rm^&DhuJqLxG
zA@g2mSqEpw2DFL|v4iBwX2bTaNf~PpltiHqi)I@3F4tK*Tk1L*R`HXtS1Zq~H;h1r
zrpj4_s=u`HUR}u0f_-tl&$ZKmx&@mqr|hL%iC6K#?luo}sTR|)TW5SXF4gUu{1u`2
z3&=D)OIAf|?{0gu1Q3qX-Mh}&yNRB|``hCC{T%c>-|zr0`hOR_y~!MSWRk;3@%r|D
zG<~%9QcCtjv^t6X&-?&*9v1^%5R#XLlE4#h5-+Wb0(c(Z2T|<#QHWyZr6i&+XN)B$
zdwavtaevSs^oJ*-{o{WC&x64|A}pk+Rc_@8omrzXe1~Eu8|B;rq3dOgKJt1~hCLt8
z6DWelc?2;O^MAb@g8#8&^ve^0@i)Oygg=Jy6x^YO2>VC@!+dj<C%OQP(F6;WJ;)3&
zJ|L_<i<m|;c&|b~VoJkt7=>)X_h%o+G4e&=Nrolblj%6k{J>`sNK&R~@AYSp=7xC^
zH%s`FT8atuCl~~PV9faVVK0G{e#9jBH&^y4fid&=aZr}x|L4riX*a!!b+5OPVk1xG
zJJMzzRK?Yz&dieG1d(|t%r9+~P6(cReDVmit{;9_ff%Rok%SBZPdKiGpY)6nGkh<`
z0U~J17a`fZAMQO!Reip?BJAH;$(P5mLby%e=5tm&LUtHAS)hHpvkKabQe|z(!tOe`
zLat1f3ZFk2`%wWGL2p|Zw`b>Px352(USFE93=%q^x8JK2_~q@*?bYd<iw~FA<pR}+
z6s~v_X1EFQg26X&gP<K2qOjHKZNs2!Lto~3yXsK2m=#Oul&hi8wqaRp?s4eAMzA6y
zw8GeEfpcRH%Qvt57?aJSt~eDTml{*Z;#O!1*_4*zBf_{2F)MszgclDyA9|B8LNBd=
z+Iv3i`-By#a&k3A__4lR<_;~Iirg7U_D{e~N(fHH-LX(VF0bzoxU>{@mtq=^3H0yy
zk%3EP0jMY-7JW$3bA?x2=(i_a7E%x+*1t)jko|%wyT*h)+XZ1P<$JUcm+c_~(DzZo
zsHj?KNfS)wko60Va%hgUq6|LQKmX^`XNJ_<{crKLK+~;awkzL3=`7akRxt}J*zjJl
zua7xmB=p^|sz%4DtOYH)(!$0CS*S26;oR`rREC$`D9u$=e5d&OrnW)eFOL1spp;2u
zzAjEcVR8YG5X`WTqZ4p@cD?RNVeH2$vzxEgrbJysN(0<Nc~B;CRXErVp$Z&<3bsm0
z{U-d-`bjr#Y9bTV#3fjcGd(k^qI^YVX^nc)GAa^Rj_S9nqPA3$Jpmf0Q`ep&KGqGk
zRG8$hDfFwS&(2=Izq!45C&K3KS~G@$k?r!lnCb3bAccE4F_j?$89Ud8)H&6_)D~}f
z<(3)_18r<+_2Z7CmHcc-J=I?|ISd%{I*#{5?keAwewKB5`dsa0Heu!_?SAVjt&R5E
zk9}$+1kVwhp_EE-?r}ZyWqZw|yu+*@Nw_FJCDS?)?1qtQucVk0yIJYTAnSic3ybbi
z4_?ocz>7E6mXo2&^G&l82Boi7B=wxr%kzt?+soVk{o(ZW>$hj8x0i3PKD>E*zOio9
zfnPir@e`#`*14`)RYb2&U%kHg@av144;NSG*KaScZa>_-zC7C)r)rVkz2GuNnk0I{
zCb3<IcUdwe)X3FV%&H>Ap=+zMYgBJn&}>_F?!&8CEmUmf)gq3=4GOloDYe$K*SNPD
zT$@{G2d*mxYM5SOkNLLL{Y~oDtyaI%?8L7X381Hek!fA}xmoWTb@d9_CG>V%Yrj=(
z{pC_Rx|PW934J*<BDGjE&EcoZSRzxs91d)(i{p@kAtTFjdsyvkUXO}wR<S;Hxxn~V
zb^eN~^Rff>^%S>;N$*hN?(W4(T%QhCw=mYP&zZITC3HK>UflAownn(tDrL*8f^SP3
zGuhv?W>y#9u+6=ELhx_MXQ&YH;_F6kvn)8z5{M3fTDxW4U>}ik+>S~BKadCUE5Frd
z{UjEH{i{**t`vQ|ShV=nuszrFOVEd}(m05aJ#e*AU+E>fSY72~h6_+2=b3`JP<u*|
zG&JSg4k9rm3(%9J&;z|}-{j{#`>41GYoLPmW8$K8hZa>r^&Mb)G;qt^?{{&i=5E(U
zR@-)MSPuQGUI8^<0M$i*HD<2DJrN`x#agVFCY8r&G*8&#JR~RJ^Ml^2e4qQfJb&3P
zRAh2om=_x>RuO;%NpQnYNfi1aix$H59|a=9{Bt9&JBk?z5e0Z6J4A9=As(QF&jTDw
zqi}=>Rg*d;D0nXHr-Z?jj1BL@lp+9ixS))Bg3He?PXJ^9-6OI9FbD(?!=C7B81=zx
z1n;#am@svbGYrh(9ijk1f2Ohbcr(g!_ldH87g2MdK!lAJ`BVX6%&;IW6-odpfM60v
z2z;DjD)9hiw0y*+P=CeENaH0{cca>YZQ82b`;9_ok{4HE%eQ21wdq+XIrqT&J*h&-
zE976+gJ*3~j2}F{mBRz+p<`XObVaXHZ47(Wf%4K3u&i}hf?>6sEt`s7<xnPYf+IX#
z+$03S;0(u<5f~P(0GwHh{1F&W5qRon-$mFSbLY%sBbd3&=BV4Yf)Zt@rAD#7@N2Bb
z;8G5c)i7LE*HW2Ux-2^Hyy`CqS`NetA;s1@9hQtM)|Q77@~p{)ZwH`VLP?up%1)yY
z(qiyIJwqiyGpdw@4fRt=fGZMV!b@vP{V<{CJP#8gKX@)<rf{Z&SN93{PtfDvOP*PM
z{#y-40iMG!27mt91OHvu#p?}(-xB{pn^7xa*$o7u3IFeKzl{I6KRDdq;y-L6@mcd!
zt+qFEkT2AFJ9+6`%k>L&`Nt6h(o^C{uL+l;M5&#*jiXz-TcHarsxB^4Ti^)eP3W5e
zkg%7?0>GUB-6rkBugF|ppMWbI^AieNBq)PZ5)KF1%h~dFRCOj($?`T*)z>rz$rLg9
zWLK^1b2&g>IB`w90^62H!j4?KUIpu0P^s6}fMtBWWn5Hm)b~q=Ac#r}DBa!CB}hs)
z(vpK99fN?<(%oIs4Z_e3BP}_kfOOZ)>@)xSex7sQo%egs?9a@;u4}E|`mOJx5z6MK
zqRG-fA1w#zRCGX3WI~@heQM{rt13->1m4Sj%sK;Zh{w+X6wk{9ei~a0B@PGn2BeL+
z1)ZJTch_z#`v-z}&@}TP;fA%aXx(*FM>Zf${Ptij0Ld{7P|*^$?m<v@nVkX4=x8<D
z#g|+vzloUtx|1~H3#>e^&`<^WDmd!K3*kyUK7XkGe0Gtnk$Vryio$xJxvFssZu48S
zadmB&D}KBGtG=*$-XGx|PRp89M`PX4@@t6K2b+Q7F+xJYpFR}1+no958%(@uLh0w@
z8+D!8zKztLQN}BE|G>jCqL_tv^IVIkjh1g55p!Q*R5KhF{XxxhE`S9$UO+!mT2!1p
z4^SE&{x8aWQE_>H`W0<soTAeSp9Xf(-WK@szK<Dpvgs4(j|f#xbv*?C*p9bsSic6h
zfeixzN|#fxaAM1;G_?<~RIfVe$ksfuUT&-ZqQR_sfH(IhQ0-Z1ARY8}Ok0P<7&+HW
zxaj+7g=hIw{rq|L+S1Qmqw!u7U74&J@-8N!Irg@+z2XMGFIMmJ9;r@;Qf2R5uTAaM
zNL6<N`6ezvwXQmoTgufB>1m?ti^<Di;-X!arcy0o{;W-k7xQcFLM4Jys{%%bE~U>H
z?OZ7Kg33^$WO78*=7=NVXdX;&sWQMYr2T}rFcM+uPQzf~W(;&R=I`s@kJyEct`6A`
zU(`-U9^ZS@Tq>cj2F>FaogLCHsU;X<QD@S_{+LZHDsw@>oP~WEABn6*6>T)dJ5?ZI
zL$e>ZAAxc>$~VosnhOXg3L}xVt1E6wXGSX<Yw6>$ltePn^vD^-f&lU7XVdKO_#9u;
zb7qH0*&N57Jo%C1auU_#POF`XqKSP>*Zyhd@0$a%;ougku7oF5omILJ6r02hmJAp-
zi9K}sH4s~6vLR@n$?OPlV)Wp!eOPzNlMW3F<I4(OhlMVEl**SpbI$ep7YFWRC6sFs
zHPG$d|LDzen5LmR2Hw@2cg6ga2=pT^5Wwd2$F>w8OPQ=J*0ljJNj*|J3IXXgk!O7z
zyK$GvsAgO*bu`vSasXS`BfxYyI}pBd2cuSbs^MR12dqT`g-LJ`He|HAp-S^&v2zE)
z3wCEdn|NWNUeJuXe&eHI0#M}g-=aB2Xl@G^2pxlbvRH+CSDAm_KT`2f8E|`LUi#<X
zT3d*>99sBa*!vq9@Z219!B*Jrc5(S!Zt%8p%8+dF##5xg!}Q*zy-N8RyN-`6UXl(a
zmWD`2+BahzE-^96RKuir^fl4Wi9@~&f+VW-7L#+~Y5~tB0RIQLf4hqqvROZ@Xqv}V
z{S%G)1}G|u0``#SH}KYs0Rz8aX3N!^^fPMO+xv}McaXY#{OW7EVe~Fb3@}rg=3#>R
z#wWBNIGq_88#<veb5gDvwF6|E+ke8<(5>`t8P3!i?O;hrjlmP^rF5^X*n3lIt-X*T
zWZibgl$2wA?!L&SS}c10C+)?fSski%45VhX0TK(hmVnt)2zu=qKhxpRL)9qq4rfD6
z<AZasaC4m3o9GT}V?l*x-srbh28M+O%76WR_r<UScq*=A0tRKsDzo=0Ffx|!XG(ak
zpV&&b5{4zrGq~$IB%jr}w|o@#@LQ<GD$%ugw$Sj`oIvVj*GZ+tOiiTDgurKvRDDI=
zj#p?OHz$4(3f!|I?0Q3+8%mX4-EcM=b+ooDW;H!7%Q|od)GE}JHBY2r43BZc#sz9@
zX<iP|W57V7F|wz=P^N*m@zA{1P7xUEqgJ&@B`^1)dClQ*m)Ga!DA1oC2<2v{2ax&A
z;NM2({MIw(Z=HuXlR`DRog#~zaIMSHpVlS#yB+5))8~5EGA?n=^~|Q5;>Jo&b!Ytj
z$!2eENRm1+@~e{|xQa5xs+Pr$3k$LF#+u$VcjX=5h4;%dT$wD_W7m1WMh<xI(>p-h
zc^@fCia(qGkquOxmVO0q;|-#Wo_ivl!>bVVWIKLJ>!ThAjV~RX-!AeJTncOQ#B^=~
zD3gz+iE(gO9#Qow&?Pc&;|_M-)|v&AjVCkwP|6KzD>V{C9EE&6ymL9Y_@&VRx1R3&
zz>m<)p&#R+_|B5oGXip%!RnOI{S@__+^lc;;bDNOJyn{WyS3#SW@4;_90zJh08pJp
zHz2wE-+9LvxP1Y!mHh|Rihn;RMlP72yFet`BVc6jBx~AkU?!5Aa{RYt>6^I6D}BkC
zzTxWS=x_aDan{mISc6D<0(8`*2doqL(>PG$xFg@ZIE~h2>-VUYMHJpe(^wAaornNC
zSp#C6<G}Pe8Q>{!K%EAVP5KgMNRM*`bz^3@^ycnQY6+gsF0B)8cdp|r^V*tI=-?FX
zx8E_Smtx_JY&KN!xVm?k{^3Sfn7*HxPChUZL(b1WzsTDtr+(&~1ec~wIhMW+UwO=%
zEC!h(z1xcQWjsn=pi#<OgsluP!sV6wkZT0Sb(DeOMK?o*PJiSwMX(Z;mIX<eH=$T%
zkt78ji#npjCFSwrKk`?-PDm)J^K4FkDrtj-d%#!@2((;a#?4c2(=}5u@=7KXi+IR^
zV0)<}JLOqVP0ajR%#;S(-7U&(;5l^Bxu19eM)f9AXs)<m#y$Y&miI`&t*#5zDuODA
z>0baT*{5;N)IB8HQ`pAO7X&}yqFGBH4oImFL*C>~C(#faelY5^tnZ*JUAdaM8K|3T
z3WJxK)#qpJ03X4+HvrYs)(e!(Qp*i2#tL+0Iv;-LcWEE2_{xs(qnKT}^3lP)mzJLn
z_&>(%>QgAp_zs|@F*yO_{8w_ly1!hHdn?W1Nxa(KO~Oq!rkEOn&n$lSmzq1-+pC6G
zUR+;NnGM64Y-WN9TgIF@>g=6gLsDdJ8C}ol_>bFxixBF1!SjGWn1Pm(jUI2e^?tii
zLEF)+Dd2|(;oz_F82=d~Loj%iq;>)V6=Z@FF@)u1UJ&;zG2vOG^$PY`Q+x&Ad(a^X
zR^^{x9G62pxCSmfo^9OW;!qf!z4sH$X89m$bfw^tcWLL&7OPXbtSJYah{>QzXBT5$
zG2K{npQ%2dpzY;ewxd16+O!G51C1>?fcJ(anL^(B+NAi6g(=1IVFs?tUH(N@5Z}99
z`DNe^$Y*HTHZ8g;VMnb~Ve3?`K2K`BVxlOse3@O6ym?Q##|d@Te$M?y?{Xe*yHgOo
z>(P?<s+cQvl50XpcNw$f=%Ls@3p9`?ljlU0&r)4i>8p2|a=Bjc?VD>S*~+rBMb%8&
zSh)N5gKwWw_vbVN9bAIE{F20~4b*?F+-S5S50>R`r1&drVk=TBBbQz8b-ctC39n@1
zY8P|Md;NW`e;y)X_;-3GrI)bYe0M-ZRCN6Wb?Cu%?&F{e{deAG%im1@eD-$KhyIKy
zl&g-f8KLBLoCaswrx)HSmE*jpAAC*3U<6-c51O@*p=dNK!S!)!5;`G_;V61Z#v^2;
zz+pEMf??kZW+sh2pGJ=g+|}z9`Z{4qN%D6rnUW`34N{2BYO_r13ABX4Pmkc!^vIR-
zph2WJ_z?-oXi5Rv;b1{23XLWEHk%O%4%OzVLkPiH<NMfC2+HpdOe0bCF-A##_+I$p
zk)N&UPD>O80NbAH@8~xKk=DB;R#d@HvEV<o8xhdYiby(_b3i1KmK=F${r1la3I8up
zVE;Z*K-U^?_w1Y=(i<a4zd{8`7dLhzjayW7j5t-Axq*YEnFKdp?S<pu!%YUVCN@Ku
zbltL~D$sF+K?ww;pY0Y2T-z~P-1~owy!}T4vn7v(1L7uDxc7O_0_bp9_u)8y7=iG2
zwvTzC+s6o~-3;akVBhzzc$T@&#5(m}G`HBefU&7Drh*er7C4wy;$WYu(dDb`K%ps{
z71CA7>0ol2lPtV;NJ>Uw5{uv~v)utNiu5qwOP8ZYp2eUHueY(qr)tPr<W-Bt8yNOM
z$MjMC1zMX_r3r2@#M$^g(mMdtbq)yMeFXY9KOF+i33CUC+p70Bxc)ovj><0QMgESi
z5AJNc<|!6(olw=A7XP8voYVxs3>KW00N}3N!eWcLPazgMaOu^g-9=KM!E8JNT(qOT
zWr4Z_zQ@$s`WEJg+S$DWF<rZX+5s>ftqTGylGxq&m>2Fp^w_Zy76d-&R;OS}TV|e<
zPW!`rk+|ZrHC>u|Azc!o1sy(T%$~ArFo*B;mj47!iHTYt0Hs8nCo;#3H%Cv2p6x4s
zdJ^b+=S}r7J96{_hxuuriNlT6cgbg3nKh<!Z~mU(-_egnS!k$<etmFl>m*NqzO|^$
zC`nVO+g!$O%EYWiTk+(bk!zYo8zHx=wF<W);zhM(VPLfhI$}|^`NBe@p@bJaG4~pH
zR}?C%f+YU&zYjp*qC^zvDjb<k=YzCy^idsM#ks(tpwKw=A?p7F7oCuvdad_|y3D>D
z?HXOlmpdR14<FMeXdNnbiokQV$777oPoI4Dlr0#m41-W<)P(FDrd8S`g^Q}WVaeeH
zP=xYfe5O)l`8Z@Kr+IV38j7T;^?be=_g^Zou|6G59=bifNf2*&DWQ&+8I~t%uoa^~
zmS6S?i*R-vG8;s@tUt10_PNK8jG@T3Yn|KY`(J#MV0-43PB{zjz)tySGfJ#L+(Fq8
zc@i}N*r@u0RW#Z6(4{!znRhSGF({9D3;0`4h%H?WS34izB0?=-q_5Rq<vNMw^n5li
zV=byyFHwzTuea(22IKPG73cb?d#0bM?zdiuzQt}}cL9xUpcDXg<`H|e;c2;7sh(ah
z)+6)s@83jfic);w{B1f=Y#Am%?jv=@{00_yd-7%}y088Tj%$?Zw5DSS%6)A5<=>`i
zwmd=CN@QJTA$MX!<H>I;Y})&Qm+=Nwzga(DHSccU<}M!re>HP@>5Pwnepz1tM(2DC
z5l+&-26PgaL<zVo6KXNAc5L1*gY@RGyZG!^>es*jlc3j7dK?DoIuy?WuMQG%`<Z@x
z=BA0PB7Xlic&4@x5nD{3O@pgie~NOy%p4ShYW15H4sb|s8aJ1?#6;!}-HG%2NrN%-
z3Si^^3~Rs#VDh7#R~-rk9*^^8`cqb7^!9@sTPH=IR$quZPV)H7yMO{u=tFBVTgb6t
z7LJVob;I$S8({MT6LJ{2@rfD$F*r;<0@_(SGgP6nApBU%PLAlOrypE~S0=stvp|YS
zf+@E?drIbiJ13+;b5VYWqQUAHfRFAuASSW;0Du@%%)9PnZufY<>#$|M{r+BC>%1ny
zH+8hh`KVL-OoSM3$~VxO`|7_e(sbh}Iiz<q+qmhJf@J<nx)?DQs~r14HVL`rpmEh4
zVbZfeE7nr_7)LVa3f-z-{BzP#9Jg8u`>YKgb*tMyaO(aeEjW4KjKvyxX7$7BZ>f`@
ziovF1W_1)6F4J-VX2W$}N!jxUJ)fI%iC(_iuc+o38_L^%VPivARdw0n98GFkp)Hl4
zm&_~`?_umjA5oU8SH$CYJn#B@^^qXPB{+COvWN7$vW>BLac;floWg?1xL3VtjD!b6
z)vi5F!MTD(P{~K1@t=U{Lp2j}@BF-1)(Ch@;e0MFoG88z4!E64JM$IBf1<i*n)61#
z9F^D82l>7c`RTFp@5D5p>OCY?A&cqVi=Dg(gm|PJ-OLN#RrKIOynDhIOBZ4`$fM?I
zQZDhL)aLhwqI_D~d2Rp0;3!k8L^j|ASu<v*Z9_<>GK`7J?QAfeYNdO79mH<3DZ<_1
z?U@u`c-SS*UXni4=$$rG2N_I#&uE@IV-$_|Kua#{Z#u#en|0=RsWEWgi|1Vo-n<uh
zSfIBEE_(0JK=FU<hp#EJH`6uic<q#mQ1VnL&*@6;!;&}2b9NSn3Eh{6cHE6gb1!QK
zwm;O@#8?ILeRG{_5LA6Bl}!=GS=G{i<n-qE&&}XfrSy^n;yt&hnpxJw#lj)9WJo%~
zJeQD^on}uyB$RrmjL{}q;FZ8t<Zi(4t#GEr?l^0leo=u5QkHl8CERR`@%tL1O|BU!
zSb1GmXt_Q;N!w)GXuihf5JEY>VKRI_6^FA`P3`kjBhegNra+0je$kPvqpw}biCv#5
zOj61@>7q_2<=k;{%(}Y+fWQ5N$4mF&t&8NR8X#Erqub2`V)A&flXwpV%QiQseDN>W
zdkBA@lD$+HTJqe#X0qAu_#X-QV9b>pfGR##y7ozHJx0}Nz)V+7^K$jr?;<yRKVxg4
zT;1>EM05_8^6x&p?D+2Nm3VA}a1I9zZ(Xl=^#1)W<_ukZ9KU>ek@{Vh%L&Bos<{i%
zfWf*EZZ|iR*9S|-yDL@1p!M99za+A^Z)zbyLv5qooo!uhTR_8aS{fpp(CoTr0VTL(
z-!euaS5YsF;rbGBls0YfUqc`E$-Bxg5)q8!mSnE=(!2_PEjg3RL?X1!Gb;C4C={*t
zVQX89KJQ^e<Y5%MM-2%b3ZAibu1pe>KT{_s-jo25MPGibM_AVy?X2H*t<`M)l#Zx4
z;q{CF*ci8h63Zw{kDk=WrLX3oDQS1jJb#WNsgM+7%*=^@c+!3~zB2p$9rTIA?;?UR
zExWUwdq$fAVg`H%4odonJk<=>sF>DFm&U({UVZ}tJ$3_Cb8S4nM1G0A_9z3o);prX
zNx{Y$*PKw$ke>P!d|u3fN;oKOiu#SV)EtF$?om_4;Yg*8U=2~x`*u##dD4FsKfkAn
z$d9iA<(6UY6j`UinI~XkRN#{rUi3dbln3Z1;Kk?K;BRlIqd4-+j^=PCYjd-xB5n4{
zLF|=5{SOw$n-(Rdw?HW3J^Xh1{J%hq-UX$bBuK)?>DrWXnD1ex=Y7R+Ie34Zw8U9I
zr1^X1t+ytJTa@Q99`ofHUl9uQRQW6jtG|8BC+-XP9!E=2a}MokwP32BPOC(*JsB>(
z4bnLfbQou-C9P$wk8Jh3GpH~Es{Vj!jzPPC(oE<m__h;S<ony=f(a(^;zL_S_yg|y
zoCWY=Xx@AELtrC61aJ>%GXtnqXcoYa9&6ehHvZ0!R27y87EwI8_cLMM3n)jbSs)m>
zumx|ms0V0cTkgPFDk#bBYUR{dnA&`F>EqqGvf(q7fzkYy`hA*WjPIUn6(@8hDHT)u
zwV6R<ODoF}k?1wvac0v8ZLiMkIC(IUbXVM_Bq4*8c7xa;%x0X%m4)>GHKsPBV^*A+
z=}RkAjsQmDwC_Ig1b-18ipNqdLhk+-d(tH%q;ZEIP2l0N#fei)?;z6eV#1`3_Zsu*
z_gE~$6comgnsAH%B^#YPc@iBX{s6J=1=a64bn37gmOND6|B@S4)6#7cU}aNRlE_6h
zD`BZmmwB^B=ErFi;a%k-V8}TCP81;N1i1)~jLN-X{QTSh!S`zKLi8KPak&<PyhoYp
zapRMP<lS0vlFA+a)vw&+Z(9x?!*<wD%p<v43OdQ>UKDE2)T|jhHvaj^*xYI>0E95b
ze<kx`qwi3*_H5!}asRqr$MW?%se*plOlRlrJLln=MYSfRg!ZMQiKOdJ_vo(5?OvXh
zeidcO0=1RnkN;^x8m!-S==6Q}WfVNG8@OYke-%A<hZNu(1vbymg^_?=q9S0B)O9pt
zVT?Hxq~)#hk)$#)z6_76<g0Z4eq#+Rq*tke;p(aU{Il+$T@!SR6dI2}J&@Zgezh^Q
zCj4HH0XtSwt|F<g_~Pi2O4@UcHp*`JfxmP!dS*PLRRXuPKp1I@EE`XTf8{Y1K4c&R
zanUs1cQuHX22ae6Xsm1hAEJrVIYFpR)Su@34{yvR{A@hlJ-xSh+}TJ3@a1f{`XG}C
zC^DZDc!z5OPeYkd;Nd#lC9gVrXSQ-R%ja#n3UXRzEf2l1Mia=aulf7v`zElhqE59T
z=gyU&rn_!orVROiLN5hA$Q+K;vBJtBHkmiQy;44WZbx$04b8c;5@nm+a?^0y1OW-n
z*RuJy(iTLIMF}GNUy+n*8=^6CWc15`5DkM+^@DV{8bZgNbcmm7l<RAf%Dz+4pT$4n
zAG}k%vto7<0mqril*;-UqTi^n7v+zQLP8+(sN6_@0eD+g`S+%v)PO?sX@7OsMQLG#
z=xyr1mO>x?m+Q}^TU67o2Qv5FY<^EDV6#kXlzq3=<mmV}cCA?UaGX`P>k9ERAII4!
zHP*j^pnwpw&k4^w94PGPk@Gj7iHkb66)P;hBwV0>`p+c0;tnJz_^2FbczV6U4H;m>
z+g^>HzN?s2OuQCd`igmf*~w0qLY&jS<T@TF(tZOb`#_?o-i?_gDMd|gzBmHo7s>^Q
z#_#AJ-xVF-gBU6<ksw+&&b*28APlpmlyK05D4L{o;<eX!`{2*2&?ltRIJ)PBOjfj+
zy@AYJYK|I}$1cU|cXID_6!@XWI?UpklTN-2_g!<}s<w2v>#CH@ZMASSYHzJ!6U&QJ
z)orZ|zvvsy=AA|=tt=w`+Hb0b{9iqJLF6Ql_ep3x*OVt-?DSW6CpBdsV#)_nHs|Ms
zf^kuC*2+)~%^obJmy!8qZkbh>g4sis5_;gZ0&JOjI%WX{te3HHqnqc!Y*{WMc@J~y
zNbguUyUzA~Efui2|IrDRvt4nGf)C#@%<N;HzEE;rdI!-=_6dv#?5o?xvvM?k6dT@q
z!Ek0e|C;)>ybg9B(W2-lz1;08@+z-?X`>Z{PfIxPF6pA$V4D5KLQvAm#A9BE4e`hA
zw|{hO!OpjHr<~1eK-$W^?Z0jyj;QrKPdJHo37Kb<5dAv=!=mKYnpmRo`wW7fm*QT3
z<?vPpdUza?yIfn!cpiKFBmf<<$xC*>P(u?y?I#<n^qQV^Xt3*NIo=<4!4rVE`Lfm@
z3Ol*E?nK<EA!y249>G*(C%NJdXt6hWxVHbD9Vprw3g_Wx^9W}1rdpswLLMe%9E>E^
zk0E2_2#wcISIqEqF9IL^*Dc(`t5N{0VaVqBdN}Ot&$dSkG!gd<5SJ*=25{b)z=6qP
zs1h6;=rzOlcSi&GALW`l0f@!+4-I&Qi<+=mW3)#A9#tg%fwS@Hb?Ax{+d*G(S}Bul
z@m*qtN`;VXyf)G|YU?Eb*e>^pPbXYgv1#g9S+5J{!O<z-c(UO|RSRu(i`FW-p%Z#b
z>cs8X{z8;7bmSK6mz<Q^f6|rqGwoohH`2B!v>66oQ2+KG%Il0@{IZTRail95tlLZ$
zp%{=T$6xX~hE1Lq%?IN|zFh7mR7~w*BXtq02oGHR8kG_E@Iv!m=aH6EUYESYejOu5
zhoVB1e*E>@w$F#X0o5I$5Yd>skq^>J9N8(EI+vK|$Phl8DIvUiVynusjut!XummmA
ziW~V*@*!kraw%jfWZww#JXyQA=Kkl;jLbqxn))jfvg<nIZ;ad>e@k*D>H=R>-cow1
zH|(TF#r*^>_rg1D9EZodo`20<$TN?sBI^uxN$2Fw!Y8LAjSeA07;-hb6L4-HNhNbu
z-z<uhuh>+k8i83vZ_A8dxsWHec;HeKRnC+7d`7o>d+!vTvudYP?KX>kZ~P<WuOrv9
zKQ7ALvER%X&Cv$EuI}8=WyEiN@gw0b@E3$d$$}bT*Yd`gJ%+_(GY1N<JBQ!o6!cUs
zh+eop)h4Kzya%cLfpH2ggY~x{#KbK~SeA+ffQ<W3rT)|QSd|uY7$J7h4Xw&1OY39R
z-{=t|te!z(8R}qYMcDax%1$yfW12V*$1{xA_WkuC_Vo}#vTmbl4K6Wu!S~f#`@e{%
zqmJ+_s|+x3$bJ4i0SkC017;t=jdLgor~e7^E$}M^pjHN}+@B6Ho6ic@NyS*bl|PIS
zU;UDKpZX!T71ij#1nh#-yf8p>00+_{^go+f9;zdm6&M$*kd~LF(z6NL{Hmb-0axZI
z<7aVbj|FAY*v;7-n(|EL0DpwuQnhw&W9>sAX)Q>In|mW+YlHNLjBYsSJzf+-k!<Z*
zQhfyXJvA+i%p5-OavpQ-O3BDFs8eyiRQLi+x&*WeKLAKsN?`kwKhT(Q6|n;u6m|Mf
z?AE)3{J=Z?|5LilyLtc@HcOCe!(@Xu2ME$Ur-bC8ykSy(dI5HmU>^okKK<W~Apvf&
zi?rwBd$;(R!HQ()DNolSX1ux5)j~D68}~Rcy?|9VjN9SyzLg9K4*hozuDb?cY7cPV
z)8U-F`5#2C7BIX}1>0MVUaS{q(di^swr}Vezdh{c)U_@xwf7M^$UDbpJRY!Nzh+_J
zywLD!z(-tRiux`U8!I#6{ipwqToar^rM<me?X#JmmYrwUVt((1<Obc5<FUQozZGO;
zMYFc`z9T^=nbb)?bJ#)`?ZmPqe4Vc3L&$K(^S|n^d&NAgooxI;49^XYi5bJ`Ln=u%
zmBgCO=~w6p^{u*NA7;~;WGVpPzRLGkAoJCGs{{&(6O9!G^}WjR_<z;kk^fbHn|~a-
zxU14wi;v^qeWJ^(T-Bkwm^!&u0CpjXaxt{C>9z5vL|mNrceUoI(cPL)Wv?B2A2b`!
zp2y7cKABRGm=iEp&t39B%Q9w(=5N0&IKq(Rdw;`9GUV-m;dk3lyRRajo~!=pwnTDc
z=|KIj&<Eked9y*LQ<m2ulOeRH9DRN%zbZS&d{2KDX13ba{&^TIju$F0EsVf1c+k0F
zN6Ecn;gYfwj~qC%j|62y2r%h}ND3<2S1P(dN>jOPOS>`$dLr^P8_0S<RR@GPrNPv*
z%vDP5jRgH}=3`g>n{=hD-6U_@o-gu6^edD3FO0%=3Gl32I9i-)xfK#tGicF<HNHEt
zu4~js*cE)*q4lP>nmI%03*He>(9z`oF<{OxrP2DmQ5bHTaq_!w<ch;MSg!O~>Qe7N
zPv#T2Y9rvi3l~|YbA^JbRbVI?cw?`AG|&p=C-lft!FwM+K06p$Fym^m#Tj%R=zt%P
zecattF~<rRB*OWH#sCBgh;`<32y`XP2_d0&UZI{(F2XTLJV5AG1OUk72!xGnO`_Tb
z*n2eDg+>9y2TH&iH3N4`+J#Y48v&pP=h1H1XrakIc-6+GV%9H59i6_J9|giT9(iSY
zD?w=L7hqn_72t@t^;}vcNk0*Qa@I$UXUSa7BN@6cS|nl(u+lsT5+_ErE!<ba)+LGs
zW6JVtWNO(TGyk<GY1aozZYlb4NCC?gp>T@_=JF3nI=x-sd;xG`IB*&Vh@QY1x<kwz
z^0c^IAet1|9Y-%J4IcyPdFs|!x)<l(BWv$)P(d2*upa!h7nPdXGdRTF0>@sVw%GR!
zFE?qzyzT4PWIxt2R+>};q^H4ISCGy81|-Vs4M1ayClA5IZq1K|Aj!0NHitjEC;6G3
zMh!2=1@Y6~pH#EonK6aK)AmXwBY#SUkIMhY*HY?l0DyDk0umKaHNsm>>{##;vit!m
z^1vuv%5yzGSx1m^f{yf0ht?9W5@*luCaD|;ZV1|UWx`R6SFesj$=SPu-}Gl|+S^;9
z|N5%3t==^9$Nj~qFu@1qpVcqU6h;5CuDq<>`f1E-{J~t}7p}y-5X+JWGthim*{OMo
z2=dh7eKel`@?(!TrZ*3q8-O%Da(?=e=38>XpU|1M!NB|1mnie0&YYwB0m<L1GSP~H
zF-R&&_dUow<j~brfiJftX3aFbG?x)eb1Ws2ZjF?5JemCkU6#MbjMmbT;6D=%{I*OJ
zcRY`l+zl}+fn@y${~r|if&WtM<)C6?IMoB$s!U!X&y;8h_VCJts<+!+ZJEvDU!&MG
zOo}bqAENLthYoB)BFGE=Wc6#hVn|$aB-{!`!Fn`>>CwMhu1=_G{L3b1{k;3*t05JE
zWjzB^a3oY3pWzF}&Hu=tpFjKCldR2lFjx|?dw-fv9icH!j@-9?`%>@|O@e!5Oj*OF
z^)u~Hyd$Ww&9f_e&9>kwJ{yN8j6Ev`PceSasXV|zS6{v=XQ5a%_pwzAAHh=>Zo<CJ
zeyKkt1ethr#+55VrV^HES-SNr7Xi%w#X016?^KurbSH5{x8rxj{r%O5VWpXW50DCx
ze#QbZ(?wrlf2yXv=3q~U_puaao|NOiO{os!^BJE68WvR^ypmD;7!wcW{lGW=`qI9Z
z;Om&_s=;sTCn?H!m()uC#hdjq^A==v6hUWiHh+-`ma=slWB(|1fV~loS}#4K!u|GJ
z@c#qOqLyy~g^dB>lRQb{>C_DU6C({{k8~d-;k~zD4tc&zUL?hr4F`)*<r@pxsG2uf
zU(MHcl|TmhhyNF05M5>$Ij19SjzZCo-%0tl{~+1Tv|ig4=$z&M)cVr6)#rHglFI3q
zY|wj@y`!H`J})L+tm)3OL{!v*1F2zlCUdAI>`CEyt?v>y?<W1~>%(j9d{y0kj9S(2
z!aryBsbIgS8(Ths<=VM~Ac2I^q<ys&k9U^s+Kt&*I*E7Rh=;P<Yr1I4&D%wne_x2_
zPZ;HTh#@P}u$jd1dkG&!#nD^s7gKO_#S>mrgz*(#Wp41X-!NY$WdU(r-p8)1N@R+V
zM}v>)OCnyW3ZtM_feioEmf3Ta)|FweL`e>g#it4JVSI|bXrD}yt`Nue1y5f0hSLT$
z&5jD+E@!mhVPNNLm3v3-XU=QU8g$o>;6p4mXQtsrPkJqe57a%WIJ+|Zxt+X`+QS}F
zuM}-lAN&@cv`A2jHje!v)ziu8Xb#9X&1~PhRf#(&7um*QAp516<WQ1J(;in@@+4Yg
zPEE#6Wo{hv3pB@Ai`I<{+d>!Tw?yVBzUJ2y-{EBbxy9X+QWgIE>FW|74yAvAew-!o
z9N0hZcDJM4*RX!@kh?80>Q*S-cTusG3o#M1J&6dERN?FKHIr<^d+oKX4TqXMiX<u>
z#i$Sk#3^r!$&Ic;|JDhoXzaU<=+t!i&mu0G;JT#l36TmhrQ{i6G~x6@Rz$TMmlMo-
zb&TroV&IbO>!DvOk4l~Np?xQ<7xtEshTAcQ{VBIbcoGlaNC7wxJ5NC70zJ)^KweiK
z+Ydqgd)o2bsC1#Px8R)iJt2M|y&C)xd)i+{i$h*)+c+}&8VXDE9g@Cvn`CbGC-}uD
z5o%#uCeX%}2|E4E(7dLU@e;60up>RWAqZ_K-Aqrwq9`P}Cr%1cqfjShZdAJ*4OZzR
z-DD$4D8*0UOj4_VX}c8ooIoaUlzHnr$qD)5kEQs(kwGk0Et(G|h;AMWK}sBh-RdbG
zt{=DOc|(Z?Wb1ybg68C^7R@0O`@I!wdskX6Gghlg_W6sxRQ}>EIMyasggFGaYJ&k{
zL6R=TB|g<>J5dEA|1u^pO$f8G20!DC496XJ3RP`4rRsTPNM_9&s5+cKa;s2lHiyyJ
z;!w8<KD6i>o4T@*6@Vt21dGCb_e}&iCk?CowJ&a-_XzlWyUB#`q!wsCPP77|kKMaE
zbf2({DS+m79VqY{7FZ8Rj9)50LM2}+Sj6X1*x;5a)W^tme~vb=VI3@%V;?<Ee`o!C
zI+>8d(mO+ollh2<yM!@AzY(z**h+TiX!J8kt}1C(-(;~OsWH%<U7KO72y#~N*kwtT
zIk-*!AT_+0BJ);#MzYyX-7KTjeL%2sLqczjU=%@jHBkm+L|E6@<WlB><A;lIOM*=l
z0Ff4|d+EowJom8N-FwC>)Q}?Vg<ncPE8Y^mvr3FiE^#^O6Y#I-q`n&}ZjrUu4V7>b
zM$EoteHr7^-mn?Aj)<S39(&PvgZJ@TBwICFQ^v_#LbBZRFM_|Z3b#Y<*Qy-!0`<Ld
z+mCCF5lB$2$UkXUmtQ+zpVYl`q($7ufHb%v>gZ7o>f$e<R#i#5zpfUP^ER(6p%S~F
zGZl}DZtgndQW`WJJkQ{0ydR|3ZMcrz+drar!-21%NEi=A@dIu@D%FrIGB!)LC#=Gv
zMcR<N7Vl)6Un0P6yYB+XegnuGjWxi#3kEI#pcfJ(0L*m+8P-f?p8?A&S1M`_0P345
z^R|ut!8H}en&b2K;UH({YLO}6Z!{d>gbJX_R?UqOH&gV>F=rUj;Sx0865`d$d7mel
z=j8s;IGOZcCmz_czUUP2;Ti1acC*VBGuJ+^%+>UE%r@kh_roK6>gU5F^GXx3@h8G+
zlqXZNCu$qE=9`>X@|ih1No$e6yW2IVEOV4PQv!=+wKZ1R><i8n>a8M6zr{>F`=aao
z^>&s&P21`By1Y#9LAD6G<F7Um!@NV6`$d1dH9+jttb`$VU9#|`(VuJ;FhS&GBD@3b
zoe)gGN}~is$m!{x#6V7*f_PYf94kBtwvk>q;3}zb^WcAIQQO49;Z93bqAa9pT_&}$
zG^w!`T{;7UK0ZQ@(sCZqWq<dRy1^MqNYsbq4r&uHo)oCW*)1)mh7BJP0n|UP8G9|J
zWe*+YPHS-JbIsY1bV>`bfLNgl^|*Llh<%xZda3s;$Kcg``gFPqh8QQ(oM?4<AJVxO
z!@QOxaN#}5EZ4|EH9Ye}z6bO43~{e`&Jt^Vdm#IgucRZKeqNh#EtHX@b<JCgO*Ua;
z^4vB&y9>gL^5QqhcfXYq{TE-f-8!5$Oml%ey4XP+D4t!<&_L1x26Qgw`7M4Gd9Q_%
zFdTML`y+zD8Ja(O9bpI}bM}b)j}<4(oHPfY?HL=(s|4rU`@ovN%L07Q%!W5MR@&`2
z4`;$)bs9D4M{;ES8VW^xhe~&5!(a2uC^>+5K|OiqPR>|`iP;Z(HL67swjG@cFGh8l
zwFf)it17YFO<`^jRpNPqmeA}S8fB9kcjOx$yhnp3GiD50ScgPh1r{Z22CB^W_?f5?
z)eV@^0}Z$ldL6Ic7Q0Sj2<Jy3Ucb0FXPESHc@6zsUlI|1`}udjySg4Lh-onf4u&9<
z^qY5*q60*Cyi1Rda@BaMy3VSaAxV(hq^~wt4~IC)PlqMF;X}su1|qC1@z-vM!&G5P
zy?<lXSAXc^lvgr;_)esXimRjD$8#Fj+~8AeL}UyG)wXumQ{VIlwRJ-l!Sf)aZ{OeT
zZJGNKkY8?(jTL!Y?1omo(G*NFppP}Q^&I!!83(5mjTkm;ipcWpBQD4PX%hUN4>-FX
z%dX&zz6Bc>10e(Sbc`_p`zed7xP5vVBcKUJhLpIbY;)OC;)`2T_dCrvAJ`*Mlav<6
z!J~F>agosvnAi)mCBCByCSL-Jw6-4Jz;Y&Y$dP~;Eo_;2CsDj7JN*5uU}>Z>>NMzD
zm_HJ`b;c6jrnOpYSFRkg5zGIe>>){(2;i3c`*h*9toYjf&0d@XMXN*jHPe?Z4xVS8
zi)im;c=X#m=#Mz%{y6I4Xh!=}sKWf5_Vb9%=l-3Z?pJ(I0jC|BI}~DJx=l>unc!RQ
zY`1vJ?=_tz+*NKbuocq~Is-Qr84>4nUe|PZ<ddSEvz$UJ1$NxB$sAnFC-34p#aIdH
zgg+%<7K>@0>DB4x@hmR<vKM=h-l!n)mx=|z;MN*o$<P88_}@MhFm(k8S*_81c^VOx
z(^%ke@@Xb}+5peN+(P}euGF1Kw4f<ZweT4eCrk{SztoxXZ0aqbnF#ldyo5BbjR3#u
z@1FygoY2c`;9aTVlrOp9%&l6jsbhUr&DOD>D^JKTQA2Rxy5-b8ICCd1`cm2z^b;fq
z2e(>WK%~bno%bLK&l|WvJ8%N{d3WFMNx65M8P&9jH2iyU>QC`ECirLe;N2>3@<dpQ
zGmtE*cn2rn%0}>)KKkT}zOk9gdrMucxV=jfBvx$US_n<Wn)zLbTLOOhqDDm-L$wIQ
zgZJ65UF{LhlwV_<LrFF@j=K+8ft+e4LXCO2dq2l~P5LUKEGDG{`Ci?4CA-(Tlx%_E
z?-{;qX(R8K_U)Bi$Bf5@>G#SOGVB*CO0-uGPpf%66bSH^wFwuV6Rxx5!4Rxg=!#Au
zy$e?%1i=S9Xr+?%A6w1VgZ&4oJ9Dj`QS~;H3`rhhQ7v?TxJQGq+Qtsm`6YT<bKA!h
zvn(OJzvw^d!Cez1o<y|1`sHykJvFNI$SUDR073&Zs??cDq|)nlWXL{aAD&U)yc^!0
z9gnVx-oB)ZgVs*1=UMngf3g0)#L{aH=t&#)RB$C7k34-iUb&SvGo{JSF{OD$lhaDL
z?|*Uva&f_l<woJ5OwGC>;?hC>XSG$^v!RQixHx0+8Gid?y6rTt^)lSkA6XWA5?AQ>
zflhrtiHM17h~l6;wcV1w{sGfR4Y|{^b+KxWdgC9=C&lOa$5xV159D6#PdJxY>1>B`
zasY>4*B&GDmjg6tzvKH0ahf7a-S&!(J5aN0KOW`_)GQh2t`7-4R)Xp3=zJiOOW3z}
z3>N0G0*PmnD*lJ@<4%$cd&dm%TbGdYS8d>)Zz8yr_8O;|muagtm*1{gG>#k@yQKxI
zIF9b<;%AzL{GFIY4i>)WWqwH=wVX1sklBAOJbHB%F&=oaGQ8}qM}(r2_^=sE=nyaJ
zE=|!VT}pk^O|}y)ZuJl@8{&h1OPrqS#u^2#)S9Z{r@+2K)1|)68(E9go)&z7SiQZ&
zt&Xhakg4l1?<&I@*ga6@FQGj|)Qcj)fkm#s+EU;-5SY8?i-3%Y5VimFMK_C3R5h02
zK`UBO!`kOf$ErD`Tmm%CuJa}rB+}?R*<dUxJ)r7)q}?qdY*Y(g{H^+DCAC21^28A|
zn$uOF+f~iy<hSCeX-<<G=*0dqZTTVX5##9SWJoT>>T_DUG(sWz?^m~4(!A?(zNV2_
z_>GBgoAF`AlF(;A5H9)`ig-w?VSxF`xilcKheRzl$oLMh=CT7Ut@^eDdAs*TC&2Ju
zJlE3@I68iaw5Hc4Pdd5i9?#-LlC;M@Fv|#-g&;vL*VGrVAp!(AbuR+}KFwmjqaE;U
zSzp;YM_{FwbYwse0Q8+8{cbB_<Rdc&4uu4RZ#12;oy*o#-S#fx8a^FlB3uu8`bT&m
zGbP<SNE_BphlD2Ek<9|{m;p0-q?3Ko6mTo@n8kAih~+|Ak(Z+$Skj`}?vYr%Vt|tk
zu4^_p<@2at{I7o%{K1^!KxgOmgES%*NdVk(LP3*oh~T1is^br_<UW-ekIb-O@>opC
zS}x6$Qk9E*5E|eZK9vx4qO<qpTzMqa(!<NPY7G&R-Kn5<^NhqJDuOJGIkJuEH`Ct;
z0cm8WfSAxvaxu}j_3cC)OS~gcM!XT86hVr=t!e}8`&jYE{Rj|o;#W(ji8xE+AL+u<
z^U9MAdjKEhYqCRt>K<qnvA6(BjbE}z0&A|fNjuR#+S*!n@##6#TWq+d+&Y8u?phM)
zpN>Zt(hfw;(g(J7ea{5)kkaZn@hI2g+pMfuI0%sjr$fbp42asdE}SXo1KUZtKO)-R
z#M@Yg#KS(!;t*!25;!iK4Vor`lz%7rMuqo(t7EkKl2S*Vn!Y%^w|5F%qt2?z9ICf@
zpRp+V6yCM)#PKRfKBNn|?sxuPVNuP(RyS@`WL$&vBP5vTO;Z=;7PY32-*sL0WZC7z
z0>8n7BifII8W3pG?`{aGNuffcD-|;scJam6XQPS%Ue1+FStChiG017jAip>wva{E>
z)ayL#Hge<Ng-dvQZcQA?Y-RhqehrBMI5qCusYq>Au=5`14jjoil{UpQwyo<JWE6^@
zdBpaU8{q7+J2>RrX&F&HZpUby@UwhLn7#EE4t%F0Zk34jLYTz8!{<neMH=5X2an2t
zxnbhfoDj68<`P{sy}QFQk@%RM2eK)|y`5<fvj$5)tTl6g6$$4nilnu$OpL%#n2>?)
zq!j7G?qpSzF3#iJ=^EI{zdD~S=WJHT9&Zt{z=z)A|K+(=;-}K=lD9$<a;8HkVG~_|
z^%yg~9`W^~8#Lq*?Csxb4p@5Idmwg^;2(R$zW}otx-3dOx8uV3*{vjAbguX7whwjn
zV#NB$6E5DDAqUmso4CD^VHaPC3RKe^9lv@7{mW-rk(fzDFT<t^$aTgZKcP(+v*S#b
zdMj2L)}0B{;0tuyy%p8tKAEc|?%vft$ZMkohv)gM?qo~wYQFB3c7G#4Vj;o$0V;{9
z={t69$v~jy&?<b|)z!pCXVt$l79VZihnqO&0E(|VkXb#h4bNJ!1i+TG<%rl=^|1$&
z&d_V*)XnRY(_e*x|7vwwREkh<!}>>oLX$84*4`lNG?yb6qMMe*MUn5+wZgY8;i1=G
zp-YjYVWppij>=X2FmrF_+HRagDiLS?Tqk(??5ZP<cU+q3Phh<27|OSx+AEVWPj6Nm
zauIu(`9Gy?>~O!<k!%U^-6t(Mywcu7h|icw_PSFPDGbe;K}623wfQ<EEN8>!Y(3bJ
zxv4$O`Y#&JH>>+c8Rf?6aRNn!^8UYrJSIOcH|N}9o*r`OI*Bv<>lS-9=Aim?Zl($Q
zLkFuD_dJ7eb+}$?9kD|p8Ih=cF*W;V!3h!6Uy@mZbZdscvjt9(o}LfL{kB}!u(kkl
z*n2*Q?<7QGs#aC_u7Tlhmag7z_tIjQnN-tnY~Sao@O_+@LWQTG%-+hD_5AxfB#wl2
zOuDu&U$Mj}Q|Bwy(jofD+fk)mNyg7*qa>>PS0Re@vGY<!u$rdP^c|V4^J5Lj#lnIl
zyE(`Y#Ds;Evibg6oJ(YIfo&qE_h$R_*WOrlorFT1GIkxIjezw79iFSxRxsJ0lZ?wj
zoEv>^4uSQG-+MSH|CZ+Ut@FQmFYH;z3|YL|Tvzrl<h!@*KF*>x3F|CnTl7?oqC9vu
zT&lft7_iKNd^2vx!&=$wwEfzfN$r7GhQ=PuRk)6nV?Vf~-<e|EsKdtPc`vy}J)7)E
zKgAy1vVYWdrxuRjmy>*Ce-pN5`>KA1!5g6@kU5-P@&Ub5=n$;W{ImTbkL3c*bRTH#
zHoFCumV*9A8enM#q?ZlO1`A`MF_&@PGPe$dJ<(HuKI8*xfgJ9_QPJC89YDr8YOysD
zsDZl1;^)G45rixcn5<q?LY%H0r(FWCpnGme0@&lQ#S%{$Jomp(Dja)(jm9Yo9ImWT
zdm_P3h(Y8dC)9onFyT0KM&BTgMf((9LxQn^Zr}|crj<EWD)%U3+d`A!lbu?6YTvrE
zaa2r#uZ8)%Y=Mjxt<nXbrovAKt)}$ebMzB7!PQT<Z#*Mf%0K^N09v{$?dZwl;Q~##
z+!9Rj&zR5MSm|E5oZm~TqK+f1V9r9|aPls0tvc-vYVV8uc?AgIAr0LKIA0(>OcMb0
zo79)~m-N1XVjec?u(|@99LB;e{%ZT6qUQ4eq6@$ZVIlh_PZVw7xui74z(pKHvggs?
z3+vtQ*`%L)(2_KjAbFv~>6q}+bC#I!PsG*-8F?nwMj9HBz*BRDtACm5wXYo}x^k}9
zE@sX$)p?wJ?Z?oMQtTdhoXg!1BW(BI;qVPv7f8Wj)hl?K248$UL+0|^8x^IhFMq^s
z7@1!rnD?$dL<n(}*>}9H{vPt>UoSNUynkEsIX(kFa|M}u`^R*K%7brYi3u`@OwJcF
zRzVb6gRf{aPuuLwjo8kdm5pp(cWWD8e3=V5Iiq86YOI@<XIR~x=6hQiG94DrB<Dkw
z_bf5Xms$+@1pA&N^Sp{W^X$(Xm;Q`eH{9-qmPd|f3AN8_Ciou3d|1!ncb@_L*mBac
zNq5{zAeValrH5zN#1GTP3P%D}%wk@ielSPElp@Y#c=j9md@;w2&*LV0>$qL;FRsDl
zzTNw!T|q{WLnz7G)di>D-%B8F5*`YbLqH$&*O0JN$QdeCfwx~v=cTLzqs2-5;ql58
zMqIE8WgAX&2IF{ihIo(xLE^5X8a=bnP%nSTViLxrkC8?o+oacYN5MB}`Hvx4T%i@3
z=jl$nngyFdzJDd74*+X^>CMJqB*^(_?ixT$k^{ASzPUyyEAlZ^-2(VB*QpEVDS~?c
z{kr7!Rl0o$qBeg`>FO`?;+(GgS~H&9`J55hF}&)t3&^xbA^<@qG_p}})+F3wh37sm
zZ}0xqk#r4fkB1SMHtl}fau<ut2F>?LFkFo^$S$U&H{D2K1HC7>kQRsaJ+2`8q5b?5
z^q{5ShS-<J3iL}XY2o&<F^uMYaZtXt6U{SDMSzYHtt}XN>%HK8h_pcDq`@Jm-^Az|
z41JDvCmq~s=7toScTQ)CQ$=sxfS<bFP(S361Ax7sR2CdWPB#D7Hu&)uMem+6y1~R9
zU$7KEezuKKA4BEM=!2wAAL(zCCw|K<X_uFSlPc%>SHaNPYON(0L*g$<S*aGqMPfpM
z(!?AU5<X5(XU%W+o2@JX#iNdWGvR1jljSW+579~0&AQtDXThqaxej)m9vI=C+Leq!
zk3}=x&5VIgs`vV;clw&QExb!v8BR`7B0SVatvN0F3wxFnE6RH~qpSMxQN7F6FIgGm
zez_pK13R76f=hcX<!B+bPs#aNDGn~O&vTgseol_m=yRy~#CgV47rmn4gCtwMohv<;
zOLvO3+tqba&zKuXwWECvo-^XEMX|>Pc8#3G>x>Sjo*+W<GVOyZ8wVq&{+5Vk<?J|n
zMK$^gIF^by<;?WW*=c6{nc$Po`(P(PFvFtZazpXkcs6}<BBe#wyb&j$dBVy=#n_3g
zE~B-V{~d%2-B4e(b$>R*j=65hw?_&ceQ;1*jWy3ye45-d*#$qEnsLGY>XVI6tvCJ6
zBGU4<l-PBtIxp-bd-{%LRLDP1X<}T=!0+6Lac?oZ!cpqOw;bs!^V>~SJBAc>6oi)f
z<<f5!%HG3Efy(r|ML((sx<f-GW2D8AfCbRF4qK~U1lHGmrU41)<qD{)He$uY<YLL3
zc&92?@{<tuhsN$hNA{~kMJt5y8kdDi|G-?v8Y~F2B^C?zCO|qH&2u}kq8$ddzB~I!
zdu-_FHLmuPhA4;i-4eS_rX=9F_xCYEr8+3=(Q(S}EIAqWCeO+ums;7>aAkLeVCywo
zDsR%(_hAW|HRAMw_>t2ro}w^noIwwHJsf69I~$oIr^eNch_t2XK|DVHYqE`}+=HBR
zMpO>^mElAG>_-%eO$j0-#3iJ)Q??lxjjmDhx>es*`flY{nRSkp%eO~u67nfErbqL?
zq*j(W=f!qf(ia6(K?4XXiODw7BOjSgBds|SXCaAVN}97Urzu?@H!rK}MRxcP_UFl2
zv`TXP1%1kDej<mx#wmKWn}^QIuY0C8pyxCO9W{wfcg{~yR8ZZ*D^52w26=a!!J0@L
zd9?(qFwJJzVQd@i9_A+#IemreW~8w4K)y(U#Bu#w@zLiC3zgKPZHrH4Q*v4YD}vW}
zhZX7{YZJjX)D6=U0us>|P?<OK$iKe|+sSqVM}l&eh9;B;7<r4`Lq0qA_BqwxEeF^Z
z!8DS`G9>K#jdrG<`OgLoXonO9Z9g@pkEPX7cOPUN5egW|YWjR~7ad{i^v&0+EJMv<
zD=JEed{IeRBb_R|-3r&9h1@N&y16Bv(!1~G*P7wkC_>m?)?W2E#S<AYJa?xee1y)s
zw$~sZu>W`UDa~4ziRl{~AzQ9fuA<<7+gh_E_%h7Xy~`7z@7l$FL+?@olbi=mri@a5
zN6;|h<0B33=3$|``FKB>|Ee{-fiU#O-pkgHK1~X@O8hXYd=?jU$9{x6Uib5IsPA_!
z4{$&E^y=2u19T!?)FSj?qvJ^Fe4cH*|Lq;Sk9eY5g?xe|TjGFqsaZ71{86d~@sx%!
zaaRFPt%KZb#3=8Q=eP#OM-9ga{?dQ`!k)0i*GrQ9SQfd6CM8_w7XU_ss%J=k*3vIo
ziZ_%-x@v>J#DultTRV5E^Z7mpCo&iP8|uXt5-B0uQT4bFG(rcBc0$XBaIhx&rwvze
zxge0j@AtNlL_IEUUS3$BcMdVd#E8{-Sc%`$kdA_+9{z8y&1x2IOOCfcx=gmz6kJF{
zjEEOoF&d0N&76U7RdQn)V=0>!U;XJiSYBQ>#=JfLeq(o3ihkQ>s@nR^!``_yY0VZt
zu1%wKa4O`(j%s62ih3@j>h|+?x@Y}-cMg-jS$0k~-HTjDVL3&w7q%<@7~hY(HCS%R
zCWvHP6<-M$w--qK3tqF{-WHs~(!5r*`r{NlW5ICB5ncTM0E0k$zwU#>^CPdhw?=&E
z;BZX|cFt8HiLWjM1?IliAzU|?xCzNOfH-rP%ISZs{x2M}WWq<OknHJoOpE+Kx3}u`
zKR0%E`!D*x=Xky#XH*+b9KwYW1IX=|rDTxv1e8J<jjrj4sc_{BayjOTs5}EhJW*qo
zBxIC`0XhQlbkre6)Ykllf%(V#ou={17bImPq!g<ea2_m1W!2x-Lh?RMrbMLhr2&a#
zOp=7BEL;hXF0LSD%*q$!5c1uS9}h1`%%xfhM_l*dzvFy>|G;^ygoFRc9{kt+Fdp^H
zf83wyChe6y8nz(M2>4N~d=;wOY~`zPK(AN63iZVNTSz`y`Re~)`GWjNB^S9OCr8I>
zCA39oRze;#+Qa5j{Cg$5QIUvQ?=v=0*z^DP<nZ|P;`q~yG5`E;?5uCp&;R=N)=U2P
zXL-n?=OClen31<UVyUWU8LB*1F-A7Reuw;Tn&wna$wt4wHS?pf*4ciqcYAvqQWz!_
za@0$3DAj|kHkZfe?=Hx}=@B`6e|mIsdGh}Bf_(e_ocwTc+#%=3XXo#aemFEgcc9hL
z$;IXQ$?G4?FVMkyNRAk|CV<w?CG-jGi~^#@G)c&WQB+qO;aLH15{Wd%uRzzGD`u!$
zCPkb>o++2?%CwES(vlByplwu<*bK>HGMJJJ%u1!mI?-b(^3j;QB4S9ip{22ia>E4H
z;S#a|SR}Hk<fE}B;x<Le!Ej7^>J_{v1LrT&_66t-xFRD-QERWuo%H}<Bbtz7=(+(!
zo|*{)^o-C5dT~&sF`-FfyAgWKEP&jpEG(nkA%-U}xMl-%$IQn3nx`?7Hba`{*e6AT
z_XPBV1BT>VApwpomzhvZm8)88xZ9(^_7cEU6j|kK_^G&MvSTh17HI<nPx0R!b00=D
zSIo4tz2GZY0ZC9T101{<5|u||3s}copfLTx6rrckx4$yC++dTDj5uGz?NMW%nVyDx
zsHf)ci%i$6+x`DqgW=50j0^8N$~Bm0%pQOrsB%5>H8Nl+8}f+Lq}sa&XSwD75_tgH
zIrA?Wtogf6Q&^K59_JJ^v_5{=4%i)&5m&%1Fgf80G~|e9cnDxy8mM*wP78rKUXwbe
zWuT>&EXKEBZKBs^h>3`clK-kxc%nv04ofk}H3%~apKvp}7DS1mzBTBDUJ}II%AMlu
zVd8J>1{-wT`5*F8Zbchl3rf)6LpXI4bec}_H_23<!1)+TF(DHcjcLjw>JEsOG*zZ0
zbqEE&B=*lCp#+x)y6aRYSU5LTrWuJz#?65em{1X?Ibx|1fLL6euur`rk=|IdhUo{-
z?u5mhf?JL^?Vp6aZV-iAA+G^qphE`J$|Jy2H;v)|;L_P?O=!#ry`emTd^ULgJ-XB}
z)YKqgL@g@Of-X4fmI@8xnk8?zQY<!O8?vIcxm#d`9JIEJRhklOzAzu6ArwC}Ef2Dc
zr7^!F1D1%}wQ?1X7`QSTF4ruG3hEeO#%NyyJA2y`u7Lx5K$Y3N6pmtS#xU3~#RO@U
z849+`oQ2ylkH#J`U@;h3XhI~r;jon*KO&(+SV9Lvy1#^U+w7mF!ks9SOtDnM>Qiz%
z76}{*Vpw3F(xhe2oAlVxsbS^#cSwEt?CKe8wtENN+gn4j3FXE4WEqu!DP~<@8WSd2
zGBtw2H7wkKr+_CZov<~x={(g;4rv6JM8~@$i$!e!WmboYVY%y|0kd~}>yFpYKyhTf
z@rnhs2hQE41stZc%ANoY$CeW*d<SuD;42|#0^jitg*H@Qq%=t!*;e^r!nGwHj_&~M
z0>}Y8dlX<GpyLg;!tF9#cXMwGpHVSX8HP9bK44>-42c-dW?q)N?MYC~$>k%&`@SH{
zVo1OnREm^G9Y}CR6TqWeX}(K=`N&hd`b3olKrJd23uV?xtMahG`m4^|tEiw|{um<l
zU?LOB6Z3Jxl~x`9$|_hPHC38TluyFBQaLkMNCbDJZGqcwZa(Bz3SP@!^o~bHDp=sH
zwpq8Bt0-4+%fpBhpqG}7{0S&tc{Q;+w+Pj_I(&>osxltsB3H?jOsKpzq)(RIkz=`-
z;-eI3KTlzgU}0M^(GaWPRA@qpe^$ewd4y~Hbun#s0vED8{sJ2MIH?Uv##E63V=0j=
zVnE3U)5<vIAyn+woTWN3!$v}80<UYs@OsA&3DHJK-WayZ40~8i-*Hyt!sb%8xY{br
zc*o4A%8W*1;w=y{BxEo}E)MvDe~Fw>!{KF2=QMHXcPnHP-*Uriq$2IY&MSTce|DoW
zl_MiKi78F=v^$iHbqJS|-H6B#^2Tj$<v%l^leSpLu!Eq=Z&13DoM-tU;ZZU*h?*sI
z+9`j@n8d4A!7rAv@Z~n2%`a#%Fw2b*Tds4UEx19O-UgjfLv;TFyR*vfB9>`$z#t~r
zvPfJJg#ytU$#AaT?oH@5>yR<MVZh}%fIyBGL+gT~Sdw(?fB7U6Qsc%HbigvomMa7@
z<7Q@-0Qbm^O0z66;-*NGDXy}iT^6(`p?sojTW@lMDR$zoZb3Iw7BQu$<ZwENlBXjl
z(J=1rKL6masx^XMc)|*RlL1c)t{y(Cf8ZvB60W^%wXjTH6*xP@t=S59*M;O{X!gI5
zg_P#n;B>Jmnp?dq9Z~Zdh@2JNSIY~l;H{-lstXHdrU8+MOyb`>C6pxeR^?oqsU~cM
zmjKlT@Fh=Bql)tg9NY;AxU!;l*-un%&eToI?Z*T-RXt|Nid8Yuu}n@FwI{_18s!<Y
zSDxdl@OCgq)a;(a6{;M=hQ5D@e8uW=1#)7Hq+lx~=gij(g)sC4oDeN#t5cy!WZdyK
z6?!y>%Y!X3Y$J<#KItGH8IFeQu_$ijs@RNI_zX(cDMcYzkP@{fjNvX1MUseHyx$$|
z+FvQ;sx_Qxt~41Lcnx?cZ%7vLj59;DeAZV;PfggED24l>E=hb1*QgtF;Ejojo063_
zaul~YQ6nl13P~~HslgMJ9#thwg6aaLO`k?|AHiZU?58?%<c%zurabL9zS$GuK{`mM
zjmh~jFmAvSAv)%SmA7NZVt2=o#h4ksspBydfTFrQZgy^{f@p!KPExC!8&Xf#2LKlf
zU}!TY%`_p!ESxy0%ZrOx4!%Co>Y~MKhG-T0Zv{WI)xqie%ag<7fM|B7VZF_<vtt;R
z+Z)F}T^<Q&IVp{mh5hona-t`NXg!LK@DAx%>$18?Q-Ap_Q3J|=6M-pomRVOnc&c@U
zTh|qkjcSrGs*E`0Yw7JL<!J@C1GVqKqz=Y%t;-dvV3nE+!`D7BuOOL!uB!?t!iOcD
zF<0iOyaAj23)yL|GIhM3r{%J;LCY!)YbOO5h#Mwxv-FtDxN9akE%qiAa$*E#!&opX
zLvlGrDa_EX<}!Qx4a@_I(uI<bCZ6zWIFu?l_G|&gnpSl4#kE1>*!)`>dB?{{Ka9_U
zZdYiTlhDD{S3Itu4#-n9HG{G=&L@s-tze8JEGYlE?X1%@SYW5bph^2-0&Nu;FysSd
zUdKONm|1p<)+H*X3Se8EyA8arDp|^{FrC<W_#g{OVs5zB3YXi$!I!GN7LyTn<JpSD
zumze<d2EItEKX;LBEEL6I7-l;8QRn4l>juXRh3(~;JPC*K~~z}QAI6NNGdf+pt2#`
zAnaI60LrQ*7pOw=Lz*z9VAFiZC)1;6ASv`4(>fRFDYHB^)=bq^$?2OB>xvv?^#;E7
z`97kVWwQWG4`HwiWL;xteZ=oig*G1*)*HBA1_FgLb8JT--kECzKvQ|fq+&5cLy$QJ
z-j>*bkh?$ysb-}}G?EMve`-$%NM!7eMIMO<!doneWFsoku2h#jtSw+CB$ti>Q6c(;
zI6gWSKshzC+@3|qEW9<SA^YOY7<9sv$I+-x8B~LR3P~&uV`GQ34&qL!b+Tfrbj4za
zFdwP}_*UVT=1PkRl~aI*rzB=7l6+vdq7XXxh&T1K?lif5v$sLZ6@V+X8<HcgKy+f#
zwEBrkvo6!(5EP&erYOLI<ZVQ(k_^Bug78vm!8+xJ*|V=oP{DJO(P&&3QT^6jtLo;i
z5djvz;NXIsTm<Cx!NtjiTil;cF28&K!zKCY;QajH^z!8Rg1kTX&GPTRB?qVfBHy2!
z9(4%gXaT;<tOu+UPJyn(o|?2gL7*q4j!sR<EiM%ZM6yX@#gJT{T)sW-kkj|4-ILRA
z&reR@9KSn0z3h;8$LELN9h_bsygqq*a``Vnp>IzvPmeFqec-_MadvQid2;x}+k<m*
z_QUzv`-@||ZP8kou*Aq}Dif*VV08e?3`&JnbfH-$MJBmn&tbwtl7p@k@UNt}p1u^d
zjY{PckX0PH<_ajg5)m)NWF+d=&I;OC-_Y6=W)b)HLh`m)QuEPUj<HPBkeryCm#`ay
zy9N&IBNZe8Wv3o9A*Y_I#aXhnklI%nq->P%5lbVs)+wyror)^A(EKdK_f=#R6p2~F
z2f)w)a3d*{D(n_+NKI&@6<EjH&j(V^%Jm^68MrM=xT~RIb{w{rPUxtr!#7_$mw?ha
z0HPmCB^ys89vj9MO$mm9L7gtAiR;u+=x9vM5-~}rM4P#}#f!UI<%zBfy0DsgL1S|K
zg{O8iJ-X^^3|8mb#2r*-+KE7f9SITN^2FC2UK6E7meCRG08fw`z-<y0^nyr+d0H|z
za0#|}f<$66G05w$2M)~CS_kmZFz9tfob97frqlR_gOPM--8Yo7?%IWOgY6zqz^jlP
zMCMK~tKcZF8Tp{RsJ%n+)7Y@?)#F+>7S1)dIW9CB3xQft&~#Re?VxidlnfcrlMbYi
z$TUqOhLgxp4Qi?16!4BsQm%{hSXgfp2Rjji#A=~{Z|NDbV>n+lwLlRt?c^)2D&`&*
zlJCT=k%Ul`EEWvb)9bjLA9%E+iDwNdcy4PJ0VS^e*$~o_i~_vC>6BKKlA@QIA`cC$
zPT0sye2Dbf9C$qMur|YDZDKZLX^dZtMH08D&Z(RLC34Jlv5Mt!&ZR7^Wma=cm15Ey
zAFD*|H1)=Vsbx0G2~Euklxtcr^S2&0dTe6>3nK9G>5;it+uY#b{lVGU@#)dYfA5<u
z1Z_c<B~$CZ;JfabcL2(5VM`)}TrT-R$GTBewF!=`7Cd1R5=dBSu2V|#L(Y;|5tc@Y
zP)PI#l0x<u68!eDEE@-!347a39Wnt`wNjraNrz<hNTgpD{sP_^b)ElhjexWcVyYU8
zJc%L9!ogvs1Mk}QY_sO9sA;O{U110Xp&kJU$xn>XL<u4pwzhgwN5!En;*C<kv7*=o
zY-Z*zV`o|&u+n7(ETj$+Wj+it$w6^#XmDWeimK()I=>h&8CATn$J>>2cGp5ZQz|*A
zjK=)NQOeSo_}g?koqi+-=*a-W8+ZvrGm9LtCo5IarsF$;l2y~7@U>j~+H~RM5JLd)
z+OleM$G-E_il0Cd3rs3l8&BF71JIJuimJ{bFx3vt7rB~R|L5*T*oRM+;ml|89M;!t
z#n(<&*2{s%Ri(i!&ij#Uw_~_r*)ABXfZ&k32<A*^I?CyYk&(DzGOc^`SuIJ)r>o|?
z!j;e1-~HvOKGy&L{P^JL-ElaHKgAex{r@*NH~X8r_4uFu#!LR6XL-J`*-=+k{`PZ`
znRz{2-wM}vepz+-A^2nzsxe&TAs4*?jYq6!n|E#NZbi}k|0+FA*f+z3>aO}Vr;@Fa
zzx{lWW%nGU{9@^GR#t4l9altTEOj1Kg%j|wP=PpCCU7yxs6;0m#iCpq?j~jW*4m|^
zwDgU0b58_~2N0(V!WGlEAe-O~f!D1|YhYF1YQ=wB=Bl-tt%w;pD6EDoGDWB+Z|Rgt
zvf0~$T92r?S<#Xf45Nk8%>|*?Q>Q`$CGjmYa<H<U?b@z1i$L~Yfp4r_IV2MiGg+OE
zE5lJthkSQ=dDbDL^Rq)3^?N$Jrs2xU0ZG{{dCSxMj$AXDvV>?BjZ=|`(Ue3K{QcSM
zvv1ArP-jZc)3{Jk;1Yx@C%OzYi>E1_@QCo#FyOW!^fH)g2Ci{DEwsAc*i@4n4Aolk
z!&D(qvY5-hTS9X3zEhdD%~IHLND?vpa>d;FlPp2Ks$20+eJgHwA)F>+#G|m7`IwK!
z$#jJchdkm=12at69Up++@NYj`Oc*k%LDIf4yUA|L<09#;jd{xzlU54}DO@Z~xBmk<
zT8@0fTMt6>m2Gh4x(>5+w6?PH#TVpEGT?j^*G#Rfd_}&`2WCArQ~Tt@Kff_&cPH$3
z`yW=mBHyuOg1>Ht{SWZ{8>T_jxzN;zODijva$2A^8feQNtHubPT83hMn@o6`Lte&}
z-^n|k^6PxS$nWHWCByDJ>(2Q7o+7`Kg9-hQNXhZ{7vy*HMu<_u$eZtviTN&)!km0^
zU|z2LzTe$%{Qt`D<mbQr?1s3{5|63WsyCrZGwGIfV*3fz&1kLcEEbUp@jFA_SlUzC
zaFe|eu9m{Z>Rs=tuFZ<rwbAOmH3AS;XI`w}V*$S2Q?U0>3TwF~j|Gq3s;6Jd5=kBl
z-Uxc?Mv2Jdr-!qGzmHzY|K#$C(Q;+wz3iYKh5VZH=$hC@rP$_DE>yy4_E%OueE6{P
zcQR(l#0dWa47UhKk(bK6^ni2C-4M2Qh2D{Fx2W;(jX8#0bcKfDRt|=mNmB9$wkH;M
zKq`$O9wbYIL@~)yUu!hCpN)+OE>_Tkv9N#tTqAnqO%5g&Bemauwbw!*q}Gw*P{hoT
z;eWK`>#9utpB3`^9ZRy6mCG?B1Ew^&rJyJtF>O{cBOFvy@VC;r**Pp3t*&7&nR34A
zddybbeRPq~=o<W?QkInSQs(D!VrwD!$!x#X8+g8Zics(^gf$x_V!%46JOzFrnFyr`
zO>XH_5hW%}q<(Oa763V}4Q4+ucf<E=N`5Do)6CosM;6=6ze;V(?<>D|&4d4S|5N!F
z{AF&M%OA+^hMge4lMnq5<acst5trEr$e77wilz@_8_XwKz#V-nxn_jsT6AM(_$wBh
z*P(%+NRdr`cM)2@lMlZInTQWk%@6F`VE?zkDISi15xt1UEY1_2j!qzO-Tr(GCR{Gk
zVE^ae0;pl(GF_WKyxJV*Pji52mIeC(Zd35_V<*re1J3MwHVyV6r3zjt206z<X>*i<
zkH38UXx7022*=$PRiGn7cyM-Lk@=krgh<T9w9J|L?8Kf{P+K7uVbdaMvG@I{(C3WC
z(@V-zjT@^lY0U5BLy(G?dB+F7=%zw<AyazL+^lO>D1{8etz9Hp;oVn~f>da5{F+*n
zhs@z2`Dtt<2u#RA$&Eoe0;iNaccl-QO`r<{xcpmPg90j|36o)USw8^6yP~h;plC;K
zd6Kvk3?;;dDKacDi;Ac&=gS2vYWvZGKsO}M>~dbK!Bj+Pna8x;8psb~R_hpz;)XYR
z{jc|jrzd_kmynza&75Pep_UL^XLIBvRx@Y5wLst^VwEmXu-ZP2K(P<f#eunjDj8!|
zKj5uof&8!rG?~%Z&LZIhI-q#FE-?{oerTGL<LY#<Ka7ZD-|wkY%&pz%>cBQ3*Lw<(
zfaDo)rjTXd*6_u-Bldi$imc%l==StE&7)zVuC{mbppzm-R1WBfkw_#7I@|jj!yzsQ
z2I!DXBs`iDW+Y^rTnLa#Y4hJfBBJXeFSrY?!vsY&kjd*DWwSDhwFYF-ja4B+T1op8
zjA?zjoNyakIzM#SU9`3h0jpWux`LzVB-Kpb(4<NawkLfRAdRuF4K&RKbAfqeLNmh5
zWmFKI*1SVT>MSpTt&MHC2hPl|mN*~<!w3ZYsJ=jBn#O8OubC<p1S4>JhUGC!gFz_<
zGiE}98IWi^;pqhkqi0l)tBc^3_ptJ6588+3FIXMS(}XWEEeiq;zMAkZW(ga?sihgW
zlj90P&=@Fz7eZ)0xetV<J^uGTa5}Y03y2{(u)!Z%kb$twr={-)BPV3PciEs8&B!Tz
zM0$y3J*sosw3vr*m5p5ykcIs(CT7j_TB`%5>Dt1sT~d8q-gd6zV+lO2Wznn}_I}T?
zyqahWhVxtAYYeO|RN0KtID#ThD&xZ;vy~>G_5OOe6K=XPPJ4_EU+r!04u%^Wo9lb)
zEMmj;e*9`Mh~kam?%w9!aC2wx6?-*^H@3F62P|fr+x?v#y1Ti-_BJ+y`YbFg_k!OR
z8=Jp8uF<`Eu2evo-+!fPb;l(e?&E(PcVA^-j11F@L>jS7tDY)&(=NN=a0Gf(DLzWO
znTWe)oZc7azp4Q2UUSNza1H3!4vm<5r`u-cbe@rIf+_WA9NS3a4DL9Xc_v~Nl6s$G
zk;KZp>n7}mC8ZYCc`7sK4GO8E3I(oV4MA`V7cQBm>RR>OS~FOlqMx1{uxqE#`$93@
z)nnGJzv&Kz>{9djJ(p5F={lA=?7zZlmLS}BP5t70HNg%!;b7medz}Desr|qsPC?^X
zI=5Hq`nw-6*F5_^AFzb!ADJv||4qgd$8@=u$${2PnX`F~Uy~c}^LdO?8x(%Aqu=3v
zHY5N1Tfl}x7U^I=I2Bf+WkDyn2GJ9Qt?D+Ha^1(y;*YyhB=sIp`}N?@ZM1ziOK8fL
z>Lmm@#Tseqf?u8%A_R+rP5`oGupdBLOVc~{b11o4<>VlaMXKJX$u#H$E{A2XA3(-)
z6@2`qjywLkS1J1IX`zJU+IsJx1_nG#{12^riM`#lV#yFBU-OC2P+<dMUH?H!f&?_c
z2AO{XWQ&jS+<OEB;4V$$ZV6&<X>435b~*kEnp;!{M|NP)F@%_2GlIKbc%Lo9)NzH`
zK$nHJEK6JAYpjw5+IqZ4*&2LLP`v^Muw}=qS8<!gEZDLkkK_$o3g#{v@B!SRD;P<`
zYc{poKyNLjqTQ|js~vA04-Y^=q)pp{pDz3a>xD7&{Nf-a$A=`6(@cwzq}h1t)J4`l
zxr6}Mgi+;g{*@a8F2qy3DV)mH!Wwh}xD=$J5<grRsvt)+wF-$~AJg&rcgo>Gk#XRj
z0M4vL<}GNo78z(xpe3k#oYt+ftEN|1D(o>3EqSt^cvPr(R#}1dHyp9ay!n(9u9QOa
zK}dN50Qm2p8jxk>Eo@#DxQ1JUXzSH*&>zI>@!t9_-HEn#Hu_spv>UNkTbt4D=5Wxb
z+gq=8=<Xitv#mJV=tr;U-ue!WcZWfPGTcw%npIG^;7WdJ4v=!6xxMdD3#2<c$UVio
zwhEUEM)(s5c-8vW3$BL)?`=&gX<)nKq8|vz%q>J?%BLP)H?A&gD>ymB<6ygocFuwG
z2?4mbEQ6m1O&olvG}BTwb?%X!&H4TT>?gu>5Xazu+eWM_jE-%WTi1Ad=NDQ^axw%v
zgxmC^(+fXT9u(DSJ{cIoWqVm=;V2~ku!|4Y@PCH?D0s$yhUz9-4Zm93|A+ayi(miK
zy0))%8Xy2SESVC?4Fgk@gLyC|i4frJlxMy%>f{XV;tptM=nDxsw%Haz_)+_0y&szY
zTi@U7@2z(#C1yjP`!zsAn}zESrJ;_*gz~g{itw_sy}FC#+i#Bvd_iLT#D-Ftb2Vg`
zyS!S}u4VjRbC$CUWDl&(V7<SwWrld2gPVZzI0S1vck7%hR9V|JVRbVC1n7AQJRlod
zLMAk8mCGfVuHuu}W#0WiPYIj15QN=jTsC0@Gs~E!aRQnl3!=cfzNaE)=K|C}v(?_d
zKn6*)M0|L1bWS9G=!_}1LSEZ@P8qSR@;9Wzg{S~fFumO<Z1swbCZ);RH$BcXE7r}H
z4=|0+HH)^|U&-o+h7q@JA05y%zU8qV+oDc2sy!IUU>|1F32YDc?~mT}icW|tHKhd+
zndTFN8kdJ>psf4h=*)9#wK0C;76YuQW?hI10K2p_0%L>-;bqc06EWr!Aje0SWc8TJ
zgfped5zD9qH^)m3IXi8dY=|AHQf&t1SGonnf$7u}7u#1Q91LWusW;M4lAgSNeGc=C
zL^`sLFD}=jnH~V%+VNuCX)Z2LhmtBS^9bg=3Xw#a^|_R2wl$-^etnL%p1~-q?W>t^
zZp5zr--6N^8CV3j-5DMmx81G#Uph;?eskuA3SH-6wdXl=G>Bm76(&%`4vO5^_8xfa
z)nOthXR0}(1$y34wZ1|1l!=(&cecaD+hQhc<#%(Uc<fYLUlTSNFoWUX%6#ZbrQ?>o
zIdiRj2N+al;}60&Fb+nUt($a~(3I77v1La<|Kyy071Opxj3PH&f|c1o0F+QVM${3O
z8&2&MUcWgzW6WH9XXp@s)gM~`TD(xG3^Aj+0|Dw#+gmn-%02IB_Kx0_H_Z0N*2dmm
z(;a6*@AxF2IF3aOoiQH5POX8y(zSSJILD=2D8z(n9$`sZ)Aj4KZ!uXH`2V3J&xfMR
z4_*Nt^vJ2T=L)-GF`=4#Fz`qr^anIdi?r?xHU`%<NU8?-(QtRl1m@|>mDxM%wBbY4
zAzXi{%*Bd+V?~)iWs@jca0c0MsC-bZAH6FE82iv-rF-kaZkE8b#2*Vs1lRE#$cr)P
z1S`9gyA<hzbXwW|jh&74t*!fPzY}9pk#;Q|F6`+pr7bv0`omsEPk?o%!IC4I9e&G3
zG@2S72HDESsVRqcITLJc0cpPh?U;>6g@asNm*xNi7AZ}mYqAP8pD<yN=>hXaVI6=X
za3Gnw!~h0;R{@MQ!w#YM8w5cVVH8|r0;>e->!2g+m|=imB|Wco8-j~zFwG!{mFXc*
zw9NrAW(a8^Rg|lg432GS&q8c%y?TLnaNcXK8Yn?!qoHi&*DjF7AEQojcDA=Scb3_D
zcNf)A0L)<St}|4~8*M_fBMd+>eDt|lDDpcQCW7jnE$|Wz`~8jW>geDCs`!7P0DzE?
z#m{V!>AFnxUi!99*hI)_&0sRqUD$H7JvPXOJ=0~+gI4{TGfCT>+bp?EF?qqs8S$Ez
z*CEEK6g^_m-Gk9cy6R08!3xt(ws>En@mCB9^*+V2;aImg6=j673dxT&;W03tV2YAJ
z4_JpJ;<i&Hx3pUt*1`KWp`)t29nd5R>SvNiV>s_aXs#t6jaUs3tbe79kWmJIOQpfJ
zhuCOiM=cs~%<xoGE$gGF8INd!{W`g(b!`xZBG|NYY!63Msvk)U-BeExF6)FZWqdS#
zqVA!uf%&642D&cRkM;V_=H9(75`(+0&Yty#oY0J{W>Aa<U#xkfN@jUi_Rbv4Ic!iS
zS=ZxpT>zTt9hDi@c*s-3kQu=lk2J{@9Wltj648`M23cPds#zLMOGwOZUGth#Q`H-)
z-XI&c;104mI8nE@H4esgt)ZIw{L9LGZsyZP(sX%t{{FxJg`z*eE18YP7b)SH#wC$?
zVt2L(hBLssAVXaLa*8(zO<&_}Qdj4dfOy&9tVbyM@$JDW;qjL^)F2yTG@ZSfLh^I}
z7k6KoJH=4i@)JKf8(v`GD`;UlOhj~jCdFVLu{6sXf$yx1B+aB4IJ#cFj)~^rVr!7`
zh9)?UE9u-6;jBX2NO6%A>HijkVE?y|o#5a24<oeQX-R(sb`6+B73}}~OXX+#3)n?W
zM=>`NY_K0#6Aazk*x1>Q;@!QC&8_YJ_FjKucXwkr*xA_L8AL<6x3RfC*j?X?H+Hr+
zXuP++%?4Y$uZGcP6z%ml_JU3zZkUujX2E`%CrKyB@+3jYBG?a3hNnWGVFiSs6G)Z`
zWeAvg_iIk4;7MVFRB$1JPN3;1*bi>{;d;2f9dv?Ru_Ft&;d(xT_*%p+K%hdQ;>G!D
zom{X;q_KjSo^N@|)!4{V>wEovO}O>dRyI$lyNPTq<BDqMWJubJwtr(csbd|U@!VtG
zDrHm6nS<m7Hy+{__Tq62x79YYm`FCt6Dl!V`Kn}VE{`duit-hYkaySRc%0BQr%5uc
zVAyOEN;`TjVOO#Bz8wl%4;EskWSCJmJs*e$$~I2BmwU-|eB-qbXLWavo@$*G*tE1&
zr#A7-X@Fdh^NbUx=nhjhfQWMex!(9FomkfyR8?Y}9EE`7Ph_qrU~WG%-gUdz?^{1W
z(~3|Cmn%vQVOADqM8$uL0nEr@bj<K~7;Yp*-q2V%G1t(jLh*stq#_W=5<MeYoC{%y
z7`To*@&WzcYy|b=jpIS#QC2V8RRVNhbwa60!0$J_yEUAzPH28mS0`AI+)O_MtwIaT
zO}#<`>`$v+Xlz`8DJ|#tB;}eER(^7bSaFbRfg9<*#q2eT{6A#~iZ_;<T1x~&9Sz&D
z(0q$w3-hr+cw+RbVwg~BzgXgO15pPYC5)!8v*87VCbjW$36!Er668x`swv<U=F~0h
zM-^9y!tCSgGLI;mi1dQ#kdU7a&QDKH-|Ukgl(lI@RI<O75G?_YVVMhy(qo`Gu^EXg
zOR*1*b_+oTT|&s?T4?7FDgQNR<m9Lr+qNX{a-}gPFto5ytC)))<S%n%oNdR}Qh=}~
znvTGnwr*~bjqPn)*SM08)&>8)V`|)iJXQln`h*WFZ=9Q%;Vr_-JRqZ31wpNUC*b6%
zd0U^)d>~M>)EdVGOKH71Js2iTjYFF8xt@g2AKF?1*DZj1Y@}=3gy$>;(@|VFP5Fya
z=gfCsZO3~%JN;;DFWTCCMR%jk-JPvyV{^05;#V6R8+5Q854Hz`?TxK?FYfR3cOx3@
z?hJPabZ>)hJ_%<oBonG<U@qD6&2T&1YT?T9To-dD2WKbFkHK_+zFG6I1eYe|^9lKd
zy>FC@K(s9(#T|@OanUL>`7OCOj~e^o!#+Ozq7}PqV5xav7*_f~j^^{xt%FcGf&?;Z
z?)IAgkJFp`chAxrE(LPNH&jAi-o-;LEo8Kg*&=c*8tTEL%pG7Jt-xdbWCD0Ac`VMo
z&9HU9lfUrLU*9M#B!gcU+hxE15$gP#ODXjKAQ6qm_E>ruz?`nd7D~0Jb|N$@Z|6eA
zZ}<>PKoq3gT^j6V4vr7(Qpcq+!h)mY4{+}T(->^o!{d*-?2+*Ydp_*;MqL)C{mI=6
zk>}kZ=T6Wl<O|3dhf+tOBl1zZ5`4CJ@VPfh09w#9$!~bVM(kKcG_er^)-xoc8KxNK
zAaMt=6j`wUb8ztXZD1K7AG*e^G#ki?IgF87C|`p(DlmseNh<Bv=DfboSo+TX>2mHa
zF|4^}m+)vP2M22KG~-Sh0TKhMcw}96b!iNXnWj7`ISSj$*H+G+k}uhvW~t&g>`M&r
z!Maq=sn*EQkaus)6-1;=To+5jTFr0p>ebF>(;5J6z${P#S-7u5(7htg{55~b`4_-!
z%<z%$(R<_r(U^XViK&==6N-neLSxX4IfK>@#lwcQw(fUmQM{jnJ&l3oyr^_BgU7iy
zB#YUAqW+8h0&Q!R0If`l3DaYiEAVe}%yMB-2c=3&#;o$Y!dI*Hw?QHXm_5;!h;M7v
zjbz-jK=O1HqC92Bxw2ERFI70DlVt4yYlSjXn^AeaE&GXzB+XcHU{-w^^U&e(-8ln6
zoTsB!zjk*fWzo#4V#`Z!DQtQYh~<1(&;MW;AF-c}`|<(9SNOAsgVI8v9|_F!BHGi#
z|EbaLX&_!A!0D5c|L5K1r#LX5dSCAa<LofNnqE_=U_VHBn%|+x4D6D2^IJ@kpExA2
zeKMdSeqi8V`(l=++F1i0aV2x`GJBoJBi3dQEcg+8Mb4UEEx%qx)I`s~){BddtlQr5
zfKKS$4{6Ebl!jY4F%_?<UdCj^Qccku0jmPGKWlE7(3p|j@9ch%@btigqj`LJx(qPR
z5tc#lRpA$5?W<t9R7``{pFi=5wa&QIcVsXnAF6HkNt!1HlzG#-r&GW~5$^FBj2<?!
z<N}6Gs8Xj5n^AxP2ZoczcD7!P7Xo)*f-f1k5~~_!o)&(3MFW|a-j(g6#4Jn1v<%jo
zHR2-`G54L~r&8lDrNO^{tn~b8ek&v-O7|mkIs|K{yFLge-^4uEAVC>g)^*O(T|Ld%
zJ_&$ROlcB8r^nx4%<t6AWWY47CCZ_<s#_g`+rIY+hKu%l{UsL3Ih9|cf4z-`X`xl-
z474})9L5U|FV83f&g%29(}Ch9uoNimjh_k>b1$D&bP<~yo4c>f;O{f5^F=)bk^vhe
zVB@T$o-uG~f1l86Mii(tMB$9Xpj5XjpM2_I;3-yTb8!HC2q~z#=&@>Rf=z6y$HKja
zDlcy@RBD4j2nu<6Y_%qGokB6Xd_-2i*x1^6wXueN-EM63+rvoJqG<T{XXm9aYv~S1
zi={8JnuDiGF%JewnK12S#oS>1Vrn)CEb8y#KCsX%CMC8Zlcl4KT^Q(x$`R9L-C2nh
z^`MGL0f}?Ekqo0okmOJc&VWYOP#g~{{3f<gsS8!XbnQw5G}c3n3>Xv#cOHS*k)<lt
zX)S|(&Flsa^x`^#CXYpTaNUe2yzX`zF{y+7ph(+=obiAvwzEZ88VN(B&yL?Y=g#@`
z6G!m<OU*`Q5~E75*)$|SK(V<Y`I6>ZeCd2TEG{pcL9WNm%sUALA+<P#dmYu?I3|$I
z`l85K<O1-!1bf?uGHC}%;(4`TEKYTgp>JnDQ?>I@eR5^U*o2W)9<s1wJ6gjSqyYa4
zDvRgXy6RJw_Q#~lr{7qR_^{0(wo4}5`tt4*RA5Y4%%Oj?l!X(FA#m9ULSNw6;X-&f
zbPbMGtmzUla>JyeYY0v%NXgKL&Ve8@uyhD7130S>?3QFjECDDqne4ie-P)-RxrLgf
zn8Fz=3b%BHaqc2TwymDcdH#Y|p8>nyf|FI)daCUDt(hIL(*UG8_6a=V6f3Z*Vve=w
zL`%%6J~7J}k~`tkSl4$G*Si03>DVC)##&hGa3LbjT8Uc6wQk$-()n8f5^_Z*jHWyt
z4Rf1o?$)_awj8Cy1M>xBHHa&|Xzr|LR2JodfsQODETV-n+OYN$rE(_E*%1B3%^Qf#
z;(B^y9czRA_5Q2vPTiFk9p!`lV9b(9-BGs;(!G3pQFU%F-SR_n(B?qzvYSBNh~<3b
z?VWCriBMh5E1~&huC2H5{BK*87M9yIE8_d19fAv+x?l(wTu^qgG-UN%@soVKf{4U7
z1qN3Z>c)OZV)rFaNld4U?^HANY%88$E&(v2+;kuo<<=RThOl`bEG?YEWnxgo#l+3H
zeABoL94#_~7sLcOHwy|{zL8Wi!~3B~=A(*DJ?j^Qbv%IKfNmEpOhlLBG>%v%S>!T-
z4C#$PzgOrXB$oo2w~4sH7VF{qcDMw8;(~6AoUVrl^ZAlRvjO~SQ5ejhfca?VEDHI;
z!Uj9Ufwy-%(J6wD2dqenWajs!jbQnb;BmoHHV&DR#FZKMuqh<(iwg9Fri5i<HenLS
z=c**`ODx89y%fn3YXQr=#8OnY<xjFA31`g|VNc3h+aW$3Z*4h{PdSGw>--7l;<Q#X
z<^m31M=9t4{RqO7%;qU`zdpsJ-Tr;z$%d6lH9Xjk&09#925hvaee>YDEtJf_50%{B
z@&I^CI0J^0GnX;#DZ%(Ng`drs0XpPgWRlVNP^3yr1fxEmGoWqQnkZ;aBCq{J6xDea
zQ_U{4S?5tbYC(#`%<TtggYgEwWg*yK|JVuiG-JVja9(MPykILVIHI{i?2t9sP*YYv
z!j`|s(}^kSg8cwLaCsqu_S{aMyzYXktFdv-bB3?OLaM0m#9Q;17?xs(Wuq9AWkvmV
z@xyi<w<PAP&E|tw#Vt;iOU&npPP-ejvcdOOO0b|rRCy}2@(@C12~Scm^y%cRjO3jO
z{$j_aI*7|IeXiKS*~x{Y<Bjf*z#1|Gw`wN<J5PBy;Au-W9+Bx@l=9wyr!6`p2pY4x
zzQfZKGT<qdQ=5ZE$f+N=78WB#W6F&*+fY_ny|x!8XInx)A~WcOjEWg7OY#v<RY=Z+
zQjkc`>8VH;l7X22rMIdZrQG~;m|(s_(nYGtqwWpUWAk?=j5w7wAiM-EY8#9P0D?;t
z2-*Zp2w4WeTD3ER>5P|!ZHFpCaegeeZTyV#5zQ6z((9X^sgB0Be5OCRRjYAT0jIEv
z8a#)p$sKG|VGpgsen1sR+E`R6Gb2=^V~0Fpz;n7JhG1;v+FTV7??B7_a%sK&g$~Jq
zX#<|CG=cNhY5T@)8Mh&PWfQv{Wg8EtL^}MIC+Kh9g2#H289eS*rZfkmZ80eq*bDnv
zWOws)?p|Q64@wIJOh<5%Ql`UriL+E){6$B~!PY2)SWbFI$wN#2%#h^_A(;n_t-cT{
z#umxKTQEb4i3dxrw3wK_+Gx|oHP6Vc#N>~&dbB4YqG^Gte7Nu{kc5glX@jYkDaz^<
z3Sye_klh(7$ZuGSX5t;aF3vBMbr82HlWNQ}DBKCdf2i*0hvpU;rl~_DOX&oZ1yJZN
z?b?1D;KL31;VXN)T@C2<2fGd|RZv+r6_{Ppu1lF20#&^Y(nw+mkgV3>h{bK{X|z%f
zVa#T`j<}q4d`y$2F}N(mHV==z@aFmF$rY`bUoEsbl)0$wg#=O6W!ZN>Hs6hsh>@Wm
zwRzuASqbOHXk**HEsK>HLGMUQPfyGbqoVq!Wac1YQF&*l-L;yuBO8rxK7t<Hm!7%_
z2=9=y1f&8s$@J9Afm6;UPn&C29Kdr>FD$!eB6Zb<#<@1A6PC;iSGF$jm(pr2JY*{(
ztO|Rdn<0FtA&cn^bF{Vfw!uyY%yjFtA{M0)C~K1G*jv|}3%oc{UNQ2KAbE<K(lUos
zB+?WT_q{o6&%o8MXW$x(TQUUC5U?J%RE@OvyNIG(7W`)sSic}+pa;-9de;t9TV5yY
z#AP9irp3VRWi2f=p9KkoeWPLAR`w}$@R68gxh_-Tz$q$5HCQvIK%Z>=8<0}JY+2_o
zE#pw7@K*B*`H{S3hTwgYXCzPY4k$8J7l}*(LoUU)|L5ow4^>gEv+$8Q&w<|6q$Mwl
z4-{ldStC_Q5oslD4>q|)R80XiL$TMIlys(!uMOg`QjoS<+c?E4DlQPF4Kge2)@PyG
zExVEA!tu=jjEsMxT({P<+-@ZBv#oe)PogCPz-zKQ4y9)y@WP2xHCIAp8E8`XuWL<v
zOS$15lZ1?gxVE!|4ltWVCLz$tp+VX8G7{On`i>#rL}+u5;c~pU0gA1@zcX5L!{jDT
zUWS)lBaU3Nsdas{=fp-o#tb+ls%;r|MW-Fi<H?mRJMGwWt0{1PZ>#JsVp-uAf~g8c
z%GO{6FfF<WOB|iss$B-Ukl>-!P^i`*J&PISc{4l_R19v+EhJt=F?3~teyw9^WkRAz
zN#kHp9V89*#z4F$W>3bDI>QpQAs=1X3A*^!$_BNA*0w=2S}xuoGap-=*q_r$YPqso
zA!7xbL{nF0T-i0IS;nX=l0|x#pmj-{v1wqVnic{bRs)Yoq1|vlm_cVE9?;^Y_sCn+
z>blPr<EcACZV59du~(;Cpq@k5OYkwW)#wxn%BA0TtQh>#v425zJ}d2n;9IC_q|P7|
z;?0;P83C6|ccBe(p2S^uV)8*GCKH;*jr{$#uzM-cgG&YNDwa{y#o}62mP_Vs>Xj;g
z*+@WY_-IQ?i#rIC;*^6!JW1?^QsaT3GOkn6YW~1Re)kS$O$qjck)%VK(yOAUz`py@
z79d;?u%HVh^2H!*Aj)s>Lmz~C<$q#32U5c);2-EUFY??1A8p12z5*A!qHXr#^K6&B
zF-s=hXiTM6JuMl-SUmfKZS;i^G9oIWil@I+X64u*Uq)jG?F!bs{PKp$flv#yS=fl{
zDaQBW3RQcAql-yxOD~4P&W&v+Oes3DrWK4WgxlWbG&2`M9*qqKcWo*u_?s$Q?!^Wn
zbqGsu#I#d#si68dg2@^t=^7^DmRQ9QfM7tZ0l_9*n^7|`VS(#($Gx?6Tg&vfSav(2
zzOt^1!*m^3q>FHoZV6b|2~4o!cu5@F46TRfN3A;0LfT+9tEw2<v*f-s9Em+RscLbv
zwRYRn3paYHAgj~|K401tVv|#Mt)h;nqh6dU2!yfkdSAdFUHrM6bE?jyxSNJ?s?M1?
z*yrHSsn}t|<4>}o!J7hjX<L%WG=&Nr(1U4@@6qAC<1uA^Uga-;HV6J#O864`{^iTC
z3Kk;hQK}BbB$G_3_ENG3MQKo2RdCz|$6x%Y0M$Bo;5OMC)_{^w2^B}iG$q^X8|3v=
z8yVGlH5{E@^eyBa^s9nQ5DieVTO(*?XH0%)6FPYbi~G$88G}71X8@NWErz8Aln22B
zK8Hg>qj3RuZCoBF?65csZzPS_8IxSZt)i#lyPd3yEVcO_G6NgAnTuQ*VXcwn85Ips
zZ->RO%83xyd4^kwj)9Q?eG9mUCH#if0G-ggBQ|7G0>5B8K7yQ$eym2n-=Duul4)m)
zX@ds<1%SG<l2w-=@$^zBwR~)bIhfeUA#*i$3<sq!8)e6Nq?-|;pdnoHASWtMP&`4Q
zIM0-pj833=VUO3jG)KT5l1Rwd`5daT;VC4!ynI{Kz%tCst>oH9oL^qP^)&N9>_T$k
zD{}B=(}MhmNdX>y7Sny<X)IEU-j|nel?BT4S8D=ZTe?iLLmG|S!g<U$kSPaO$gwv-
zalxsCC4$B_`8+CtG?hBf8bgS?X*Em$Ht0<v1};EAq@HDjr!HY%K?N*BgE<Sr!lu_p
z*8BZM7wysJq7kxww4e(|5Z@W}P3W{9quigU!fV_qPJpATk|Qifj_C*?qjZIY4%kpY
zu@!VJ<r)jDnLEHyE{gB9xo?#)OQ)*3Aak#SeK#&WqEmKDPR{&fMYSm^BbVs6JRLDv
z%H+jabR@(4yjmWEHRn?(R2d3T=zpBYTy+6l6heVo4y{TLxqheK6<08b5jG~)fjXIz
zRhZx9;Tbu<xLosl=&sM{f~sj6jipGD$XNr$fJWCNDe}}ZyI9@n4b|+H){XLY_SULH
zv7A`(t2xuD;ZR}0FEPEpQ&bsVR|Ov{*+yVQGO|Nr!gDOxVHWKIvf+=*8Xa($6Gm?=
zNvK3VRKO1_0JgC+PSst5;pEIFRyP3HqGvoMLdIB_E0cynOr}I>#$;m#4p31>iA0(l
z+tOlkNNr)rDzJ0ct#<6Z+pIu0`~d7pHGojKsrHWyI__wdf4fMaaOF&9y{)w^mlXP)
zrrCw2I#=kI(YpLUxuBPV7e72b18{S9npLGwTbTXKkE(1-WK(9axBWs17i3+lp_U;D
z54~he;rID~{m7(pqC%>e*0v}f`CtShqS+)fGQkH>X(=$)qF+2H_OJI8N%%lgsD^N3
z`vR=}&U}7L6|iR9$V7BR4U&cx5rx|7@WM~U@4zpu7WJt(eLYGz!#uHEX&OVueS&fu
z{5ZO<CTFAZO__`hm+a*1X6yCI8$)L1<Z&{s$m^3gK#pAX5(`FIg~8qn(D=>8``(-L
z_kIj0niar9%|+9eFuZFkrc%#XRFqJ$hD;dAokK$_+=@Xs6==5$KDajNouwwdbDv4?
z+;`GD51sVRLni(Go;to^ss4_pv6$ieQi$7?%Iscprb@j+FL(frQ4r&2&2AHJWFC9Z
z7skWye?&1AQ8vya!yw%-IcDHcjxtJtvo-K9nVi`0y+R6Yu3NJ%R7rQh>n~>75Nb2A
zvO||ISx8TG@-G9203#!Nm{V7L?AQ$)!<rwCm=Q>iV5q7%*OnxWNe*$4MG2|W2v+nU
zhQR2+UFFPqjw_0pt=j}{EA}s6&s)t@4GEqsdusY~qP1hKfY}IaH-S}j6399ZT5dfS
zin(DrKy~eqkS`cajD`b`BPz?x^`+$Guh)NHUI2IYElm=`rOY`Apucs^TnSJ^(WgX-
zBroi1MSRblzCzZ|73i9XI8QJph%4agAfYtqM^naPue3z5SZ{X=P6a5ufCz|!IWTew
zBe96`B9hgrrZnY=Lf)NOLx8nJxMT`T)SoI<R6SHjU3tYTRqqQ(I?~1Ixn+&y6l3I;
zFxg0&s*FOcuycU&I;eN(F*eJ(==)!1ibZ7~GtGHLXf}-GB}uS-vDneSu&(n1^h7hN
z5sG2uJqRG+)uFQ>2vB2^RWN6ya#$9?*3PflwCOL=NGX2J(2>A*@$hJ_Vv%H}yQ3{k
ziNBuG37b9kxz%TT!Awm9rBh85aZ47elQYF4fK3*qU@^A^YF6M?861s!i}fvlJBp2b
zIUBa03<as&PPK{=Ze?z<A<!y!pgM#aaZ`ISdMGP9cv2QIr6{@?`EyV+AeyxM^uP+8
zS(lyC%gt_yw_nbWQN%L_DEDgtHni@%w(fsG<BP7r0@WC=73oaNdmUff%gn?3qzL>8
zPWOxr1^+Dg;$Ev!^fq%n?u#U!V9JIuJT8%A_HE!{5JWQM(sGqr*#CVJvK!oT$woPq
zanOKu)^V`5FqmNX-bh=)sl|AE|D*N^cCDGep+rw_H!&nFB!|daFb*s)G&PJ_vDA(J
z%QsM?CZiE+;lWyq6c<dG<?2lbUFe~a(*p-ZhWa~36Foj0GjN<*TpP&gw{8rFH-?W%
zWWO#HBCcF>L*~IhQ7N<pCuC(EzkFe-6M{PMkX6anmNkS*7Zp^lptg+1*!U2jdSro)
z4V589L|AbiEg<+hB(^VPBloRktz*}w;|fP7OsWoeQyT8JXV3to8#L-~5LZmk*{LA;
z4DqVVvXqDPRv{E;k`4LY5lhOFq_fuW`1HiE0YiQVWvWJHVJO?<IZKS#e0*naVW>;q
z=3)tLz!2h!vXl;yW(e0Ii#86<PCQYtetjMvZb0Npv5uBiD>_(+6~_rxnn&c+^2R3x
z*SC6nda_paWh=YomsldT9=r}eYe8t1VIexJzD}lvPu}tAi7I*;MKg+=PMSGG+r1X^
zlxj_*vF#bGC_sbzDlq?RIj7JYvI%>@MOby>MW@g>*bgupf!DxG*AVOn|A6wmD8;h)
zpNQUG(tB+ND?ro&=kFF{FtvAMNRDVa0^I^MD2+p!jtcIswgfh=&&-O`$+>7{xS^t#
z`Q_x`9g)I%AKPS-<RFSLZ$AuS&{4}N<_d?^u}+oKB4E?tsq@>oRph#UlZ0mS%FoZG
zMUj7p;%I~qiCti`0^hM@f>LIS4+p(fJvyQP5owoQqcPmU)V*bcu@KkgBG`a^v%%kD
ziRpUWnf=+2w}YQ9-~gT2uW+kYufMrj^NTFTJkl6iX@07IgchBVfQwTU@d#SjEe4fF
z1?5#fNSQu4S^`3BN=}Z{Y=E%M@?e~RYYjExu+VJ3kqw(_v{Spa1lL`f0$sB9%|Zua
z;VZBk*nl#h7N*^^+Lo!vZE_Ndbjs55Vgd#$0m7oY;&5Qfw>h5RR++5GYBj`U&0TF_
zZTXkOkYy0!W&Q8B{-}XFKHNBnX{MQc%O_m_$f>!;nv4<}U10LIeW80UE=+p|;s7^d
zI;(=1VelVQJ`8(s>2fcboG7R%2HSCb=Nwz`M+|>26<(?6x`3RZ6S$o3!G3Tm^hp|Y
z0;I3O{?BmX1iySV|A*CUpReW_`WfD*$XVz43$x+n16%#rdTd@-p@%@0FSjOhSHiR~
zsBaWT%hHx!DR4@`qT*Svsn%?gVcB;@z&c+H*6v+q-2>a*%g_Vv+1$$z&LwzB01G@4
zU}ZE-W15JR`K1@V4wor~gi|fU6l&#=yq*rdtfzBIYn81k)roBxQJlhTa2M27szW=c
zwvyNBcS3=RWpM>1?0;<Aqspb(-?H_Xu(xI<rbbsw_fqKqg|@2a&#S#%sP%8oN5u?e
zrQd_I6Tb@{C(NEgr^;=d#vNN{Sli7jJX5~AygWm{I6tb%y203E8<HbolYJE;OT%Bz
zrHXT|kfj6CPG9-ZE>Wp*Yh!1909HV$zl&~dvF-leaJL`#H)(%sYquW{w}(6HY%>}T
z<Bg52osF&Cb=n`W{`S^ZG+bZb8E!<|{Q-T-8tOhF^{QNLyb51+*LOGeHn(<OZS8jZ
zaetd_?G1*5!CthrySdAvt$w_{ySE;{+U?Wr?LLb)27`D;VXWiYned8Z;j$(ChNVm?
zD4rh<DNl0AF2|Cou}I>&ACrAgbkRTziR%LD>9d)AXW&uUz@Sa&xTs!HqzW6e=(>n&
zo;`#Zh3J=66~2D{uYYy_YtsF%nEcme_<z~^_wKfBWp5ns-+mQ1%-%b3k0eX7BwwD@
z-}*VWoBC<u_}ET+&XZ;-5D7^<rbw0`WxHwiYyU0`01~|EE?c(YuCCa;41ggn9}H$b
z^H1{S^FPBcpa1E6`TS4!3;O)e!Qnq&eL?>m$LB3VhLE6~xi}c|H?v+VgGi+Z^@xNR
zyz{(1*K;jXF@LgQA0ru+AU>0fP?fPLaaV_3{f<S(J2bSsC^a*V@SWlcS~gBI!xToR
zFer}jT{jtZ-S|Kz8Kkkp-y5-?-%gi*DTd|+36iR0%7%sML)o)5m9CT3NDlX|PXeWS
zvF8c^W@t-NmE{sD#7Pb&fs<v@93;RYEpSfq`Z6(dkkiXYvMm*;MiD!ad0yeVo<Kcc
zrpYAjQ;G4C+kV(WWgHp@2c4EtG1B=w7&e_6KVvIigLNu{X2ip}6ee<B57bMa8LEys
ztc^qCAKx0^S#2N|O5)_tMz_o6gl^K=y1r+1S-0#04*tR>`d~o9_adf;-HOq1;#zX7
z;-QN~QNpCEMm<q4K3Je6Sw@ASJ{99L)5n-@H&;H~C`sRz?ni}^MdmbRI)snPduA}6
zO|l3=Qcm@_*rEd0kT-2=BbUvPMxRfLv`lE8Ld*%=F{}|@I85ubi(RXm?zVse`A|p^
z%S}`L!U?fv6Tf)!rFr|%y3#DAhE<S{2~-rH47b^olg_gg?_SnCjeeakh11gQ4+ysG
zS-|sdDRz!U<dAJf_%i5uQX%D8S9r_i6VmecuOtb}%rt{3o8=Bad#J`mR}-tij#@R(
zaXv;Nkm?kj<9Ut)sNBq2Wim{~Jjw!UFv7kP;h}!XOfs07np(FeMrzWHjq}s%?$ODI
zvvZ?jT>a0L_#OJ6>IWY8ysv6s`<lrUTwDWRCjKp4J1!%>4Eml3R3Q!-!<kn69-SbZ
zlJ^Y!e)J0#LjwX}*`B#>#O#RFH@hLn%2%iGZhX8uPaAoN()6unyL7w=5xgVUP@~>P
zcc@9Zr=cUcr&)bGh`}D>vF$}c*+_WPXx1tB8AJbxcI)U4?b7YCDwmAG<_tqHRc}SU
z;^wP_9p;K?WH>#Nx46eJ;#JGTr9xv`3F+uJ)iQnxnNY-}TF6Ao3rHwLr5n$KaFOzc
zEXV%YoXq~IsxeFYxj@P|#d~6h^A1oF?z{rYtkJj{UsYOo*YBT4qw64|A+dh(eENQm
zTboXKbWVDco#f{V`5S2H`BWr{k={jj)xH<p;=m$S6&MS_<(tQ+gI!=qutkDoWQ#zc
z_j}S9PTam1h<rZ6asjb{ickH-x}UiZS9#lAtoFyV5{1f0ruZEO(MztH5W7eLy#s}!
z8eRlPew>jc-sfej!%z7+RkF{$hf_4OaNH?(&ca7RbY$_WAuR!EIkw0Sm0XZPp?m;b
zom}zr*MQ+nGM0XZR3R9gRMDC^i7g1I;5VeWqz1{6OGb?|=%wbCx%f#nNW+DzIOYj&
zyrc>-XQ;|7AWoa@F>yH&qngABk`@amm6HOFTp4Ew8BaK;h@iDq=yB!L6Pi}M`%=VD
z?~^>Mv7{7;{ghKOWE6^uYvhb}{L9h#yVL52)5GTO-hq+g3<lZB>u+2yl)()EwYa;B
za4`9aedTSn+*yvDirPQn6e^ZG>(NW0{DPC1jNnCOs^VrjrKq=h`@7A({$Bs!pxHUt
zHJfIywZGdtI5?=c8pPV~A2dnd+$W7zzlq!ZUEDipxA$7O(<ZoSnQJ(uP+OIpRy1q%
z+Fr@QL!my@(+8%Fn|&%>p^D;aMQ5`q19G-&Aq;Vm(qa<RPYFY|NL7NUmx|T5JYhwV
z?@6o(XT#~ef*lUoo`M@+c%aeA`IWG@1d;2;)Im`Hm1XcP)YikM^@Rp4mBqKD4KyWw
z({lEf)@$7<ddmxbN*Q@&E9OnWJ5yg-LAu=;%2__SZc!nz{7EL3!Z#no;=(Grf`qu!
zwM}Uu@om~m{`&pZ&ehd>$&s0O>4zSdg5H4Nubes(hgOa^lHyjg(=BY*V{LqSvsRjO
zV`BfEdyjn;1p{InHY)R`+bF6=QML_99e#E(OXS6A@^pe6co=joB~E7Cnt|ptvBc!^
zmeDxIx={8k2SQ4Wc3ylXCXD;-14VD(Wj03(D#q=&P19jEw{n-`YT?(F%Vq*9Q11$=
ziF+>scXK$)zh~2e;`gOEt@=2?BckLTv0c-NEG6BC${(57ZqwCT-rX!~8=Jw!EUU6f
zE@tyNmvPC(&SmrLZMd9*&CHDZ81;Ses$hUQx;UG&_euhwql+{4X@%O8L>g)E&EPzj
z&y8;K`(ui3iR0wzvI1L3#h~}Dsq9)-U>CW5e^p=`nNaTqO(TkOrx!7kIYh=Ns-G=u
z5}95U(`dQ#fRM)?s;F-LNwRV5I4K><RC&^92pnGbt|{0wi&~lq+E%4Wcq@qlNs@X}
zvh)vb$PE4b9i-7$V>wUVf$b8MA_m|3TliMWu*Ai}5o?O1oJ;3Hp-ZQjPZY;aNj(f<
zMnfeDyyy!2Sy7Zd7+#s!A!iq+V5pn2B=T1Ll6{XTah)=|jP3J#v4M(}hA4YY;bs9A
z1o5OubD}0ikIZB~XWiNiW5PjTNfQh<@(tpe*r!p<!fN6mU{j6&v<Z8Car<XX7^O5M
zWqlLv5VAcQ{%i;2mM4Lj8EVMPGN><J&WoE~O)3J66BD@C=Tar{qFjVioGwXGtozNN
z4f$v><Qhi3o>QdM%$WEEo<ncItdj#dLJGIui|l>rN$#-KY;gypBUi;EB83=yA5li=
ziDLj1dLoQ5$><>jiIf^J1;w1Z;{8kF;QI<&tdy)voUe;NAc)$D%$WtlkBLn+M*2Nv
zEQB#5@=P9YOEE@EaUXr+3a64-a9ohEDuQd?!9k}TJLVl_>-L--_QaQ!-z<|RNe!ti
zC*bKZ1#ypo`yC-^=N0b_Rn-d)VyZbC?~u5V94So;gnM2TX6jVbw`!Y5Mb0a@$t2_%
z73PM>6b3FY0N1x+y2IEmQblkd^ukY;%#`IE=2Upf^J5xW282{VyfUC7o|woBz=T(c
zpJFqb1WYw_%AEiq>%S<O{a!_uOAr5yNO1puc>aQ;qoX5!Bk+9qB{ccJz#GnfvCR>`
z!afc{|KmmQdF3XtsLFA0ArK`VzdwVDRI6-*kWt7_#<!w6Rakv0q3KsxJu0jY6;}Rt
z0~Kl4PeZDMPCLKy!ZT1Q^&3h;Vm`A|B;)im1>`5k`AqAX=|G5^RMZN6UPXhamo)(u
zh@DJEa$*`~lYrvq{4qZCoZA<+Ryq|tt~2a(^)2bII$8L_-l{Wy{WW>1&RqUea5>F4
z#wR2Y56$N`aGj7AOV<H$BoTTD=0m7}fCCpqB=m-9<1AE?l<=q~6FX@R<bwKf1*G?%
z48U^g5lH`ep>9FdLMwdd4ROWFG@1tQuTgG`;0L5nf-`^InMD07S}7XE-+?aex?bd(
zgtMA@0jG3L5(wLU?t;#iKV=3{$`61}t|X>?!=uCVA=hFZfe~?^Z>D8qrzokI42Nc$
zcNxN&glfuNIPXNFi^l{Cz{G7523J{MQfbsh$`fO^PL1sXtxw-&s(UZ=CSE4e+e_t4
zC@p>ldvB~TR=@;fZ(i`M_S#eld9!Vq;CW>hi5qzS4B<ZPsdVQl>^mSV1Els3cGEx#
zWQlEdY<`+7cap;l-}tS{*F~*|8j;&*)f$}=FPC4`x)(;-rW(VW{)<P8=%nCs#tb2k
zQd|Mtllau0?ZR>`bF9YnU`1b=i@eCiU$vU8HV;V!bek$WCuC*LE)VP1l4`>;{w=9~
z8lP%s#c!H_%hdX<+s|cs1)h?>OSUz0`n}B7hbH>H7=8LK@FL$h?6ljvO(-lYHZg2V
zPmO#re&F?MxX5Y>3poQ4nVfg<iku=;6YAs{oR>6xG3VlEm6u*>I`vL-LS<)MYnFEf
znkIi*$g{As#fH_+V;NAvV)uP|)NiW6C9%0UL_4uvyId!0GhIyo96D;Z&`>c=O{=k3
zOe<wc)5ZK>f322``KuF5uE@OBhq4N=O`&b#Y|vQ}l@mV@L`kCYluS-}H;N+-GV;s)
zAg@yNA8E5-u9V_sGazAbKVkFw7MnL-zn}2U^DKD5eSGlFadr7l)^?GJxr3q%O`NiU
zoi&6twT+!Wgf&&>L@!Q5jca8~i4}OharoIddjH<|^1WgNk$aSa7vj>n=U#eVD7|Um
z+9yhaQV^2tg{DIh8ixR62?H-+9o%g+cU!UNpoo__yD;*lN=ccMxUv#!vJ54jnw7=m
zR{2UV_C;)ckMn-SaRh0e?Q<b)LV0=8?W8qHq41Q~kIUf{#mP}M?<YL!s3Ms@VnN6Y
zCRW7@!naYsPlA&G+wO!B^Sf-XPlBp&L56c3ikJ}811Zv@qz~swIL=FJ1;V>#45mn)
z%+IDtI(jyBa;D2Sz>JB3&zvUC&JYacINoh_<XL1}4z@<|SWDXVp12?IUE!RK@03)S
zyeVo5citkQY%0#|L|VZf0nSh2#`Z4LvDsg5l<c~)l8t)3sE%t0_7#&9@BSx~=HD=v
zzn?dNO#>zYjvb>Sm@^G=a8H8t-7L@qgVc%3-LH(p&tJr)Gyh21Sou{UwqlGzN4gVm
zczON)D$8k_?de5LsR`|8T9j)CE24)f>9i1WO^<EEE>1the9A@Zi;&D@*?rr@A<vcU
z2lkl#enaj#*1IA1KDGmqj+6BazQ>csXnrzi$5h2|h|ijfqi{%EHo5b2d)Gn<bQDo^
zqP?u8v6nlA@Fwt#qB2J_gx(2c3Fo8OjbP2N`>G7Ko~VN00~B|Xny7f0W>?z>7Wh7*
zev`h>gm%?Z_03sP;V#5{f%}3I+n^M8%Pk6gnMMQRPA^c=MoF1x7s|oJ!o?QHJCuhu
zWNdMs`*4vAnToG6qG2-9U5+(iau7qR<f7mOQ4@M&`=8t!*SmF(0dJk16y>12y0LvZ
zp+FKm@ns_ZDl!M`U1X;bG0#d?kcDQ9gPkC9(-v=d9N@<%*S?d7i6XO^FSrV0!!YlK
ziBDUKk|~*SvYtgz=*gwz1BB`XXOu=HxFmgUmSA^&!;Wp);k{%rG!7f}gLWm$2*-1h
z7>CA?I3uHC#MI7*Mjh2r1O2$uLO&Ycb1xPyX>(3rGpt%^O~Bk+Fq=M@8q#PY-dXTA
zB-0CJGYTny%<=kBRO_OkHWGw99E+`u>^Y8Lv+Ekj<c;`Ad8fSWtX@>cm;-RxdB<Bo
ztaQW1;>Be1XS>M4_q4dI@*}aMDD<jAO(a!@Ff)s-0DPd#CN6#rqvIo3u~KzRvPc3(
zkSsE3Fu~qRL8BO5s0p0;!pt!$k;z)qf)v!?2j1AWxZzu&XbU_)uvvA*QrshscU!D4
z{teSp4fM&cf^!r&J^4eS2Wlx(;uZH2Cc>?c9-=CEfq@4Y`~dV4!Xma*LONW&9t!<B
zPDW}KnStm2U$1vqA_J>_{Kx!RsC6RLy+_%f)c0e1AXSwzaS_5H5*eg<*USE}4G~l^
z83Kp7D#G2W993#-|HX66WffWUo#X_O{!;2(0Uu001)%|I69baW5a<o(WpN0V97lG5
z$enMC`)uXguAz@?YX`&M?#uSr6dB@!7|?HB+o|yUpDuU{L;=+9f4yFk-IJ$msX^)w
zf~|^76-tojk}4f~Av~`nUP!4)4u-ff+0Vj1LyB;BWLvI17{<B&`gTA=Hg5n82JCD5
zUKBvImKzRv{v&$thWM_6RNL<S1VKza)&KQ+bmx`)YE>>d`(>w|-;W|lV8tdC;4@Yo
zZotu9B!af7aHW+q2-D@z9t?TfXw!=VNEsti=8O5{=;BOvdn!y4klWk~*$zj<b-C1r
zL}fAsDA)*M_GGdDA$Pu~IQT+Lf_Nd<ou_S4=3Ucg+l8d3&>8n1Gw(c3=h%6?PWAv|
zy_-<tq^-y4d|Qu+<wkaipH!(IQe<b|?_u+XxYj(bIgyRTTQm6QWQ&;7Nk=KG)KjOp
zh=rt=3Z98XhSUkM4jOx%_HL`y=v%~Ukv-Gu)ekzoy&mb{-JZohbsIM=t5M%?G;wpU
z*XWxaVjZ-5D<qML+gBA0NW5$6wZ?9(G1<9B(M#U1M$yWo1BOe<sSsNi*^pHdsk8C@
zT1a}WSg*y@|2l5N>#|c0r6$vv6!J~Wn#uFBDftv+j@ouan##WI5*{FdqQH?!@_--B
zQTrG8;3tU`&Ny?EJelMPy{-75!|uoIY3V_0Q}v8DaxD^Y9%>r(sytlmI>0uZNqyb<
znzC*Is(=(lu(zxra#urNWqy?E2>Ux<Gfkgx8vA=L2fH#+e>%%5u^&Jn;k*-!d~LQF
zCSAz<Q%qdiq&cRjkj3Pei=JhgAx(0y+t?+&JrnmktzNy}X;=pqu9JSx!dCmh?3k@i
zqu()cW3S!Z>+B!2n!P@;aDDHfV|Lat&CET$#2P7_Ut)bMKfy>*3(qidUFMl$;^s}8
zV-)ECA8hV+T}sX`O$!XR(sU>c;e5(mLaGouCV!k5dS*%=oMNjpgNNX_4<TGt;Q%50
z<G-XmUclV^`HO0wW0RPuNBLP{WIu7A$H-oV!((LUj@-H64Rv)asoVqkIhK|F1f3jt
zQx@}ZEa^0>a<I$o97?=bfZ;Rm!Q%B3i~wnBVZzN0{`uTD;wCTRyAjz_95-U8&qlr8
zNc(9hSGY?CyD$@9SE7T0Z&mD-k(;N}ZW`?=ZW@t2gO5g1_<TNqanmvz_D^SVp~a;X
zyMeS<=mw$`wi+LhPiONxfUru$Splb@YFF5>Z9%#L6i?D(CdrtSx_GX0Uy126<1FeH
z@ri2@*92mXGw}L|DCtKIWVnh0*sv22Y~4e)RlyRZn7V_+)a|euvs?FGg#MS!YLHMh
zHJI5v7w2B(^J4t!*v4Q_uBc66{UZ*Cvpko;V_zZqIPwPpw#Zi~^foU{p_4KlTUap#
z6~1)N5Nltx8rj+TRrwy^)Ifreaxh=e-JvbKX$tYgr?Ygr$BH<+b>g!*wciAsros+W
zo3hZ8Mm&VYwm@(WL~ba*cHS={w{=*VV@906HwiIIovhB{fRQ;NS;+q)f0+Lu&KOLU
zPwyljYQ2VI{M=&y00;PyojtwhA4q0DKXTYsgQ?&H`xxn9-M})0i?BHIlISJQ=Z@po
z(VMSkV0~qi_Sc&+4ZVPT-A<Qv40ajCV=R-cUyzxDi=BsVu^mdMHO|HDlG~(Y&yC5u
zlZ)K)BT9X+fIAV=I%BBaQHFX?*{j2^7m?!#`nHKQ8KQx#(g{x+8$XdFov76kI4lyI
z#pC#hrY5L}ik8nS5@)4RHksl@F+H#eRf;HhDB;L+CJGC@C}ayv7}#Q{gKwpL5YV$s
zC{fx5uC=o4elq)`!UV_rG8d;5TcbWP*$nsji=c%AnN$)i&QJkK<Tpz#5-Pk^RAqX|
zNBLJ+iqWvBD!|V53!A44&-LIopU3$;>Cq4k@t70ui}dttrGp!`E4lM(=*%^}5iIC}
zAB`=nVdy7T8%bsu1uojH@AJDP2!M*$B78Xs2-7c|>BaMy?TXwRWz7;--oH&?`vn-P
z(}qhK@Ko!O5Z6+RRFeNOcinWn$f^y1l&@xbBc8M1EMFw&x&el~_?j@76DlbQaX?}S
z(zhLesOi0iA9y|<u=N4hY9u+Ka1DO%VGF&*4g(%RYV(m-i{oLdCmzkOB^I#&YFUOl
z3S=K-?;`m!r<}`sP|zU`h*d$cC^)Ac1lWxn9LRoL;oK3B3YTGha05}=ERJPm$uUW_
zxS)_*sSN_xZCQoC;~G>-bn&DpJ*QWHL1xc*w9Z({T;!gzrxp`?&QRKu=l3jXW1*>o
zV>H4BvmDEEUmXWc=IkN13x*tW9@|CugQ`K=Q6z#XEPhD2adsiEraQW*KFozh1qo=Y
z)|w+*cBR_OPD*U=2%{6GkAx)@BZeIv0&`6MHF>spmYEMG^jcxjnWWVzz^xBk8WB{Q
zAn5Gz;`_I8HD}-O@E2%RxSZJTKwjH<l~MuN+*uW>N)@KGc_}NF_&iFhCYP4&fs>Vr
zW$tYg#bz*$skjuLRZGGJu?oyvr5Qpvmu_}$P|e)#{F|lCOgLr~hrvdz+4|4zIjVPd
zu~6O4E*8~)=?WnyldmENGZV!ho+xh>9Zcz7SIhRVyiGMV{i&^kN2m2MJG`85)|;FI
z|0{dK%UPG10F`{63k9>`xp(ZjZWv(m=FA5QP<k0Tr0{^@jK6~9gD8L}*{XPB`^Y7s
zz@|!ie2^>{X4$*G7jq$txm_enV!yf0Jt7cx$B;bOy+qC=o62lQ;3{ngOaW}O$zh=d
z;eP1Xi%YR;eDDI|jY&{RC1f&T;^Xwoe0Nn|29_y2)RCq7Tfm%zFfxaHSwB8MV;ihU
zqy@13519VRjRbR&DwDStKUX=ssO?urnEoje0CTx`B)~1}@7z>$$x)pe^e(J0@*t5r
z4Tk~(u~Lp>8PfkH!O)pQAt-Z{w<~dLdDZtkCqvC~c7Y@TGWXC2mGN(rS_4aoXvMmh
ztca`<J4tooJalY}%i$|;(S>K7U0irx;rxDffqb|n{k{bvwp}!eoY020ptFmk52CX9
z@<gjy31=7M)(1>)uI#^*1Kehdmo#pn<Fk`XG{W=-QT7O&>^TIsX`zQ~*Rsd96=6r1
zMgeSJ9DSIf*bC2M!r${<YO+~v)NAnH&c4`j#?^pl0_+Y}S&vS>`Hf~>6x>-~`#WXr
z?_2fy;o(lB-iq7bS!w$vdOx~2d(Y<Dw^2Ytp@C#<a2;F^8Sv)=u*aU`YJf=x1|-bZ
zFongQ%5jF3ql+_ILq`tv5Ra`Aj?STXLtNC0ARNlXJ~r*}ewLd4*Tq$;j;&g*l7B`7
z40k?{llSBq)54V%)eJ}<Hn2D(au;SNhbrQ(@_gh=%Y~x0Y+J{z>CWcR{Zmx$?7ef$
z7MM%Ed_d>OANwEi95T?zI5Dcq5}b@I)?Hi>DVHP}eIsZjtV*1)QxLHys9r49Hs!MT
z*^%PS$QHLDb}brX5{u9fRvi8&R(dtqdLSFNbZw_0Hg94xB=&vho-djA=<59Fx+X%D
z9Nsw0YE+TU<oO2EEfcjI`Hn65<VDj=?27YMiJHI>lb5Hom)D4WcCZ!un0;|+sj>sn
zJaGzt?I91M`Y{6)Y)eg$@U5z_{a3PdD=HHQ90e$W)k=-55gO0t`zdI0B?+K`Exnmq
zv7srH_hoDj!F?e<2#-(Qyg-d<0(i!jAYM<{##M!&zJmvGckRqz3x;Vf+s`|z>gOHZ
z&vidvZ$H1;FM?|cpj28DZ{N}ZuR_W(9QQLo42xa{d&6>K95(6|<4>O&hwTFREgS}@
zZ4qVR%WSEbmgA&w=#2Z!V(?Gko?XK0R&-XS`aFvfxTcajle@d8Ny?H!D`h2u4U>jA
z5bPg;7lw}F><hU`9DFZ6zz9WdXu}d40KD&US4Yt#Nv0CoY|MI5SS!(HjW5SaoU23-
z{Du@12uvN<Cjk^ZkxtS?dBnpVdgzcdxdc>3mSc$dA_2ToTCYES#nY}WD@7wJY_2m^
zOvpaxW0;>HPlp(4g0WxsDN4OAWs2Q?3Dc_Dxy8O8PRi0R=jl?*UXIiK-4NoR5H``W
z&0Op`nOjAECBzp;!17@fJMao)*=^d}=eRIuUAn-F!0Q#85{e4+`O{O%;l)Hf!Ut`h
zRN&t`a2O|2j%HOPPCS7|KuWp@yu16$gq8glNIdn|TidnRCbmH5JT=u{avTHqtx7=2
zTE-+-eI^<yjPEej6L~hlLy_Y!$Jb)>cG##l+nv|3QJY~_H6jjXc$=cvpAQee6g=EX
z9<HIc_sPLNcv&TRHJAdN<~gwk!xNjD-k1b4bolp8<g!<KUcdt}A@Wo#DT$#XCpaMe
zfY4!)%gC;v==&%<ITBH?X<Ylb(11|S0nTzHWC{i%*&<1^4#^|uvA(=-qRhK_c{8A~
z5;4N}eYTnj*33TSt1(D8tY?`M-Z#0A)eI%gR_B?e#WhQRMX2Og$+QUfV>eMsT#G&T
zF2G@Ahh9X{(d9*1k$W&CCv-u4PXe?Tqd%X|)%<09Ok6@KOg=TijCVa`-NbXO?Aj%n
z^TPN6U}@zd_>@#2)h{N>+69p@3#H^t0QXZFm0l=ZF%D-sg|i0?tIog+>~J_T4voNz
zT&o*+J=--ZhKyi5G~}>0I9)3bG0Aipxj-oA^ziXAb*MRexwFRwD*%Tod+2?th56!Y
zaRKQrrIw{S9K3&vk~gju-=)+IevG5^L4KwtO%Q@*O}LL)#Fab=Qca3S2Io<e_I<^<
zpjUPFs&SFq=*S13e%4E+!-LX@3UUahVOQXf3ft0H-l$L|G7>ZGe<78uj)uLm4?DK8
za3X+(NMJ9C_B@0EcgHC)xLSr-!PtrlCTXA&6C?D!;1&l;a$8PbDI3EVME+q^Z;>Q-
zqG*Y93Zyl3!E^>^r`%o5@&ws0jeSeh6HO&KS<0io=+hun<qA4flsR3A3%XZ9W-9Rk
z577z#t)Rr-J-X$r4*8x~E9@)2IIT|mw7wUKtoU7U42pvU_z7pK{sG}zH2yJg&l?l@
z-D>E_P3SCv8i60`5HYP$B1)0{piFcP{cO9WIuLY>!rMoVMQjdjGUg5#+*!1EJW4H?
z*try<CEzY!;h-bR$I*qlW_W|Edm54vI7&@OoyI4AI0qdJKm&b5;Z6PxnXnNaIAlC=
zH!B`7J(q%?TgV38P)@~y0C_ra5r?Mod66!zrV5!cQRpN|Wrwv!krym?hvBb<t<GJi
zCA0U=0mG8u0d#(J-RkU|A6<7^GRtp~^ck9Y`SbC9v(c^!-#R#kbg7dV50t2zELGS=
z;Dyk|g76Z%gV^PZ0e^81c(M3ZUYB2zJiF-|C5=9>Ua7M&O5E0DzmOHI6;-K-9m)qQ
zReUTSo6l^&3qz+H5ZJ+3T|Rd0KDg)(`Ocg8Loy-(cErdADw|LY;#7UoYAB+OOK7OL
zvm$WEftgN3Jy6(03C?46A4@Z3<&;~F68SC-&{y(t#g?tF1SQ45ps1v2BS-8{v$DW+
zNaAFeNh21I-i<fpN{(dMBPGIZ*A8bUJrN@0dubs(&kJc7VE<=3OVG3vj(p)OUyUED
zS-DHq&>j((B+|l!zhmsH6tfvQa5N^YaPd3bDiz`p1S{SKb{Hl|4UCCU`?P@|ZpUmN
z5!|@g^EP(uzj(FE1kS+J5UX?oKSNsJtgH;N<UAKck-&LmWyQ?Gwy<yQ^;!+HW#U$Q
zzf*6vTfJSgaX^~&W~1KfG)aH|ptX0<>veW_8&+qpQ#V_rQ$Mge?MAP8V6KpD0gR!M
zU!`VX`(Yf!VYXZ59<d1S?e#6vvT$dgv=6Xp?KTc@ui3)=W~*uL_Dh01lK!QHcf=}M
zSu}q9DIPW~KW@k}QTd6Ae9y{uqWR;sCyNUR4Lv`X_Kt>E{If$ypC6FqPbf;h2WKo4
zz;);ew-@^_65o%%1MfxXjUNayEuN8_!r0l)R%+QGaybRbW@lPm!t-HBBQ_9-`VnMT
zsgI0`F(M;AMjG|{2U}2t#s$P~KEhY*Ux_t*=Khx2TJ3O8scKx$YT|3QlWxj<*#NL*
z8Hb;ZtN*#`e)xFu>HVouG0sn~yGJJ<&d!Yr+)#f%{^j!H$7}J&#r5UU@hM~x@B@2n
zJ7l03*C>JW!;ijnl{OqQhD4gQZp2Q@)Hl1K(BHJ+b@c;g`>mLq=I*!hy|R8Q?=RGE
zOCmbI8S<3LI5bZ0Y}UcPmxp;OMawBjYU4p-J>%v~48kmruT18fB6j4&%d9-(rW@L8
z&bn!P!rrpOb8p5UXu0g00<gu0im3)~UQ+gKbvHOWd!j{`#&(J9ns9P{B@EZlJh738
zo5!b-%Vh!vESJLa9|sP=A60%iKAub*#-^S8D3*e_nx;4MJr@#B$eu64g%!Enl=trV
ztS~`SdsLL6DUJ#r;GoB#s7M<h@1|5ow*VgngNbN2UvFu$z`-Em=NbiKry%{T)Cqt;
zE%z6X0wMZz$e%4@DBk2`2!+CD-A!ag=QkBaau*Ppl_mqd%X&nkxJ$(G;ZwVWeDW89
zgRn<%Sd>@B*saTA<n2@`L-}&9`UP7f?ASfr!w~m*k_u19w={F%uP7ktOF&?1n<s0D
zYmb+Uib11(-@fB;W2Pwg?Dtf*L9sg65<1`57NN_q?VkEASGLQ_w&h_rTXB1q*=!Xw
zf##%d8V}mUx~-cAZF1pHi3Lq<$()<&nYzuyEUz<dfo3RXg;`!F!q@qeyv`slm*cfD
zp{lV{*kr*=8xN+4pEtwn?xtsW&9-;OB(DW3Swn)?89#>3@0!l<I)jRq%<Vcu2@B_S
zUGSr?DXr^*wOLtK*NNo^WaNz@Q1@EWaAo(Jm+*+(4g*94>ks!|P+U2=i3t|qAs!Qi
z#ev_we3#)n5z$%8RwK*K3E8>}a?6HZD!pvBaS1bWwt(_*-K>m9u*W9#oRLzraAlv1
zSTrtjI#cxWFoTki^)ca!eHG#`D$Hg^LcU2bJ(urbrT4Z9(?Sou293NH_Dt}h!qjuo
zYu?k&=qLYmYz>{(Cv*A;Q{y2XdX%97%sN4C%)l?w#tKKKNq|TUKT$6VAq`MG24Kk$
zhwqfD4F;9SB^tk&*l#nknKYFt?D#y+wi0BUbz}R-=NDY}SKLm0>=5i0GL+reJ~}?X
z;KQBr?`6W%k<XU$_*)B$cTr)NClCgl_CUxK!Ini+J~b6Rt;Ry0E#i?3<w~no$%!~o
zfsreM=r26$cO05Sk}Tx;G_!4WC9ePz41cBqqaOS??7j$M!2wT#mF&XU71lvz+<s3E
zy4v(g1%wCF6fH;mjwox+qUI%ryo!PWF%FGp`=3T7#}sL_>;E(+vPEXUM$wsuKMJEs
z?*6$g5)Oyx!}TY{*&lp#Tnn8Yf4D&X01skEm#RyM1pzlAa!$=n%(b(O{ey=W#1sDf
zJK?;5Ikvs>k*ouba^%PD>VguFX{Crl4JOZcYsW<h2S^|25<^dMtpwk6B9974A{r<P
z=%JjAD+oKc_@2jyxMa+x<k`3u<dVF@%h<8qFz|L>@xQ7{i9nwwG`ISld=fjd@a{b;
zBDZ6&&#_}ygaxGU*n?r2a}}HeuJ;V^W}jC1>7VevT*=vA+^|eDr>kD#nSfM<gaq@x
zNzq>k%IfWG5i=aGB-NX6u#you>)}TtJAdp^C~_`oIYFCBW1Ihuiitm|{^}Bs#EN=Y
z^Lx^iW!9fm?P*@{rkUO+S8m<5_bH`6CF6UlDRW{DZktm&PIhpu#Q2`>nz<rY;-ogQ
z6_acp$%~I*?MSM)yzOD)1Q3#7Bq$vecJ%y4C&M|AyoCnrH4$Z!nJ!NfQxgMtnZRqM
z5?=pL%cU0qImYI&=sRDC9O}1$Ei%!5tyaZr3=vdK_TpFWksW&Z0!ntpoVv|8G|oMl
zv^P$$z~<vLN%D^Cg;hwiVSKMlf4LfXPFBJQ(~txUzb;~rs=k9=GLw`V9Ph^#kF>bR
zjXlUA2y!gkoY+ze(z%@Dzy_1qk!5)<{pdRPMrA&OLeeK5$&`@vg$14Nk`@$hP-F3s
zC>@97`23>Cey4=C-x9eHh)s}uRj@?M94R14W+MP#nve{rk$nk2aLk7S*TJd>Qz1iU
zY=;}CcNP)wGKWlJD~vzY2+OgwqC-C={A1>mK5;A(qfB}5*L<vlzt3#H6cZ#EhsHm?
zHNG1agHPvj2lUzKc1I+{-J~0Leb4H$PTz%n&KHJwg8>QO3kO7Y%lOVN2N4aAFHb0p
zEg625iN7j1Zk+LGQ8`qJFPER>sGvn*qU2->B0o;xjZ$`2E*9om9>WW>E>BV&2W&!;
z7a#LH$h~_YIt3!_H~-1s@Af@U$xNzTte~p+tA}}rt%yxcu5Qn2Oz?WF8*xAGd#R_L
ztfJO-^r~*!^>J(QaqHSnS=V>CI?HEW?}6$pHAo+#D$r=H6Wl`Qv$HfOJ#Ut!mI*z%
zA_IpTaYlTpbUl%IO+@4u^wFJhgO44tA}6#zqGESBLt9)~wmhY>zsj`?97!sMaL+y)
z;Q_fM19BIe&US1X+FlpLXGvAg*ey{qXAMre_T9aDeqQb^oe&@~Owh+;56+Z<6QEE+
zk$As^$a+@cF$WZvoYO{8M0ZLtyjKk%CkMIn141d=p~U%IOmF1l&<6HFP?{(Lfe^ub
zlu2I1(>p-5f*v-@^HInYH}a^?>&F?5t8c-x|A>>29!vg!eD+4Rx3Fhng4r!4f{8^a
zWGxx7%TU1-iywI*oc5kcKjc#NFf<s8Vy}rnR`KH06?@#M?d=F`yd%uCJFnt1{3;j9
z8T(?dXkJPFE&eO=LYxJh!v1*p%^2dqV*j$OG62LIuv%v^WU~3mztT3or<}rK^TD6I
zXucm(VY1BDmxklDRJ{v9#(-NPAKW}4d@y46>RCK7)N`!4+%N>!WBybsj9iyEDy<A>
zhpb9=NZ|iwOA0(Fuhh_mN2#6VR51+rM-WW1U-@fL2Wp1dP`CnSgsbE0i+Ez@v%qgW
ztD%%J1C9eBF)!-*$LrHWbQ}c%aYN_6lDds7k8lqMc_ART0cSks1PE*ui=5CNLdq(x
z&x}Q>riL)qfQIzyo|>WaaZCcRx1@7R%@n~12fK>gcxC?z1ym`NQ1#*>zGfKzr`MGC
zD#=!#)bIG0kH53J{d)HPeJ1#l{eF4$yHPRDE{?nJKOX-osvU=FW*c{TdiC+s<uSW;
za&+AN_}l5_<=F}Q^XHGhpPyc`$4;-`ot^MsKAoNLwjUR^UBxk9=W44%u**l=Rmhj0
zq`}$n(&>$vR7F-&RVF`TWzGL(Aj;=>5O@$ix<Jn<t{RA~njm+kN+mJ0h0{~y3af}E
z$U_`57OalqJz6L>9fzAGKPwN(g&E?Ma{vpRR@OBjpK3t{3;}kJOjDi}#$_MNptjc(
zGE3Z}KO^h_#j#|#K_{edyCfq;0Gz%W7)NVG#YsZ@5urnq1mS?V(*iAFqGvBlyjz@q
zERkEqzRmegst{m=LsEs5z5?~;Yam(Kfe9wQTZ`o+`C><qO!Ox+@ZA6F^$J_aQ<tu^
zaUvUPQEPrlm8LW#o9T9jn$J!j!ZYuZk?#dKxED0L1)KiV*=*Hx>>ZoZh|rzJ?m-8*
znI&HgTdBpN?D6|ESe4w@Arep-Hgrcx=rx2cS5P>NxKZNP3vMtF&ehN_Y%3<b_Apqs
zxnU^eDYa-sYCH`a8zHg&r6)>a^#TTJB|k7t*nDc}V>l$itxXAV72ktvl+E27YO#)l
zNbbpKAqJGVU6xe>QV!d9NxKtDnv*MjPKO-|#uf1xd@_d+|EM35;0(xX@*n8LlirUp
zD><xhJfnfg^a7I=_cY{i<`Yi`4!NG$CkcteKC3{<3BP%qi5!R{#AQyg7UCdg;ufEc
zUFl;pq%rk&oLz)^<_!toznzO93*JHOB}Kw4cCGY_+?jGZQ)at#ha?#YU;|S_jd~m1
zp(c&VwGtOF5A2;oJhr_kDBA(OX*BDUQ&*$^M7wo#hj!_9zOp5|uI3Dzu2hY=<gs}L
z*c^zorjSZ;i-tnYC-w_Ku0_!sGeMV-&j=F0DQtZrIGWzO<}mPF`!DkAK0W7dRe1;H
z<f#JBcMpjK&7A6i1br_UfgA0+V_6DAhJE|4taBx9AW7eXcO)w&K^CEAVE6cr>Q%E|
z-)m-s&lWhIkt@#U#j6!@Op}5k{2&JABzAYl4?I(TMc~J#9=E2$q90f1D~dueKEt#_
zz{^UEwKW{jrp#%XL)kEE@ia^fWG!*_dG_0H*s(1;ygw1!9OJN2KWHbJ=_`hb-$t(G
zkd(<wY@Yd3Ca#%5Xk>FU2A&sI<9iV$Jo%`cR3K$zKtlR9CUFJdy{u8}`u$agY+q%2
zj@w!@acP?USsDsQdZj7&CAvF4Qd9o(t{>P8Y@!<?**V360}udHHkFS&m%SQ#NP-7d
zOp^AKqXj;9CkQBo=FZ^g#T97}VqZ7c3%C@%1t&pR<$M1?O?DHP4#o+k2C5os>_)+%
zAcx7=kxGEXqny=S97?mrI*ds;Wut`AKrNmvW*#&kT?u79XQL<P06acorO4N<Ty3)-
zS6x01VEuR}-%TriEM7#G(zz^rPu1gCmByDLm82r*_$XDE8&brzp(-xbTQ)&|d~i=W
zwq0hNf6e8%U?U*_4=7%CtX#oIZ(AvDzSIX}yRtyKy%!Ic?Bs5T@w^{ry8zl#A^$b6
z`)ky<3C9&29K>0@)e2O2t_Yb^=J*H&lA;*Uoa-UWyLEwnFt6qr837g3YDQNDB6EFC
zd<rfz4DMr5@DV;>U#@bJ;dXi%r71JjZ~s+Eth{7-aVIKL)F(<17MZNUxq@K$YB(t|
z5t&|N3S7m7zk{0GhN7W&tMY5|^%Yzl1tqYOt@-->RTbajI8;eZ!C^B{#+2vWr(Og$
zX#&jCY)d4Ucz3`SJIJ*X*n{NKc8Q^rvs<&@AcGBS@=Ah+czYkozen0?)h{)^bFgdV
zXA<I?*r$=;(M_WSVFnpRu3&kMAvrXqR(6=h%fAS`&@(;G+oag7A%%vro3vfjs5ROp
zA1HRJV1Ga(;5RlAkBQRS3pG*z{@8ErHK7T={rCH$^9sM%sqZ)7;yWQgQ3pH+wG}so
z9+RY8nTC}p_&T<*`|?TQ`omyX%KXlApR)d9RfnD_?$XIt`9dws9jcUyOlnSyN=l94
zB9E_eNc@^<7v@?y;%+R8Z;K;n&40T-y+9U$UD)y2$tA6D;wbJdfs96t{a4><wpa(L
zHQ`qyDRAmaK*cBJ9|WCBMyfZg<ZW<=7>KU^rbj}&4Q>pO$VgZ+WPliVSN2edog2O(
zwgU_KI0*06W>8orrM~#btf>_i6<AbDv4FFSVr4auP*p?G(+Hajm-yl6Sjk)iieuNd
zGo{}h#{VI7f2jPIst3I(s0he}?~gvPCwPROAIG0Dq?SCBDY)5g*W~|oUe+zP!=Jt2
zSD6{8sDJ#9MMkh+KfOJzUR-|s@BgVDADtgv{tvR%?8s2Q?-LBkf(<4b_~Me}Kt^`g
zD_kKQ9J%74J>~27L1Z=n=VY<X>3flz9C&)8ksYEDp;Y+F_Xz8e7nf7*k~@CnI6KXH
zqq)m9K^*5-*SmGaQM65F$t0t|CnliE6N1`_2=w>X5BleM|A-ECd3tp6;j}igY6CAE
z`OZqqsMqWDPOAm~*6a1`zwK7N@k67vS8wh%+Pk~$AL@<W-A3aFR9|T=N`4|5;^2q+
z(q&~E_e6faeS=dGhb{F65NFng1Y0C9Pz`<mzO_~GfXoGFd+zTzV0)Db506PeZO?s+
ztpVYW6+FZs$>b-n@BfyQw6&E`9(X=+rHz+*{SdYp-0Q>}+g6-$Gr%tOF*p5+Q%-lV
zB@<N1jQC?ayocx0*&QS-RuUqhIJ67V$Q&X}x754JSthTGDbl^AXhaD`I275kc6VAl
zfCcOvTVa3`Cio<4DXW`2qfPQ6hzvIDUzvJ~iwYS;#ICgk@5J*ygQh{cITFgo%|X9h
zUtd(v;PT=aO8pi0Z*XmE>j=5zR%Ca*VH+9;g~S}XoQ1&TZv5o!#n0^P2;(m-fU(6w
zc=K<a#jYF_S@$j;*(Tepl0ZHPQhN6xF**N#DzmI88}oQmFQQwvg7<iCBH5P1I1|~~
z$4aW%{J@1)WG68Re{(DJk|V!Z<CW~E7~9n5p47<k2DVv?TRyZ0L+5^r^!sd&D}sXh
z4!L8fzqYmYAD`u!6u}|;Gz?jeZF2kNjf4RKzO8X65K$5clS~0B03YNN&y3<I{~hq=
zqvC<C6kYS(!S>eHt5@hEAYd1zc1Y;f){n~R#Uc7yFb)|Y5(ANs!LM6C!U5(X`uhL-
z3GLSEUqSFYkyRELMToVvbsfaqDxM204az}@WiznYi=<f*GWDWH8;xu?Vs+Wt;&Fzo
zcyMQR`qd8tv;PVyX^%$uFV97%zh0rg(L2u@I0U`>^%UY0&A?+*0y<(hxBfn?9_Iev
z`Wt=zkI%A*d34XohIxpS)b~ipsnPLZI}ujui$CDnqFh-!H~X|I4l=7Ev|wi&K@HO_
zk2Sb#g>UvLbc&VMHTfjVRuA9O)vGe;B+FKB0FtT@bhi3>ruy&Fn*1vYR@^POwmt@Y
zw}#Q5k!{|{Fs>xDO2)^e%ua_}TVKC^-TDW2MGuJ2LkolrUsjIYR4OMQmqm!DQxhSo
zR%5#IpI`^aQ-48mTi}bJa3#etXBBksMdB>dcRXP?6Vq}!xA+hk$F_JX@Hh(Sb7s;*
z?;<dy`*=X+*Y<X;5Kpm5ULcAqk<O|dd<j?9%!A7G{0njXtu06lO=u_+7Ys<qwCp3h
z4?1Cg(=cLRmhaT*4SZ`t`3emi+AX<|T{+miLFN#<E^(4}Q+7FN_;wBb&bkMGX$xXJ
z*$UtV6k*okx&3(Hcs=g2!V_X+XXJsS2?P&PZ$vy-4dw|wsClvOxQ#8XjmHMykNhJB
zPTzLe<S-y^xZ`^?gicr`u3hV4I$W}hDf_=hYp<2r|8-i8rr!TO#1ADQs(Oe70lBlo
zE%B#s`=pO;NB-@4kxNOqwe^Z07)q}!+eJseU!l|UGuTR0IE{m2-|$l$9HQ6wmV%$y
zYc^?ay+T85Aq=wv&u%Fv@~iWs>$FV{4weZeFeL|sMozf(3J#qE&-Zy^K!&O-h<a*V
zama=}c)szI2S}`6V^t@}@{k>hjFlL@hRiOktG`A=&$~g?<{oc01-=ZIa9@BRa<^V7
zyn#Ib>ImY6Ienl50rIHFHix!rhpz>#ACp2u+i{@fV}dN~4&YQEZXx*iA&UEK4mL5{
znI+6=uDA6HS;Qx<MO-)|<KQ_Q@)JVL&%|*MX5FTEh8d=?kP@fQH#Wi!$qIAs!Q&1b
z<$X4B+9RGflgFm;Ji0b(w~6^?5hKCAwq4t@`{?s$Wc=fe{9;v#;gn?%5Fb@fQPo7R
zkAA<Zvd>yQ{^jWG{BQQ>@yGM?4@Z~3@=LF`4fG#BA){`fFJJ!8RyZW?7D5OSbLgSh
zC&VGJNTqv)aMiP9YB|;ckI&E0Zx_eNccOvqz6K$sH5<=TGxT>N0Fq7xWUFs)iJEyX
z`H$DnV(CcD|EdLhCrOneug6zv|4Ti0_A(~U|Lsnz+3BR`|7Nq*uIu^#A%4DXA(VFV
zM&Drg7!HKsqtEac5?A3)FS4ER%ry>Cqmo>;aELkHG!Btbt;Xqrs#QaIjGs#whv1g1
zTpt3XR`#lGdhW63cmb0c40`xYy@HyJMg=w7?FwpatD?ED4Kma)^nalv2Yk<!=lB6A
ztFcUYB<_8Of4^)Y^qoC!aF<G-`@kXNL_V+P0gCZ$0_nG9ur(BF5X%lTZ8ioj3C}Ep
zGZ*nI0rrR2p2wzRsaeAgiFCn3jZVF@TR&(YG}@hgxa-*N4f|l9zrde9b|FAnd@}jL
z4D8sLf)bOj%RfaBaK*mbKdATXO;ty?!m!KknvJ&E*o&1UpE7zFByz{6t+*S|;d|l^
z!Xc}3J$0QFJ+Af|C2BZ+0$h#w;eERLVpExJ6ha11yT-15k1u~$nihLFf$DOt>f4T^
zc5S%uF2I%zLE$KA(jc&{3ooNo*6g;bNG7YPT)0zZAY|OLzjL)1LZbUC64(VwvsusC
z>%@OMWB^{FYCZ6HkbMty176PscSiWG=&J1&T%|+rHa}KFFT_s4(|p$@Z{%9)*e={v
zrNPBp+v1%_y{dG0xa0!)p3V6?Sr=j#lFsA#=~*rAbMIqOxeEE%Bt<<qAvVi>5U>@q
zE)r4o^YiQZ?-wvQ7Z4bGea8!v`cnAdAJrZj*E`k8VNkR8`5>;S_wMnX&F(dm?k|2z
z^hV2CNkeSj<Z4Vq!XWp1+s!wga~({mE4lNbsWckB32;c>2y--4op!}kL%Yy{zTNE8
zF82MO{t%9He;5_yd)80?{=@i(?^%Bs-#<4-U$(ay{(IwlRs|d#oo)0Z>eSPU=zGBk
zv(9cXblc_1O+O-o5Prs-&r@B};*s@pEa%%dDD3<9w3LAKVKz68j0rlA12Qswm{soQ
z0H!Rt9K_cz$v|}A%nMgTyC3G?2w|NuPC>QkUq~F#Df4L<uQA`$5sd?4<;OGyriRpf
z1;e>3*HGKF?6GY{*vYRC@)=m#k_z03?wLXqaQc#I4x4|(sD>2P`K3Pdbn(0t&p!oY
z{T|;<8f8fb^88WylZ)($nJTaw-ry~!B-fSr1e<%D&#<}6N>hp!u}!XJuHWD1KR9;m
zLD9+r*WdGSQYbEk%!C4_BOAW>8L!NKANTt&47t?TiCj__7KJVc8oFrc!oOR3y|x|a
zEpfctYY*<*Ze}(U`c}V2`LvjnGozf107)a;ePgRAN%)L(O+V_2JPQjVB?gfi^|fQ9
zoVp9qQOQS>YQW>c6ITP9#fsJNc6K$4@ZA$vLvE1AYB=5ytbBa&34H<|TxtE*V0k&P
zES8(choVyfGaa&T_UQF|ILK^zj)Q#)-FE_>O^uXNwAjd?#bzsm7PEG)cCJqW9&B_P
z3WSkX%rE(&`i`exHgcmT@NSL5_LgoDj(&UB9os<|VW&GHBQLn`_U=RI-^QzUeZSL6
z*+Y+bEG7Dlzk)u%EAVjtz&hw3s1JWQ`tNetq>asbYJ7gccSUmB`>odAOEbH!a`Uo3
zr8jnRm6*PDY3i+u-ntYH*-1N@54Jn;@dY<F3yRIHHjlN>$za-|DRTx`yS;7*J59}t
z?r)w*^GlY#mF#Vvhzh0+_l?`rq$`Ww0{YOqnx%F%y_6D>-qTF3XRiA{{4oH-;Q^r#
z(wdr6y1acc7=Kw9dzG#YS&Y5E3XI*FjImkgIHK3WrzY2T)(F8NMa&iVRMPPL5#jmc
zV%GxjRyfV96}qs8mcw<wy(_Nv4A^FVX!isaG<o?bR?^8FO3Lqm9$rbas^aXtOckZ4
zJ*OLjg)c?D5wEvMTd&cuM#C=)4P(glV<l$jebUs(cV)=8(OCiXJ=mWNeYJV{dEnRL
zSt~Z|CPOtfvuv_sZwASDK5@H!Ya_r*i8dE8+ZJH9O={`Lc6U+^4C#i>VVo`4;%rhw
z@pv$)q04PmHmRW_d^f3~CmVvXKl;Swd8lQ~6oVfcVlM@;Hw3zBi2ZB~&Y6J5w--Ol
zO>qPcaDtkWxS`E6OoU{FY}a%mOQw?K<ob}YMUtlWB(qcPNdx>&2H;PP+G{ixK=_Tl
zDG*;<w_p73U}LP?J-^=_VLx{;Kf-r2+a}R}B1M`Xc!Q<H&5yW-g*|%JmUK{+I^&o7
ze=mkk^|zSWXrKEQtG3ra_isT%T(p|3^gErM7ksCUKTNm+OjNzKErPP}N$+<S+3)=0
zA45!szY=hI=E)3XeN%8{4bW|@nQ+1r8xu}!TN6xdn-kkSv2EL#*tT<G+vd&p-@oq5
zed*e}YQJoCb+2B%77}h-X5B^m$|2GKaOJ1vxb!9`@6E@dDaih}|8>mLp&{V4!C#06
zB|RPWfmrwKc4K{y!~+YofhS|X;TBAZeYzYo{_on1FCQol&~keB{SAONg1KTYhm^n!
zwBm>eNr{Y^4}`%khrpg#pY2v<x+7WAnHaTVu}H033}jAgLj*GS&qd=NEH97UD|B)+
zVQ|kBa17-~)DIZqH8Kp{=uth2K4SF<ogWy{Ca~R`nD9g;{K6XZLjz4@N4;Hjrf6J$
z#&(Zws?T#}XzO7@>WuE?Sog_8=51dSiEhIv*J_`EuD4qm+3igb06>%d!sS%qiepim
z7BB_8^nc4;d`Kad{H>o4K&;1i?w1E(V#{@by*QR>OfxJe2U(R{^oAbl%b`2w%HomZ
z$nM(^tRA`94K$=EFq5D=rUBb^RU5!FVPm2J!E4N5aaGWx^sHY6BhLWC1H8(Fkppm;
zZx#5>8Hg2|SQ4+X1m#NMX0q70YqXfl<<BWWbC~s^PW~igLRv`5RSrsq=E$lhjtb^r
z0N>fO68>h8(NV}0)r4psSucofDhG-g<UsbdZvYqH{ZeLR>D<P``n7#VA4gC+!>0z=
zF#8b|%#I6XOVAUjBnS?l-+i7|N{(0g?Ubs}>oaNt-7otbQJnw#>y-)7543el=4cIl
z!~mA>vy5iM%v1gxX7pv>fdMQ?tAFtlWc@1br{}r_Spc~yV!t7Y5d*VGQQX&ZTGx4W
z>2rK}$@|?D$MK4Z(n+l*@77`r!TVBj3z30yDkUp*cKs@rXqYi`18}hHNiL@Vx6H1N
zC(i1tn6;n?XqqC%2$)s#sN<D0;J4P*=B(hcWs0n#qJ>iX2NDi$*0Uu8o3rP4`i^1>
z=Zq>0=oE7o^O*DJKxucd-}uRm*WOpvWY#6l=yToA3a6>K(9tG>S`1aSq2|$yTRR8!
zFx+nCI|gROl`~Od+*5GpMqWcKt8Od}^(4u)2j4`wMio^Uj*S5jvK7TrCM^os64`n5
z=Q4{LWch0Of0pdTvvc_{SKYvL>%#0z3DBSm1n2X8si1{Q=anF>nP<=78RiWNW@c~r
zOuzLO!rpPt4U3azH{!Un+_>cpi-+J_?B&NIca_A-6FeLJm@=IZIX@6;F{Q7%(IQmy
zSIRxwuvkB@fBgGv3=1+<XsXL?t}2Hle+KSVd#YIb>8f5Y&3SN);8nY+r1a>3SOP<&
zc1z*&Z_Om!>+o%(`0szctE3Y7ct8ge0nXQQK~6_har1<Hg~@m!PEi;VpaTK)zS++x
zF%H1CSzsT-q`w^?b3q`Z^`@u-ZKooWO^`GLE5fd>AD)>QmjOZ6R>b?I@5m6O{{6(P
zfEn?4+AJ`|J6}MF)U4r_XJ#^D8^P>QxQwG>*;Y>D!(<Dg1!rzrdY^IAuG9ArO?7GV
z&ac$_;5<Oo?$FzkV6F6h+(~UcIAmcUMrmAY9Xnlem~&-6EG<i(1}+^rkTjPEEVg|Z
zC>~RdmeOGmPKVE5ynC31***XJP%uYsQqohfA|F1UWzkJejgpUJUhR;$CaMU2no+zD
z&&#3(=~UJ<H`4u8KET532P%+{ajhS+@7K^Jgs&1d7dy_S-8`|~6x*tL2{wT=ySyN>
zZv|PF5YzCgolzkpj9J$WxnE*b=9h#dfR|VQE`b@24kjCkWh5?GehQV(n0J)b)4l3S
zlDoq4s37-8S4r+1#9cyWP}D3^(G`+a8vnls&g@XXwCEte#cUA~1GHZhHWF<<Vq~Kx
zC!h-9y42cX5MmEWagI7VO8l~+fqA@KS?_A&n>tB6)~-h9(j+`AT+ZMg!=Cyi^Cxj~
zV6%>0fK~D%1;|nL*s2P3XBN)h7FBHWeNYNKZ_xc`pZnCvMk0{m%%g`6i8kug<WO#y
zh;IyOSU9(%r2@##`SqlwY5)3hn#~T|P#Yau8a0Ov%aMlP$9pnBQ3DWx)H+Z_R9SI)
zTK*l|>-)zGf83?w>IDsZBWoqW3S9`}IEOQ(z!6?h&n;sVp%kki*DgUtFw|py30W}I
z@?ZsI22pq(GAMQL_TM0|Pg=Bx5F5Wy%M&d*mM;xqT^apPm4VK`;z!8^OmeExyn%{y
zcsRwM1^x7pqN|nJxMn4>89t~iI3s9!c~5#dgSVHEs2HDXU+D18SFOh4#pkc{`F**R
zZX8{3!g)O-C+T<j7$d5cu0}=VBNiA;p0{zC>&;_c8hsI~Q*T%r?ci(JPICX@mpEH9
zaN5@>Rl!w?wI<pgf?KUo$vevo#6$n3<CF$lka<Ga{yOC1@FNUnp!`?;IYTe*ViwwL
z3GsD=Z@<GE*4OsTd=N`gU#Aa1b~WlYiDTou5%$rVy?(UpI@d9wo`mycyvYh=sJ`+K
zV|bMAE;>$i*m=Ln-^qk9q_66@wE{Vfecf*bW6WS1CLow2@<`sN<{=usZFYzh)cSdh
z98l>~0}KBjMtfMyA9=bP@m3XREAeEBL2qjxV17b`NLM30;?>mKAt_1uI}<hwC}paQ
zr%4))@#yS40K8g{P|~uQ4a0DGo92}p*OnJ^3OfB$@wGsB;Ucf>^=!<bvV9!9Y&c0j
zNcWePAMOmbQP6~we}96}$t*sSZRCFf&(C<7iwp<ibeVk4phQ7j;|2vWT;qfILg266
zD7H}^uSC8d`Qw8$Hn+fExaI$f^%GY9-t!{n%ZTF|&m&moN3xBY{ogQtfMe|7{p(qa
zy?)sUsX<l@Wb{8_@g##NN!U8sE!@J3qA3-qvT*=1Wz+DI?-RR4SAJqSV=22GZ(X)9
z*90~#nEk(Cl~PG@DNr9%YvO{y(9E`IW(Z_k9H*4VwR8|4T2;FZTzHX*WW}v)pI~3K
zYIw;Cu05bGxiZJL<XTnB2eL+MOs#>rx*Ez_MVhfAt(ufQl8IrJ&s?$)TJBcv<$5Vc
znbZ<jGt?4ib59)gkhs-7JW|*WB}>M$di0i$i)LP)P+M(N(oIGW3{l1;oV(N-LkG^H
zZ7BzO`+7$U=bZDeIpt^DZn`Sq%D1`fab$(z{N|3MS@<uvCkJ^}nC-df2g1e@DxzOb
z$3X)8xhv&f@C;|A@#q>KaV!6oMpG}Q@ckuLYbe&1(uL|@!R}Yod-XdeB}xdauZJ%W
zV}tZ3&nhKq8srrig;e=o&}>lH#~=^2p8@y&(<Ce2Y%gDWx(kK}aMcdgoew^I14d?=
zq)r8IsvX~D0Y+j|f$VGa!$J`)(mMWks)FMT84PmPZ^yow0gR=eFMFCC^AGXH+kunm
zr9J&)U_aa}2T9BfbTyfEpi-!^Vs{{M2Q(=iApIwZFE|Uh$(G?mw0AVxk*>KqI~qdr
z#xX0=LtO2t=r7D$=xK@oe_X0eCtP|PoMj5i02a;dKKhcN`gaq<1;*APYpuz9!zrgQ
zoYgP%SG-GLomFrCff5mi)kv%VW4?sJ0j#N<csIf~GCI0U`86KH)tjcrB_s2um|w)^
zHw?|eF9~R<IoMj!Yk#&4OeZwgv%cIpK>?}-_^w9Dll`p-k@472SvJ}BbfmzKZo`NG
z!AsfvdR0N7bB90R%U0#v?W}tFrNd-ZBeoRh@&eU9c}~KP8yy?7R|*=`o4#mITX|dn
zU4(uL1~gc;h%ywV(ofU@jYC%o=Q8@!=(+xV%m7&qIOs8TEbb^Cc*Ic2Gp1ThJ~U`f
zun3yasYlR}c!C4A_7D1?xav!<i?4wTy=ZB=0TlNmt-qY$BOs0bo2+;=@-qv|LQ%Ci
zqZi$t$HH{UjcCp&VuRQHg|LvS&8rZ9o|p9}O_Pr{Y|Cb|EaI;uNE}}4Pj?6+QdCDW
z9_C42J{&;x7mxCiz=&3V)T@4m4cB88u1SS-nZ$KJhY6>uK={e=-5h8p2HaheI7E$=
zyKXO8o$42m4+zY_s5~kiur_y;7@J6mHYOWg30X61P>7O04)fwd|M@Hjo#2%YI*99R
zAj4mSX>N9H$Nbg8OEE9Eq(EwU-q!Tt&WG2;#>>8kJ;E3sdzP>GJ8@@L3?`XP6GtnJ
zIiK~$wBDCz!RW|Mja+>Ce=E0V_?=!ytJ{rXAn2=j6U&{IW@j0A+jmop;(Quw<q_VN
zo+{l|xAi7iQ~{YCo-lb`&Mg*cbofyN-b#ZEa`T<AU+4PwRMKT@$X*%CoijV=Z3i+;
z7f;2iMa#5VXbW3buA#d0>7q{?-}nmKufMs|RJ5JfY2bDmQwPGj!`9CuQ4sm?h0XaP
zmVWh?mRL~s@9^EL?Xo_^T5a4xNvgZ6hklmq-#FyHe;Mgz55eYE?%Iy_dI%ba9;f9o
zW3{8O^iI#PPZ8>p8Srg!@5O_`A;b{6QsmA%!!EJi;qGFXH&v)GpGKf`p+2*Gha(u6
z`UY5+vIrWt1$yHBo+TIDf}S0blF@vdS&jaJSDJx4P+?cUb{M7%e#p?d0l4W5(5x1*
zeC1#(N2bj&T|#FQU~mr*nV2dCHP``vCw37P*f<MKmY~PO_ve=D;*wLZlIXZuS>=8t
zX?hotY|hL4OR^*6zq+_+yYcu7xx@XaEhRJ6XqG(r_az(nm|JuhZ`}~!kn~T|82m}6
zr6Gu^sn&|1&vr8hhS~2jZbNy?n7NkJHcnXV8Em<wyX@QI`)`4g%hm*<2MBjZ76PkN
z-r+cJKy>ukJ(7qf2VqZdD~gOQOVQR}>m5%5GY?4F3}XeA+f)vxlm%LSmEPXc-HN{%
z3u8SvE5_rl3+DGHMO@t2H46bAu*+8GhNR6Y82jq`6YM%pp?@eDCWx;E=StbqBJkGO
zP5_JTaB50C(1R4UT8g(aj0<L>%0gd1<Pc=PX+c5*bfh1tXETYUWG02oaWpuMcvCt=
zqP`w73|Y>s-oQx0zyB@vogSQ0e;m@h#*RlY8-TQQb>=-wx+X@u5H*{_yCyPvoL)c`
z-fKonX~5gEeS5y6v{SrHxc8HZty^|ZTc}sHs!M+HWUTX?8@QrN(TC7X>Q?;5knjzy
z@NCl^+gNCChV@MYq^uD0EDY)HOY-%fvs^1sgb}iwuT*!nPrjE8(F5PW+F#Cu!;jr+
zdeIerq7XcQbvJ)ODP@`~RSwOaOEyJ1PQ1xxu5A#mpphKV8u;)9i8p?m5;jhfVg8s5
zO@u$_>`jBiPys~J^^GSjb%*85tEh^^+=z_%YndAK2oWC{itB71+GqA)lssB~D_o$z
zt@EY#0NC+IjlDj$rp@FgDt#X;{?3v3%!~TzDN)L^qie15mI!*Yfdd=6kA)^qdBK0y
z!qlCSF=l|vmAp*Y$Xe*@fIv>ro9?rHK&C0F1y$s9$U!eyo`30Mh)dOPZdk@+9mLkj
z@hqyt6Ijll#)GFiOSlnimAWp1)It*0&K}jG@Ti&f1zPy8OvssaQw{rnn4ON|A!Z3^
zW_S1Ss{LXpd}w%AbbRh)2^>G3FO)_R&@Qj<N_QT+h?p^JKVi{W?6HB7D%NH27U3YX
zkG`7Ru<1w@Trnp;e^;@zWq1vxDX>Me+QEVuPX7tD$DHxW05_5jh_jU7`$iTGdl#Pb
zEVX|v$v|$dMD1XDx2$t@^eTwfn&jQV>Mm(p$G11iqfS}=D7RshS;ArPGHAg1;;XJF
ze6PSLJdnn*l0c`j%Kq}p;hs&}l*d~kofhX})iw>*oFCOKF4@sylHU-imOEwW^V!YD
zmw-*o*#-6U@cm)$d`he(lqc}BeuJIv;3Fdqz3803=pvl$OwTASqxbk?#Hv>jiH#Ys
zn|**YHrQylPx%vfsdr^ksi=YR5@s-DbsV<~;U;hTPHgY1;Nxq`<d1~?8<)++X?5^1
zM1igy16HSTvL4N6<gWfoh>uI7>-B3=qdo(XuAgvT%kQ%t3CU}uEx#BOj|&Uu(FE3N
z@<+vUO3LZp8^SY*1gheidHn6zu)r<0Q^vv5v#ZVJJLGAO&+n~=4~wo1;*JUzp!?TX
zVxE745Tj(tBxIh+EWevQQGYmzTuab<w~D{rW+O1j*2wEppOLp@5W2qhP&Gu`)_U#*
zA$PeJ>Q3EIoLk!@&L{0raNJ5f#3y-E%mO0|j1C#hDh#cQ6-<~=fl)YEL)UOq!qXe<
zSeN`Q6_taEWJ7zYk_qR)bSP$X6uc*gf;E+%VA3(D8j<n<$Gw8HOARnaF0!V(!Ox8^
zAG*sF^??4MStWbTXeNuc;m2QPxq|^GaQcj_!CggiQ>w<F|0%&*G5D7P{B%IX4$n~w
zYbRz<OeKmML4kCc{d2dN-&LMQ`fXxn&tzGPJqTTn9z$ZGb1Rs;Bt)3(rRp4I;zzOD
zP8Q+Xe9d95p1hx^6YAQWnb}sp-;@#*A1vUB2X)Ia$L~L!!!wKjO0xg1_B;WKwN{h+
zI`vktBfBUdC)Qjld`-nN`fl96?fSLtee&btV$9(Iqz$1rK?u8`)4x>h#E7Fq=bv3S
zBVW!_rGrAks>>!qlZEsH4Vn$Mz@!}7AZ70_qrNjJaBnP#!zwBevdw8U^JOCxE<%(s
ziENUNWFhm1PnZUeEY!o^h#eum6)%wS7Fe<m<4ZSIRCM^S|GTy7p3&sB9W<1t6)#qM
zGZ4Xo?G)qhG|UFbB>eFK6C|U^dRKN`v$Kumv{tn{IOea3jHg+PvSGnav0Et~!M$n3
zLoxWhHVcEwL%A&xO&>t|MGA-+k5v}%ItQnfJ%(T>xWWr~h^b($`JBR2<znAp%2(Li
znkK-i$>yhQuO|*pFAX&nK6$oFIo#)PaJq>FUyChgHCIUQi9KC*?CW;KL!;dtO`Lx)
zwc=(>N5^?wmW3C(ZQ|7f3t-$B6a;yi<6sah+ANvV`jS2t87Zsv)gI-i-v31z6;k2l
z>{Tic%=pArTB=LHGvGyZ&#q{kk|~<EL76Z-^jPlCqaGAh4mXwN`vYF0io0=$uOF}G
z5dJbhC`yG@J@g`@mQI}wYsA2=gb?S`ZxTgCL{7xyEyD|Mv-HSqo|Q5pv|Pbci03Lo
zN18p>m;+-R^Cz7znca&XN}c-^8BRT<NmNeU+m)X%V?t}5&pR6233BI0hGx?9!Vd`u
zGPIcQ$$mo)qiUE0W38udTZWv)Ll>be06HNj$WpoH8KktX{-9$g*Hq-K8#rj|PH?V8
z7Ot=Z9@{03rj{RxPi%m}LA_=1>g~SmB`hO{$q+d^i9gv;-%J=eKLPg=TX8YJ`-^(~
zBrXzh+ah4m_~pM{|8n)P1#C?Ed~|5>nuKN?j}Ppmq|zN4(<oj$i=nsOe@bjsMq%-{
zahV_F1Mf7{AiXDUSbim#aao-?)!Mq?<Do6JW9hTrk}hYu88d|cS>YM{xVPu<1nVD-
zc>TcldL5Knb3F?8N{`c%fgo#$+89>WtTH`D$z<(W2L2lC<UmFM7N|rOAkZd92$r_`
z$FL@#mCgRP2*_1tYs?E)WPq0XLN0?9z7*MhV;4^OFjHCh0K!LC@*gz5`IWRz`g{|d
z7aHnvG$=`3!@KXfn(O<03ZFN_D6X@Hl5#uRA0<443jm@x;|Xvn3uh+BYKjEl+Y1L|
zLic=S@CKsQV_KjyLBA0T`<gm%Kq4Q%boJ2RS#L#~v6IA){r|$2)VEOXU<vu?Z-L!W
zgIs`99vfcP#TB)Rxzu1Mhv3Zj1CrmS)tt!l>bZuW8gfG{IjL}FX;awK{gW};|AWqe
zGllU|EJCRXe?->Y&Jn_t6TEsv;)4`F=nal03IZ#Mz7r!NfAy4tV6Is(_LsIYnHYB?
zPGOQ%13kPiPT6@%Pkcv;o`gVGmYtbUanh{PP)gf%b(EV13Sk1EdCVZo6w;hPCQFHA
z6$6~b<XUYotK?4>^)-_(oG={-&35~Gbau%QXj#O;WvLawQss8jLNUlBjcwUK2H4o!
z2G*=(SeoV2u>qE^Z~@B|<AkPyM$F^@9a7wa*oj+VwpF8ggLt4AD`3G)nbgKixt=CG
zJ0K{|a7k65l(Q}Qn$&bC3(x2yvU`I0250j6ey>}Wvj|-8YL1X3c9Ij`wqxtyzrx-7
zAAhaDuOspKQhuTgec>|fVXN<@ZaV1@17=q@XdIJ-i0vhFk0#R@>EJ!Yf}S`mI_C?O
zIy97i`lumP$T22gQ@3>S&O#}oFZ`vkICW@gc(Wc`&O&Cyq0&BXP*R?N(mb#M5Li$f
zJ1B;%B@YC$uxTs?&R1O0LjX?z0CTguwcHtKVF3UN9b70qk8~f=|KiQJdcP+{8i<fA
zs)$0hcZq-jYyj9y50zNv7#N{?aN;69U?2;cJEw#MB)Yv}kaL=t7pmv%bQK>Uo5#h|
zLDaw2+J;tS#m<$ap%^t>j0%u@WeLcoH4;+)p2u<u$TJJQ87Ceswe%xk5mSfDm$+8|
zDzZq;PzCAEQ5h3+j|!FYq$46KvPifc5bfhd!zpX$Ck!CD7kvD8(LQHx0v&M@A}3p#
zGCT}xh*6*qDR?6<Mcc|ja-Rnu4K3c9uX`j4avYO!pwS*TN5eXl6?T-YaG_~|#l_p;
z3wr#pY1L}9*tS91i%bGX|9AZa<JIr1EddO!1+*em7aeDl{QtDiIK+rsQp1Zm?CP|+
z_rkZ=^TtAgGm3|_Y#BGpz5@i{;!~mjn-@jkfm@7zZ`q+Yjr^kGe>ovwj|E>AzQx7;
z;YfW#`StN75XkTHEpBpFMjIbxaRu>S;Xl19h{KZ&)(E}t*(kU)!99>iNOxUE3z2v0
zTDZ%NJ0Sy+Be<n&p;WC0{))bEAI9~oE*n7W>4Kwfug*N|Di_W5%CX}yI9~f1iH<|i
z0iy4>>!xWnRr;6{T630@QUAK~j~R&~$^6Q<jo+UV7JU~~(!xs59s1XuAEJxtblXzJ
zDH`E4E%^v4(&kO`{OB+7ywa7`71C11K5o8okyI=L1#w6UVuTXd%M?pdsNnAGgZg(K
zW}^9BPYd=us;o_&w(mJUDtCR9ftj7>DF6CCOVC`-)-O|PO7Zl4iVxk05h2f1pBq;{
z6{j-uBi%c6E*mtiY&&$O-auB(C-;Pa$_{tO=9!Ik>(Ae|Y%Y&!{5dZG5dNnKOMegY
zec{+B+eO%0jrzD9r#m_`fY3)cI{4Fu<<a6^qhs-@`Sg$V>1LFv!O)G^vhzNRITtG8
zv(1<@EO>4M4Z}b@7^1yddU7B`2MZ8CR2sr5@8zK~{EV-+D#*gKqvYAo#YI;-=@ekU
zQpM{A=593ux!HB7AEqU~U1)Km=+s}FTUL?yuSRdoz<Nv{BO3h1=6ZeJQVgFZb;GTP
zo(--It=;ogWy9ow=mi(PP0np@yY+H2Q865m*9!zMIn5ff>^wJ3V653gIKh|T!&tqM
z=Gu60^LuQS@%#H1OiAzeuJ014%_C9Dh1rkkR&IG<tvSm4=@SOE+|}rJh=}L!mA)ur
z+t6nza3Qo)*BCIVk-F;I{2-0}GIX7ZT-b=-(RK=3V7oa1szj&u!wNETuw40N2CE;K
zNspT;x|#phw$~}I*jH7ek9G1}jrW?K@FgB0c*vVY>e4%v2tPcVqP^YNY-EwRv;5n{
zmpexyY&>!&DFT%(ixhH)kXySmGkS$gOM8fFEo=DUZYk>p%pO}!E|p=3llH&-vj7Tq
z{oeH(4_&DX^e%<Fzqu#hvD^2Ve|%EUnT*g57%gr|qem;U?6#9-X<0cd()5_*N$X^`
zHmLn=wA;h^uZMTC9wUzF*oe^c&}KM7P|rQ?>O!aI;FLzwTo2<O>*e_m0y|ZYOmtd&
z7^=jke*+4kwQ#hUwh@AReK*1*VEcZ@{=$4C<lpI&Z4Z4&n8Lnm&?MRl_F8aKtaY}>
zgk(#SLSI9=5R?9UEHUo6bM7wH4ZlITCX%6uAmLPRVDvRkMW@WtJf_|xMu|@(k)054
z`AUNq8JoG0&P-vtm;Cb{N>Ey$#;H0sT#V*akVaDq!>Frp02c3N&IpkZI_V@j+4OR9
zGJ3;BzN$*el*sd?Lk^IjNir9$g*xX*7vAY3pQ*vYJ81x=vhbK)RVB~RhLud{!_Cdf
zJF+;$m6&})awRl%mk|w3`7Ghgx!)(w_ldAG7eQ`Rm(c35WEEs2ka7$Z%i@-{?(W@>
zkp!q-WQ%~CID{|I?*Xs0>mo<l5y-LlIAtHmpP5Nm3b4o|bm$?JjHgU;|6ulrC1kiZ
z)2p`4>+UGCtS1?9LAAyDP)rIOoD4QP^WyZ4@a5`h#sG{KrgPnMj{P1QVA7^t!(Q0z
zw90t7y6KJET7NEMnY`BE73~!8|22DL>+Z}3r}ET8ccqoP>=wGA%<Z=f`I!91@t}3}
zjcRddO(`Nv<*wnTp(t@Eo6-c^2q&Qe%Z_(8YeQo0+mjgmmJ4Pj62xZ34N3SxV)<$Q
zY5i{FI2A!t6jdYaMM-z2f{e?dk|n}iD27L4@q|cg?D3tPG$Fk^F?rV-68Fe51HrYm
zPu;}S6%)q{F1I1x8C2{~KA!Au=cihT_11bb;Cp9#50wv{2f1~H(xo>wp39We4W&z`
zVY)LF?dO2AAfp;vL{YOM-6Xq)v`lw8o3b?B0)u6S&?~!TflcWr#bnW9M}+u5lnLg9
zlMCc4TbC=jcJH4<r_D~x_3QQh0sCz(_dQS;a>q5O>IEfz7g}~GAwYckp{<)eB6ufZ
z!7v!SluKC&Ez1M*`RGejm*q`>Y5?+P#_3`VEgVKDu{FttdJ3m#@q()X_t6q|Gu~G%
zIX3-4E96vZlA`6(7>nS1Q3>hI?vS@FHWRLc34U2QRW~0dYN=0dDO|zYCGav~*BEZ5
z{EKcp5+Q7|bwkZ&qw4K2CU5dhUPsb%+~r(S=jikNnXEe(>r5>L$%6o?Vy)7`(-Ow?
zYUE?{+@!oS{rb~p=?lpGd?oho{={vo!rEb>$wXONh_IsMab(`+Jzg%e!07m9N7#n_
zr~IU%uOlfu-u$q7wdhdDiueDgv0*`R1H>gAr@N+Oh5c)$XVD+^^Nln}lJHF|EWc}^
z3Bi>|uI}ikFWEOxiTK!4zIgF@6ho9F61Itiq0#K3{$7+4q_Tc^ZP{cXPni4#%Y&Tf
z=YG=bDFSI-*pM0ugSjna(X`VwRzFc4BBn>D3|`9UGJ%frINh>QDu)!1)G^hmX%R8}
z?^JWgwRs6eJOw0FRDu%@BO%GjJc`;i(PJC4I3WdxB-ZpgsDgt;=6UquXNo4(Rz&DT
zy;=6H4ia=49>Tfr=SePZRs-}F0lw_Wz@(<kK64^DWalv^dX2#T;Uvnc4mTlv$;!(^
z?erL=8I{GW4Ub|EB-wr1`SH@<R5wfs?yuIfM=Tpx3nm$?*2|(WSaCn@^cgaRe7k+r
z)drs1B)V4f|0qF1ZS7uzKW7I`GTRwFJHMkYD|=?;|I~)daiM^`!xDiks(qiO)w2{B
z`3{jpoZgFLiuP~Cn}^Kt4%D{uGU;n;;_EvlC>oCyYrvX0o=XApBCz1%W>8W(&N}@o
zJbhDG!oG7a#?r4}V7{LuG7fzkIykof#cOK+A6`?Msim~=;=CF)bRh6Mk&IP2ISk0T
zN*sLeluAGt0P5NcIawK)fhA?vf|z__<)5jBd0M$_<wx8y?J}iQjW~YtmTDri_VJ;O
z-0-B0>?A1KpslI%;yGF6+b<Gf^Pr7NF)>*%9!PLFA+Uyn;%XBRXL=5V;gbf>Mg&I(
zJejf7IJ3ksKhi<K0+bYgnDboiTy+DioP&m9`>mY68YVi_O7v{WSu?2ODDK-16Zcr$
z-iT9J%yu>&-rHtd@Z8Qr#aUKf%iHV0WBVWY+8M;5alIy7SAx4yL3SY+qZcI;^Z+j&
z$h+7Hu7+%ILUkpP{6?^+=}upOM=0)TA3;zs+){lVwjMrXPd_n^YtQ?jq5rMfJSq6i
z3sof!B5VVW!TbHZz}7K@-}@ghzy5^WSYI&+<Z!4fY!H%b{nsVkyIxjFTu)XAn65!_
zWqF$1czG$fxciNTsQzMbr`5$`aPnBhEL=bR;FR9tSVg8$^krc&e1AX)U24Y<Nq=q0
z3VZg~9J_8q!ZV#39-%1*@*VuF672O~@w+$o4~ClpBN;zmS+=5uK)rMOI^P*w^~9xo
zA*)H(9wJ!T&eK7RC*z3==nL+Pp4+APh0lgXY@rFogh(=-bB@FUp^oGSwI>f0WPx!*
z#U?wHZ$*Kdp~L|MeBC_IkDmQc|G{e&4hj-6Pd1GRJ<AC=ou+7@CLdVV7W99t6VF$Q
zh|es<v~><EdkWUDs2~c~oM{T+AsA&-pc>o3vYjG1_B>u3svL)Ny0tfFy9?A0BRj}d
zCLtaPm_*dC{W-nvbxxh}K#E_oqo705MY|5riH$be8*VNoJ)rc_6V$Ho<YIi@=D?@;
znltnJh7-H(gb+v;>pP?3ZCm0))~N52;J2jgZ41XHlM0S%GH&Gc%F~Gc$4(rhB5BsD
z)JJXP(j!SjS3Nml^y5aakf|Rw!n{mxA7xM@`mlnL#FtTQcisN|<=_3Q?%N5+F&slC
z1joQ9cceRSNJ&H2+o+aR*K>B*Ti1kG{@nP@CtI2a-NffB3V+(C3-GP0Es^udXDk(6
zWhgo3aB6fll@g7jos=HFCV-x!SY{Qk@%j!v74h-JEa0}y;vBN2d-D0!(AF<P@NOKv
zi?ePHn%djZp-y>OG^pO2(F0XJTogMR*4B(==K&l^;-A-0TVWh1TrC_+xcBUzGpPV)
z+c_RoHz{a+d@)hUdSYa~?aPSFb#*;EHSKo=#a}^)znv`4Hl*B_mH|Mv<%A_>cCf6=
z=c&;x{fp&7D8dU1&!>i~?fie{v^C)>F(!qhRmDq>A9XW1vK@gZ<jM@W$maSZKLmRa
zR{5rXmgoqo{`2qEc$gy`eC^OGOF_s}xb#y|R+t@RD7$<_(NvuYlkMxi5FPVCKU(-x
zUFGiNwTx&na<e+49PaL>J$2)buNQxW;T(*C$x?`=-Z9K)z)NTo>jg&{Dz@VG9%)WG
zDd~C&?;{wf({d_Yua?}_2H@gRJ*o*N{RoN#8KS8*;qZZ}ppaYhs64HFv$5Ah{RX7w
zg6DbAZ}91YL6}0J;>jjw_0iI*D>@MocbC-mlx&2UV$czX^e;W+>;CofS^IdgZVg(_
zdwP4FEAAfd*maE}8;d$GN{d%ts?Ahxj><RWJWrjwYxy#uDWUc!7vQ!yc|Pk3>HtUa
z9FA^JD;Q5>ZInQn0=|2131stNECj}9^lIVmJVymh;_j@VOhwZ~duz*c6MopI{(Ym_
zH0HU6o>}Ov$%a#ZCz7&JBq|S+Sa3U{HaRu7ibEiWK=p#6u?%_HJ3bqhNoY?11a5@Q
zvmu-Z&$AUgkdBr9G&^6U^Do=z@^VulgmK3uuL=Y3YLHo|-^O}B^3!4vrhDTi>``dD
zI}ICMVTx=*ZpjB9_{7!Sy;8nNkzpY>z2G~jo_vb&f1d8Do_hnsG`nuG{iAzOLzT64
zZN0@RdQv5ZRk9;R$^hlf?AyVTW+{R4X_6%c9oo5LHf49-CQvOOlmC2g%sJJTHxer~
zFFQ_mkFN?kqtDwO?Ya2c8ly)$KG5fHX(T3#Q8Oj`1Z9r>#m9!KSNmr6<q)xQLEcb{
zg2=bWj^AMO$1=tKY}UZ&l38|x33Nn3qK33*L|3+(exV*MIj&O?)!lt`g%J+0Pt}_s
zdfwMkrH?hiP75p@Z7j_uYl5kN)XRKkcpGaY)i~10k6I$Hl5IT42D4n3=2q_y?HHRJ
zxd}n)-8L&r3+Y9z>A0`Wi1ynXZ9EG#OCISRCg7ps;^s87wRs33Gda75X1(bJx)=|+
zys|6RI1!K?L*5jE6L&Klk!oRzEh3szoMe6^rm&>HK9(e1KDXK+kbZ<HE3jv)WmxJo
zEDK#zBWs=10-zrDuLc+Xj{i*A?Vw;1=)+5XF-zH982>W4kJfD*`s6CD8O1G--pJ(#
z&Xsv>q+heGAWCB$ec-hYwEVGZqY+fv7l?>-dl!TPY_57>6=+@iiZx1(gs1ebUH&^H
zVR{qVrq)B5@OiZH??G1B{Yj~v%<asb{-Og!xi&^X)kQ%5Gs94I^SENIR>F__?S7?}
z-UFy}snW5bBOHet_a+**C-$Yhd#@$@_*h)D)VAi>iz=9M4`N5)d(F}5Y4+z{x6I4`
z{JVCHfVNEabkR-Tr3$^NlfU&^PyO@&fYv3I^<0_lPwo{?#PCE`B~MwgP%D`V4|-|9
zMk1h%<91(V<(%)hsfC@wRc&*j$jgRvvlu?2%uN8%@LDD~48XHWwdN@z*)wt?9OQY7
z#+j`g?b~cq|8#HtBeTCjm`t9hPcyO05LYTfe{)^l)Y(`J0GDv06kW`0lgZnsEE$+>
z8SPWnjbS^b=n6nCnJ6Rr492oW*U%-S{3v83#0XlXiEiu&el&B9ew^@_Z%tuEsEiXT
zzh<&T*FeO1Zx}KA6Rf+hIp^xl{`XFJdghU?PqpnWe)x(|{`ZC@)c&K`F0SBne8ClA
zzTWI4g41)9INZf=#;{0{e#lP}ZziXBXB$IZ8qF8Gfh4x99>m8RzHputgKu9iSDYa#
z1oo4QpN9*F0DrLrGVKPrz_$`feLQvkb#C6*3_FA&$^OZ~%u<xKCcNc>l`kLB{=KEY
zvGldZzdP7S#LwZlqb`vMpa_at4W9Sz)p!cWZWDs<0#R+_O1(NmV{WAG?HE5{J7L%r
z$Y*V&86X&@(BXvrj{8}4P#_V4y9%1#2!8PHZD^)Bs3PeEVtELAeiH5A{wj6-u1`)F
z0O8T+MQ`-PnC&1OfvfR0G<CZ>vlFdfzM*Yg{=p@_!oE`0#mkNB6^41z0a}h26|1WI
z&7SAgr`_Ix=2fNakd^nCQBj>(k^5$iw|Oza`(Lu#%~3#OLJC2&yi%zU9ERx3@x5zS
z@%=OEtv$fn079Ia9=?3qI)}Fs_12Zt?=q*d64u{L>>U;9kE<lARa8hEiOwYn@#8~A
zJAJ6gttHGJWQ%hXHs%iua(_&BCusvc`Ll{VT!=VN7NXTB&`<hIm{qv;6Wn>U;nztu
z@FLfv|7|~vgC;@R=ghMv>j#=?lCIih0bZn|N)7CD+!EJ6#DpU^nb=;ViwzMw-W`su
z|CDKeS#hvJH50d7irIBN7v;7PrtEm%$_m@#hJ${u$tUk5k*{@RVn8*+lY0|FH8Y-3
z3fX>hd@(awU8iU`mYZJ?V~$N$4EQZ9yD6KxrVFl<4F_*2aZb2>(AX?AIv#JfakTH`
z`s)KNvwgI^FJII7`qcZK-iAFxn6#|RE8{Qil+T1-(*5G0?mh4od(jl{DE<(DBtHoB
zS@J;Z#QkwgIf~)QByu-{A7=I=XaQx$g*1<xvWnfDNa*3|&#MRu6`%4CpM@9|MdC`J
zuIld6eKGkz9|6I(_1XHV+MIRouM}96v;InNb{NLnO776EMVlg(p6A?bm#gXFVkG>S
z_U{)W;mdX+C#&0~rP?xsuXg2TCw~sa`h~30hh5k`swF#~Q-0-39nRrYf_%$@_TK5b
zJD+~><`q0*_La`vAKyXM-)}`vS}PZZP}xeDp)6#kY5!Q2@B5BQ`A~l?#()@-*Hm_h
zRc1iz)wu4UX;8Ek;ZE3xl(G3ZpP2ubCeKs^09iaPBQ2GEuZ0PhbuYy;X|IL$olj%`
zdRc^$ZT<=J_ioq5fOh^DGi!*dr)a3PlLFZR_%vuLkfi?#FurY@-Oj|gx(}Of4o326
z{o6u<SxwU4)|^s)|8YLX%oRp+^a?q5oG^7@p{1$iF;JPvW5kdBPxIdaqT6S}NSkcf
zXXmhIJcbXs+oR%Eb|kzdoR{zsf2tc>;Kw3ub2E$upGNM-M(4nqR>5tdrUPy&1FMfF
zjqV`By$C^V6mG}eNzBL=U4aKO3hv402zr0%OYc1vzxA6}b#wy(o=v6_Xz0pf4$@m^
zr@hkO@fXEskftPBQXF(N^L<qC<vBm~_7w3?Os3b}5fkB!`%mHKmyhG}Le=-0=%o(2
z08Y*6OLdyoX)jye-XV)HRkDI(=qBaANxC&n1`%X=Tk*Ds%TX=Lm}XVA7_d3am&L9g
zpxTy`3-v3TpZZyi-?GVhTCR4`&i1D0bZ+!(I!>>VHN7r}gg-;Dkhek*8=Bt;kzYS>
zFVSo~d~8!0qqENdESM8vi_y(dJ1*^qE@#no9lM`bGCsN?AD-u02%yJwu(CNe(?f?|
zu<Py+oGZTbb=zW^51+4Hk6?KQd@8HUhAK^;=af$ff@`Z<&VAJQbcsVYRzglx7R2*-
zn>#0$D&<*i#>5)|XUegQL<t5G!M+U!#eVkanajsl4{q+OP46z<x64ImAIr<rE~|6T
z^-b@V#@DOu3*8qGcN;gzhxk3Z7Ccp%<z4zSbBKoFg88|)+Wqw{V@R@yN6XQBlB7v*
zc!XGZnJ*;pH_yG<OgeyutI(bxF<{*Lz7`1XuHqfL8T7#3k-4#SkE4EOmu02|sFfS9
z4T!SXaND)Hf9d#`*cEa}y@^p&_=9hy<$8j6i%Dumt7L$;&SC1=Bk^qP#37z)hWBk>
zs8DLJ-&0r5+qEFro;snNNCUIvoyONU83xh0tv`eR*cs&XT_k<r9&M{#MQGPAR4^Ro
z(tjn8@5p8N%a$?3>hi*Qcu@?|WpQJQ-Tw`ECQkc@PuFHI_~wPAa|=Nv&O3}jp~sV7
zN5w7p7jLyyqHx>2W^LVyQy6A#O!;h8W3d(t%L`WivD%C>FBTJ=GNX%;*A(6mB5Wjz
zDNbn|&q~x2IX8IHDBY}di*n#mbS#oZ5R?ATsUAB+t`bvPlTxf|M-QnI4Bu?sO`7nL
z?T>Qyklovv<A_6X(@la7JYChGIBHV`SE3#2Y>Zdrl?0R6IAgo--{+J4T{Dg1zPaiI
zoTBYfz(-qx&toC0MhZ|Wigd!6ZditCE%q-b3F~&SHkeWy+H03oB6{CoU#vE+u?d`T
zIxYOYv{I_N?Y+!avC+qLoT@E-z>M(E%6GWBq-$JS49AU4U*ZXpFK-c55e$6YcKROL
z+gV8cQ)KfaPI91F`jJbi*N0AV(xAWIshWxEMRX$LuEGpm*{=j&p;RuAYb0+N_LStR
z_fOop6h^a#v?ly+-BMXi#%LCW0^9EOqj47b5NY#qh6>s=$PT_0l8+bztdXWl*~tEB
z3rUiHvw#-0)Zlp6r^~`;-&?!O0;@vfFfGNu3JJ8(S>|aZ8hXP1FmYf0a38IknSH9x
z#dKE;1R@<jzPwj9D><uI@JB+{Ze5SV<i=l$CeW!RB7hk##emOO-r>&vK6=Y4=rNn$
zJ`^WM*>Ct$4%feg=+}MdBL{)%un%2#`k4d=M@2lRaeY8AQm_f7K!LB$#Lq|a=NLtN
zndUE|CFaNdX7y@YM^`nGK=saq>a}Ud<f`!kD8I}l-y)pE#Cq=~t=-Mgf+L*}uIpKG
z`2ODHV|g-3+4GN?)=0P925jcne6hQLtXP@ph6vN%<?;TMM|OD-YaE=6#Xzdo21S9|
ztp<P!m8z`AMdc)->*&_aqE~a}qegRr;%9vjj{u|@Tb5+!s;aED(upDg_+r)t6A9$Q
z%RZ9wMaZUmA3LSYme;bD3uFNm1E{0(u;39}G!{Miq|Hmr<Cs&DCoIKKjb#cFt>h+a
zb4@}J*d|{dli!*V?ul8Sv+jC>UqsMQId4h{XB&7l-|s@|>V4f{gI}3Gff%Xqu9T2~
zT4DM>qm-#Q2F7Ca%y&S?Bu9JJx-5uB@t;2cmc82c<TaNVi1ePCDUUWu;k1HK3M&gi
zJ}K;zOo!HV-~YhWWriI$%&Ye4E+Jp#KA%QcIF}Y|YYeFH|4Xf`y7qGyZ(`f~6;`s_
zBv`L&7V|XhM3Nx(7zFbYMF4WE{B^zLZsFQZ?Zy)!B~##(N~6<r+QvBbzHxyy$+M&i
zsJs^YCw*N%75NUuP!`(3OUSi)-t`T6<+-=#D1Duu8GFLgko^Kyck^rmt265@b?Y=8
zrgH<ev$K`K6Msz-rYY|-m(#Z_^z<2X9^oHhVVOMd?cbq1zNWxnzAXC@>OE=ZBQ^)m
zTtU*I!%F~XXY4M&59bGD%WtcD>ARx`t<?Lwqiv6beXKjD=XR{fr06QTdWVbW=2?gw
z-DT4vm?x5fw>A$w&$@Q|VuR(Ls8RX%q5)!QWZS*wiP7=^m6s;Wb_^X7!u2v%-$lm4
zXp`NW6g{C`MtLjet$@?a)X!k<uU++EZVE(~HM=1fz*hY|Nn56P6-7&>X`JmfX&Yg@
zRv)S*2MvGO%`9U48Rj$2uMtEKErV!omuuNJ%C<M?r#i2)xM4y%H&2p}zk4GVL7t>;
zEOFxh8$1c(h6t<TH#LZD&)VhPcIE0sGnHqDacyF=E7}#deLjq;T(W7J*N887UR3o{
zFUQH_`O}xS-s!uO4_Tf#wS6DAlppBXcjXT*U8mBo2U@w=*mp13cOl&@ygi)RNQ_-3
z(zO7%h*Cg{f|;BaHXsbSu6(}W$g751ZKnX@C~qPj`SxS}5hsoF!k=&?21ob&<C;o<
ztoX-ARnmfLtv7naw4v+d57aDJ5|xA@TKtx-$pA9$DY8tap)r41JEHml&ZV_=i=v09
z$g{?*sm-uZ!aYwtl3v6N3Zn7bP}zlm4C)3S!MsbLC(%&p@&0%EI`}GStz*{0?{TtS
zx1P7#st%pi21b8*2Or+kVaCQ!V4FYjBX#1E0q7e+Ki{#pML<6pkJv8`Gk3#~9Er^Q
z!vTwJ`W+oEh^Ol{8`&Y(H}P;ZtKQ1;iA@_nbvFYs-l?BoC@PMuou(Tt%XOE<5g5xd
zWA$%Ni|)mP0d8;hKWyh2ClPn8Hd!Mb`#5|)B5#Y)Z5!fzHr%t{9Dmr~74K!^PCl=b
zMqTtsve$|e3Ti$7?T?qIA~+Tc@+Qq<*^&G&jATpkJSXf&^J|%Z+9giczVih|4dNVr
z!{kb<$(PSm@SXyfu<apY&y|p+nl-hf<`X#@&|FWV;3<Wdx3C$@v>h8lQnyH;Wqs^W
zsAG{zdehD~dRF?Weo+ehOa>9Jaw61e{+Bq>@hd#PQZODH!cwd&tA5I(Wc=m-s5j=C
z7q(c<!R0;M?Jz4oi%b6%D6j$gl~NBq5%Gi1GccM?34Qhsg8$EazN9sDvcU5lMg;T0
z(sEy_U{X<Nz{Zo>Kqxxj#eqGFF)=7Q@8sP=JP8YL;nze2tz!EDvzPlzIRwlV|M+#g
zygjJPgjT!iU}pRNagc3GIHCDgGpLyP;oq9F&efhV0GMq5o7vH0m;ixxcM9a<M*h)`
z=&=#S{jINtI=a=6;a(xr@cJ1SkA&+X@7d-4e0v9syAAm_)PlSXct|fM7q(k6^y`y;
zg&E!~%Uf2FR{ZU!Ke&a<TZdmN@dAi7=CPdr4GZFLxy0N(0=^_Tn=nN{0;TitBScdt
z=s67ko=-rF`#c(Y_OdSX^7}Igajz>R-~DIi(fzr%#^s^Zo1VKj2-p74?K`18G2c8r
z``&K8PM%inr?<fS{GBu5m7HbgbB&esdKy1!_vxo3*kyE+nYJpT>f=9f(Oix$u%hlI
zV21p$rU&xq?K7>y+be(gfx$;9{Q>Xy(Is}3N7tpFo<EA6ZxKH#+#2|AhWXOVkv`u`
zjf=qD$F!U{M8BDHW2&xqwBmGB2D&ZMdnR3N`4=JycGqu;WR!37r1OD+aek!vI(>2~
zQ6m%0w}F*mit}VxU!LQ=O+9vP&y8u(A#_z^w_*PbcLqA2{<}{;*et$g*g~DcOjjac
zYQ>3&F(>OxEs&v!y`xZ`-1Lg{?%Lc0t@wRDyuRP~xDZ^}yc=5{o_;*^Rj!91yL`@W
zuAV+Ne+s=^8u~TAj}_z{>%Ls_sJPi@k90M5*~q!Jmm>dLh?9w}BBGUDv8+0q3Z%4>
zax?N7B8ebZs$5KGFMzf1T&a(ltB;8<u=;+&=is$&@ue7CNR)073zpy{>j>3FfVG!x
z#B7wDZjUKy^qTDhdVy7N#B7F}Q6hd{Ola1iP5Cza;pZ^0i-XD}DMA&71{HjEzv`Yt
zIHD`*BE^=9z!s1IOLIbZOhUpRyXiw&pFm#l`coY_NG#|y(Zpt%Rp4)&jHncnP9!&3
zx>4<@MxfS&TR)t$0Ggy#buwT#xS||uk>XkHd?upLQOoR=kPKZ!ERx(v`V+q%Q<x!v
zl~>B87o8lrswM4*>CSg{cOzQNNbCxlu#}TQBRK|~p4J}(@e{3TH4_n5y|XFQ6!$$3
zYo6k-rki{=KKEjukM6&hnyg>lA6bw4c9eR5pj|)t54X0EEWdct7mQ9}BHhJ^ewUlK
z6zV?WC<G61B(JKD5%uQAKAA|T-&R8VCQ4AFTQ0zfDkPaWyH~mq=IkL1Y5Z?mPZ73n
z;GipBmpM1(LnOLy2SotDKL!2|Zjz3?PR|>%y-iY8OkN#K$6S51bBw~>^3K(APjAxy
z+xq~9raX>hJqKH}Z=C5SzT1^h5o!mzdG-BSTmJ2(4j(5MFDDl_Ae$d2D}xY8p0L?c
zp73Ha+FjwidSl+lt%I{o&-!Lge$Up2)K87p49^1lI`{*`zs~Ah?0NOIjqBs;@Ymhd
z`|I%dYGs#Ahx>7bg1)u5A0mSdg<fujTpE?}fF+Bm<-}t0?fOh7H?~<c)QI?)z<xF<
z{qxo0yyxdL;lGhqrnWlZgsNtGeUpx%vBuKJ^f&ub@x?yv6vGxN^Ek$<u76JX^BGPP
zF3x?J$u1vT!Ol&<0bGtv$PPjGPUos1ubJ1y^FbMNzLs>6mB^uJr?C|3W>fbum_!x9
zaot!O_E0yM-d&sFxuK0jc!Q1fD_4<)3@u&NE;hsOCe|VigUz$_Lb^I_n`z(6XQP@m
z9jGxh%?c6>zP*;&VNLvT&*_<wvv%%rr(GQPlpqM5=N&Trf^H`rX;|}Rg;k!Y_7s~r
z`b(n>%h=eqAdrd~o3~3|J$>GE0TgZ(rSZyj!e-cU@Q5tl{+GiHD<s6`m`r)<f1eaL
z6$zw8cYRwS4WK3rLK%8cCF3qIj%m=8ME?!h2t*70EC2I2z=zX;ot@d~>c+<7Cid@J
zODV0&3-*Mrb=F@j<qs|*+9Y?R7vazHm}1)Bann>JwV`c83`h^rUi!e21i50K=^XO9
zgd9~%d&gCGJ3w%0k|oQZi(o~kZP<sU_W|!5;#}7}_8Lqfn&@T$FfLSLQW!)>!1bnG
zlAjtGs#3+e1m6AU$+J(3#mdn3XLED&W7*rMO4s%$|6rHP_UH8hzGYS9kdht5E(t+{
zX0U2Kot$WJigrGYXJ)tz)2lcCcO?q)Xw#><Hesqam*{DCWxefsD&vZS63m@Ae3@BF
zYGl*ykw0I)X{*(Ch2hZQL03^STXO{V?I*yuW3qEqrd3#zN4UhmA!6i`tUDukGVxs*
zOxTLXq9B-eBW)${TXXgag8{6Hu^p6*`6VY^cWa}LD4puf<idHn=;+Bw<mjx6E*?JI
zY<_$KLY#~0`NxjuDMBAIU0wk<GFPd8>mZfIj}zJRzf~aIy=%kSjamF;JptRh&8c!t
ze894AJ?!?mVCylATWTnFyBggk3HQt1Vxf<-ry#50PaI7%#j<E=!H}1VJ3bsm+F5ck
z6(|kOy<obrVqHQoF5Tq4EhD&f^k;!GVt5<jWl~c|dddDH@^~@~1Ms{mcGh)5)oBa`
z2ue`~Y}90pi-kCsxH@V2UpRCl{)2ym?Lr)nVth?r<kC0Yn_?OB=sDU)Ipu4ZSxw^v
zlX-6fvh*9~eXFpBFyZCh1V~9J;tG?4pHr093b|_PQAAsyVo{oZlCekxB|L}-44-zB
zD8Wo_OcSd@71&y|di7=X#E|Ki4m!q3&_yS^B8DOmsj7JW9{_tmgujroUo)OE+(!*n
zWKQEy;)?Y)ry{aPm@*pKbL=5Ny@;bF2~tKCs}n*HGk^*pURVA}XaSr^p(TI3QGdOk
zsPc~%v6sMJgP~?xqiBUZWG{i9^(l+#g4L`^zrI-jx{L7RPt^`Nw5L$NPgipu%t^#G
zlyihBIBkm$tJ6f${VpPyZXL`QA|&)bUf<~pGv|>=vS`K0_Q+7fU=&$sgGTkR#!P=P
z^Wkj50<kFcjSCB?BLDfH>qjr1u9M%1V(d;+u5t)0^O%Cx!O0NhXF~@-u#fp>%v3LI
zx9%(Zx7OT#7<CtsD%FsO42Hhc?eE-uCzo5j?VYZc+rH`d+pX^&jnBV7Ivo#RoIL*O
zK`nOhV2E_PW{?d%@V6||5TgVMEb*nKS#(H3r52Z|BvYPBMG~6Q1%o(IF3Aiotj1_G
zCL(RE5%z0FBRC6vFY~W4S|R_u*P3Q=0EcUaJfA7{V1vAA{eM6HNZMaLNKziFDOvwN
z@>LAvZ2KB6%hq+9{7$4u73qFYekXHAL(+}6HrnK|ZH6Q>WhzVK*0o+N;1?}V0o<T$
z?b9W^9R_!65>TWhp<swzK>+S({vx#>trs*d>m*4<!cw)=8-xsrvRAR9$st-2(cN*q
ze<2<Ry%anoSsb%~Nl8;4EiFw2?U3uFXPJoK^oC7&9D<_9gV5_XK?!t9x`3+I|BfQi
z-`6+V<oDmnD`R$RJLckutp9IWjkLZ(fwa*ke|=2aeMF>Al|0t_?2}fh2@Ns@nq&f=
z*Gr)_TMhaHO6<@`)(vgV72x{(fN~8-l29r6EJkvSEXTpgum@kR8~q09c4Kk1uFoXX
zAjxB?G~kG-feJ~KW)KYdOS2gG7UN_PEupiLqMBHS$MEM!Ugyl{J8Y{3pUo8j4`{F_
z%<K|;#X_=Vs-w>zQFlNkbF*FtO2=Xa8wfjN!JwCO?$8#t6F^%)T%b1t(0Mt{Qei{9
zR!E0I6UYdSmwM<ffIFZgEiqd#uDKtUYXgo(Uho8ZgKmVBd=f2*>&x7-(y{Z10ZRtB
zV*=z|Q!6QA*{dolvp8fD_>CF}(sR{|zV${3Rk;?V%U-j9qzm%qn!Nf4?#jL-3l{6n
zH8z`wOV+tjGYb?-5=tVjRK$q7VpL0w$PL0h*JEqco3lJtl~!3$he)BhpDYP=Tg{{z
zBI5StDSur&^VOQ-b-DS!b$a5pS6iF2RTsU5?3IVALBPn#&zeuA+8R>>scQctXRb6}
zFenTlS&I;GeJst<A9VaR*cW(XCE4oj^=wyM-!kA*Z7c7?STo=8jHQG|k+_m%!9n0I
z1BwB+gOg#$vKAW0Uow0L=mswRTu60-%3h+G0?o*#8PiflCOi6YXc!u-B~qGdhMw8E
zg5&`#&V*U+JH&n+OJ>M{kz?sh6OBZKy__xWGP3^WRs2e|gP7-mSnYoAVQ;J5fj2H#
z1x;1>(7IXR!)_4s_N(}Mo&1v&xtGoUZr2!W^lae%v|8@me7XZXo6wxNfnTl=>DFCp
z8ZQ?jWjU}O#RYs-A!|i^g&OQCy3&(dBTsVX&u49Q*Bv;+i${|DrvWX^j%Y+m!w_7z
zXk_e~a?Tg6HP8k~)T<-YjFMVJrP5bW&Dj!hc#^V!g&NUs01bYJdjZ(yR?e;c)tmo&
zof|>!@lDkd62$zjCJw#HM=zf0A#L&iJi_lvVh4><M#H7E4`>RYsgThYO?htjeHVV0
zkRr!h$JpvIJ^*X0yS+PeOUO$0R&U~a=5PtQ#&sV$Xg09yI1Z}^ArcU$z7=|FjoAFx
zcg5@vp0SvvJlG)n5$+mWZJSH8SaT8@T`WZCgVkHu_3i=9D8Vi+LY|UtLRLe)Zgzu_
z(3<()&3cGd*%dlEyfe4h3*mBoVkSew+i{s&{6c+hs4yc7+aoA<r_QVvG3xBknkUdA
z(G^2MUkS&vRt=I9rey<$G#k|1VCm}u1=VsDiftTKIxOtCAwb7q`F-==Xu2#XmS)KG
zD$!c2j@`o*Us)X^v;aFOsJS#U!^vRt4r(i|m^DIzo+HV(gtf~0OD&Ixh}G#E_2B!F
z6dk?jeAB&kazz$&saX#8IziPwPD+#REDH4-)4RzP%_otbgXM}0a97zTqmhJN?2)n1
z67MAsaYa(I(-!&Bh^u954W%nh!_7f<WlU8Ul<#^pCmDdIAAM|PuT^L5J^T!<y;{zO
zj2SgI@_tS{b+~J#ACGS8dGmnm@XxpR04iB@=x<q?;}5w0``?WR`bNO3?q!TRX$O*4
z#|`%zc)tfy@hIBxQH8$JXtr7yG?04^XwFTNb(PXsCREGi>-vNyAcsjVl|Fr7t9`ow
z9#;;<z1+9Kn`q9vT9jc3W+zuzY7SnrUYSA>_~6^4gYT?kkknv4qk6S^qU@5TOR{TN
z0}0E$O1WZW9oGj_*P@(M`d~m0<n$ao&R5i0BNH~KS|CnA-A+bYEb(m{=m+S$03AcW
z)$igl>6JxXDpI!i9O)YZta#zfiU(5MaeXd^tur)oU2d8TFR$d^+qk^8ebn|oZfgPa
zwmBNc{>+|FKes)S2?H&VQK~H%jb)C{uc#y%lC5mzEh%3Qs@gmdGln78SIUgSMkCIN
zK|n|d^cltsUb0xF9BBhfr%Z2Q%jky^0m6680>v-6S{l<u$dX7bvB|!k85xfDpZBb3
z7VWYjyR?h`XRUu|3rzrC4|q=qjim7Dkhgdrz=U4m6_=H@&5RumoKDi*qFTBl$mr;s
zi~#PgLC2}DVuBRe-vhKYNtvMz39o0@615Rn!cd|w!eK7Q2M&eEV9vq}<VRGEb&LU#
zOO!YD6eix~AjCK?Uea_k&Em~`jNUI&m`w#Jn52we$l~!82$W0c0(TH@V@`a{%rwrJ
zWXkd{I6Fb6Q6}d`qEx~v_G<P5RGN4j0vuGsjD6vmzGxH)Fn_}klcl$L8mgIp%7-WW
zXXdDl3{9r|H4Dk}{R4^QTw|1c!zUt(izvIOiKW2>Q_?aElHraZI!+mqSZ18WM5e6i
zZ$=fnqDu`f40)g>3>>B+N$|7)Gp#?>+XaVgmyo1vGZ9jy#=pXHXF%VfO|M5Dgk0L=
zi)TRI%>n88{dHqq4`6$=OvO_&Iz6)7fhE@U?L0QZHbmg|`A(9sl#7sSpj{Fk{{rmB
z=;-u0;tz*Dl(?d4DE*y*-t?|&?gXwY2y6NToc`6YNcNER{z*Dz4$3;3PVS$M^i{C8
zT11ytpMiZ*NivzysD~4?Q?hz0nkliM%B;bmg@_vY7Ej6fhfp-&EoiLQ538JLf@QlE
zu|aITUT+=!M{q03crVUEucO~dkSWp)*U38RPPfSK<TXual5|ro5a+#wEb=>1!kx~Y
z{ZcMjs!nUYQ_8;273b#LT=|^;&PrFl#*gpg{44nX$%LnD6FK1b;`xXFZi)Zd)qfZL
z|8{nFoA{rP@^6jEIg29H3L0Vb@%Ui7|7fqZ>fP4EZ;T^AIV4A;X#gTE0YeQYYnyDh
zFbw6dBmuK3wCYNhUb3|4+3bQzc1<uzYdjjB9-WVmPQO1oJwJW%;_MuQSvK_`n_oSs
z_PDW`3ZdGq7L7QS`05;AJ#K&XroO}LO_3;b2PQn;^gC>~#xD-OJF+9M?n2{4|HI8B
z<(E{kO`7nY6v2h->FM$Qv&ZeOe#R8&z`lCp4RYPKn+u+RdUp$ZhIQHUZS~g(L}rPU
z#C592yC#1t?X?qpDo1DsvL|Ro96XyA9u0mwh9e(idoD?qbaDiq2lg1yFcc8ohW4Kw
zot&MIN5iL2kIsjOkJ~cg(<vKlZhCZsW}4U6q*oJz-Xc?)Oha!ym1a^MiiKw2uCF&^
zdDjn(7~U(SD3sKk9<VKKJH4ahql2>-r(=CyECR!>W<t&rN!0+Fp2u?V4g-^w{YpA0
z%;;cvJbd~5{C)46v4zzRvSRfEv*c42F)CT_WaWAWlKPvY0gDH0KL|t?D{1)#usdI0
zyU|~aj!yT_UYx%FRf>eAREe}^s1LnXJ9NHUbAxX|i!JY}<~j=Ct>Ln_(Qa`^EYQV$
z93GOdN`T}Z*p2Xm{+@ye)VDXdUBV{L{82LtV-|gfd30kmji3#-v=ct~nh_s32TZHK
z4Ozry;2q6F4KQk{k(-uaH{N>t>aSz@`N!VO6|?H1)~R;8>nD86ep_g+-E!yDgrnF^
z=S;ryc2`kD&8t6X(`)8-hkdV3yR`L2Xdn9|6a-yIXjw=kR=%8OT0|AO6`IFgxr~FH
zen0I011We7|9?ff>P|)4MHKq(lE5we|JL62b~*lMXK%OR|3AjR+xYmL2?RA34d!Tf
zbZmXa3~~cC#?DN*kCyoN4-Zctx9>>H%U`!q%@9eJcjeR1-rMqH*VjFH84MovA8oaL
zRmQ=Klauqa;q#*xFV7ygAGTZW@4bGz)e2}7ovR=@w=pN@S6t1{6<;usDd*}CiGW66
zD0|%gYOC!%Gc6ytzuGpQ;&Fhkth#lZbgxMJE7PcmxzMFoUtBmk5KdMe9giaNm6^Kc
z*5MTkTX3K--N#=&0OQzy{2#et*b|jz%*YFXx^G@AX@8~9qfOdh`J3juNaQ{ah1uHq
zKtg`k5Y*7{3sEA5Hju9#JRsgwNtfhnAR8N`JJU0<gL}3ffA}-LU?FH^ukHx_`Me-E
z#a3Zr_q#~gl}Vm}82RJge}n%q?Gt3c=&3~#z1J~r#QzU>c6PRQO8Ecb*Zr*q|9^~s
ztu>M*vy_JHKr9lf_=HEAF`lz10nhMMng-yFB6431s;tNFl+T{iM8kS(&02pzYo146
zks#%uIwuHeUQdCD6^}E02Z5X9B5oP$6PG3)(HfvV?lNXq){+k2$X;uWJO$GfT_h13
zkgeX=9kSJXr2p@m73&<3^{w8c^;RonlWaBs+d#KVj?l#t9+F7RW;~v0P7ICvdFdc%
zeBkWymn@wKskbj;mn=eKP`MMcHq6oH-0xvOyg?UCN{9^9UAT?W$T0#5MibyHn4{l(
zHtC|*6FehSk_W6e>ye8~Fj8~~i!a5pLqe)(Le-prD{sVu<p%m4Oe1kcxOAo#W*t&X
zlVJ<4^ympoiAf9Bv2URxYiSaYd1eiL#gioB0jv!V-)u9CYW_4cHNRlG=5IS^^Ao4t
zB4)4Ifc(4FN+&cZpB+jcA|_%=P8sHb>pr1+ulKP${DFzVEBNy0X(Oj^in_E)XAA+G
zB*~(PNEW2l<fk7LoOVrQXAAx_%A#nDtp~b8sEaWmZFt$$-*&OHwi)jM`ebep&(+X)
zW58ytk^gIbvbtUJbNk<$y^CzZOe|IV=a&A3lO9nuhpcNWJ2pBB@ab+{Jd$Jl{jHGd
zZXYHh^*<bm6hAEQ9h&O6meC~-8A&zej`+f`ExDsNM7kQ;vbE;<rz}JkD}AIkDWNr^
zdb8Re4K1~0uLFoX$PtxsdB{iZtQZzC7&;Kb7^#5B1vl_yNkSIUC3-rjIa`n{Ry;C3
z6I_x>7S5O=W@Y9>;PRyAH+p)@4q!V@sba@^HV%r<=8Q;9n|RDZ_bp7D$N3~6KovY{
zG~oW4$N|~)yO?CDRCoOxeN6JLVP+E`WI#*islpDWjgg)6*<7Ons=%8aUJl4sztu7p
zS+|}Ox^N+v&RPpGXa%fp>QIp9OwQprkW(i`{vC%0zEKa0m&x1*JKzHzs}1rp=D%i)
z3=b<~KhGq%v}D-A1P9Y7vN+6m5m@g#42MQ@GZd@QJ#J~x*xuc}Z7Jv~V7w3e;GyU*
z)X+Cg2*Ce19FV@bJcn$`V@8T<L@cXg;<Xovh*_+F{`pAZz`j|R1Qi0mW;Ehc&O-RU
z*DC2I^;sc1IKXgG9}R*u0{e_j-~pJ#^|xLl8plE*u^Ny!*DWmM#AAf*nqEDm4KXcw
z#0Xxexl)N7Y;MlDnrD+<AQncAYqhyS#5d8EW^?P|H+$e>r#XNHixmrP%!!R;JRU;q
zq8F;6PjtMG+v!qyX|#|b;<ys&1x-a3hduHwix&2{=yYmaI+kV(g-nagSPubS!;IS`
z>xYvgBJfpZ`O^JB8q?(q>z~xgT|@XR7AXsRZr6$qK15(75W}ee7sX$fccN>Lg&dB_
zLSF{(n3^!ZafRV20)gw}9?$@^{SE-uwM@XBJ61t>r+!rsI>qHZ`nR9lWsJAzK1ta$
z;<NdxYf|VxNm&<L-(v*LI^MkVnDw^{4a*(p5K!$o<9F#c<M)`XLAwhk=lcmqa(?s9
z<R5gY{o)=2BCC>j60lUwSk9pHsXs)|4bf8(sFy@<!PH!YkAqai|4&ScYcRdte+Atc
zi#05<uI@tKcR`rOw`MJPCO1re?tgig<9*ACR(M2~F09x2ETx*e1m7{FcD|YCkg|n{
z$4vEF-bc^$HzW9DjIPE5vSmgwc`T3-Kze{(rA9!Iy%szu@c#SIBxmfAcov8uHarzk
z1d60W-w-odbRGjYNhAXcnxMrzq(H1v5k)UDg*bX7^z8BG)z1Y4h#m?V`jBiHP%Rb_
zC_N#$66q4sxEoW$>Cxx~1k@-x^PijWCU~Vqk`ahn&|>uR`1pME;&^!QFL=FXPa@<q
zCN&bmKL*70b~t=?G(H3DAladN`*M6_UXAV9?@u9f{IYVwy%sgE^wJU$?#GJndyk0Y
zxDLTAHFln`LnM*-_y}CoxiDbdB}ybB60_xZY&jr#z+jJyO)UfIqcti%NQyo-=G}qQ
z`z@#n=1^c+4!nfo7ms9@CP@h_z@N>Th^vd#MARRmI3XbiB;s-Q+V4$?$Y}(?H4?zW
za|BkxI5lEWE#<M2TI^xdfn%tO<AfrRT6_#xqU2`YRhM0I5a>6dmoAONZa(~G%bUue
z)y=6SIfBSXE8pv#ZeOq^LXSsHN&86irN3iy`x+Dl1JZ{7+J_7nt^sME2y@cx_fg8G
zEcG6o2t01~V5_%BL>w(QtRQ*@39-0HHLyXQZoN;LWHpCk+a2g;Cn&AkehyE@Mh}6E
ze)+a*PW<%FJB>`Z?B>x$n_(=wi3q#q-R2tn=;CA0e}u7g*V9gGKM&${2tpDXhNv#`
zke-J**=v>31J@ji2UohIC9Ff!S++o#1HRu+XLtOP#g{x4P*t2<nq>R7m!tUdrcU(D
z1UIP#dQ#v=-<qe-QG~(T$GL_@f7D&XsvA;84H&`qs1<?hzPX6iruW_sG$5<qoGlYJ
zAcr=^gL#`W8fr1n5xab_R3vnU+3|>;@tJU2zG}IbBFYwSZ@$N0H|-C8@Z8^=@4ZLf
zr}oUJd}h-DEJX$?#e@ZXy7c40i;-?FqStt~L-Yugxp2a<mCCSxN9A%*oAMb@{xw1t
zOVh4P2c*5V{cxvUd^{PD-@Ez|A&N;ww!FW$y}uutrHxsT!S&Yr%U-K0*MJu^0qy{r
znwB0jvY)dk#$MwtQQk)j=usUngLL8MFAeSR#w_q5sDF{<Z%$QnALLy)vP}%6=sFfB
zPm(7$Tkff28gb--0pB3W24tt-?=LJovjwmdJI}bwa;E23_+YEres^p8IX7!{gOb15
zg%;I+AeQFSZ0X;pg_*Ww>GUka`%<EjEzL}>FM+{NIN2=Tm%7D(^z8?yrG|t>>=IP$
zNy;yI#AZx_cxHZ-wg2OzV@;inK0jZ{&py=sY_vzkWf3A7eEcFY^b=SPcFCdvS(p8F
zn^eu@euU}CBsf<lXx$`$bAmr+e6$nAXfD&oOR(fXFcKPMIH(#Z3Hfx&QoZXCs!1ip
zyO;n~lifkht*QpwTv8r^lHEkZpz*<EPXpYz4%5^N2xvmV*20-tATs>k<5hd+whE;W
zcn9~y@?5Yiz*|fabfkq)2`(iU*3R1{2j9N<;l%$0>7kJs7^);lFy~Qd{g&Og-wltC
zi=X1w8%nwmA)j(cpy=f|l^w!V(ChVFHz!AD=lh4xhbK4mh2oVYDZMg_sqg1>|A!lA
z6l;!Ovo(?|7Bq3+4o3&)$1e`PD}Kylmqfa!v8Lo97<WusAz|PQ^iHN-cbYQhx*h*(
zeE$5!;mhMA*YOV~P~GVDV{rxXUwPgq|Ls2?lil9d7SbLq9=UETSgh+IPLIYfUY;Ht
zt@qsfVT>O?LY4cvbpB3HMo;0!jgC&Azc?wtU}4_HBRQ~9;4~&QQY_UH<z=3P$$jCT
zoE{IK56{j|MyD?h3LV?oy1t(XHP_R5s^_Dprl)A67fCKOE|2t5ymUXr<S=!81S#(d
zz2wWS-u8B{Pm1|E@x^Yh@9oeuzpNc^{?&*;Xy3In%pW`%J$1e9gB>8`GDsP42kDYf
zw58d6mS}e@=)n^jTu_a0JY(&K+pNR=gYy^PADx~K506R%nR{Kb)*WjxfjrnhIF=g_
zM3qjs0(CKF<hu6^p1%0u<mj|Iwhe4fQZY;E0xjM)_3E?X;r&M%ADulL9^P}Lmv1@J
zOEc09*cN!xZZJzlmi%0zPM8@)H#mUzIm!h~2dI&BN9)jLonS9FT&|b)i&(N)nE`Cm
zgKtk?yf`a78l9c)oBIPx2x^x=lO$Sp<x&PJ>WWL2LP)u+T@ADyL(><oWxlRcyS;_X
zg9v<@@n4r1sf~m6LK5=y1Fm-kfs7c9O;V~Z#4*<{6`G-3I@XQyRX!I|Ia`=N1Q;!8
z>gB8uF>|>A9Sh*;et=5**^FK85wL^gj}5jleh#jiEH=OkRyQL>JKnHk^O>e>Dlpdp
zmn7mBELz(9zt|7DnlQuvz|{Sf^*$W=ZfIviJ8z+#M!oH;h)mW(sZy%gY}vx!WAjsA
zRpg;h1-O*Fgx4)XQvWyJ=mmZKGIp~ZkZnEQK|x|i2iS@n+-lJaIa!Jz=4H>B{qM%)
z$-iD4oD3nG!z_1<StBPxIo~gI(Bg4m9I7H_k~w@g&aLL)0tSpNTo==?mP~M1jV>^E
zgEtm=@N*%X%Fi1%J!!A%h1K%s?vq1}=0+ks7#^Nty#YxkOkFV+gGraAtu-4(J~dCw
zZ#majmO>^I5tHL>oBD@HHd~-(I#U7_Kqn$(r_g;#RgcO6=AzX}mWa3<*j&ucvS5ma
zRMB3`m`T`okE9;Jbq)JcIkEBvzU5)9I4FHc=*d+J8Tzy=EZynE%(;(JzM$#SICT3j
zEfIJIoCg8cV#~U^VS*|y;^E<d7;npdx90!sKg>75Vj8P^eS)4!Z}ACwdfnr*OtN&}
zr0gA<(4;$$+oBPl&<PD9k%bk=z;_4w9XTqV+bvgVLgVm?hiYzeZ2><d62%w%H%875
zMu3W69*$fN5cH7&jiSk#1@=Ht@c?l(Nu(gzDUU;b$-|6BCUuC0#-qbC^5BT35oc17
zLzd7~WhrZ|ku$zv8{mbN%`i)7yQl(VGYv&uH|sVe2+6IDy_S3R9M@CctLlPzJWZ)o
zX%^^NkO$x)k)+Jf9?)XzWj=Xwy0OwdbU#oK0jyiWwgo~n_R3~x)k2N#MDIe2kjW%1
z9!G8(l~AQN5-}qu`)50Qn<x8cdpj;qMoiVt-s`=cXZX9kywj%#kG8jVyGhD0(Fx=s
zitYdk-}2df9MFgjM*$7y%(O-C7{huHp5Qx;F<?D&NM@lwYvo>4kfFo1)yu~eRW=oD
zm<74DLaLMpn)QkKLQ~H;Y^^yUvfr>cpoz?!S8PDjbV;mw&<i^2wdSRDly^vvna?_3
ziOQ$ElK$kUbi55vm&E}9h-^jMh2P~-EA3YSl4eK<grDXP(J{L+V#a@y&}Byk<{lGu
z>kmSVs|XB(%0dz{8g>W;C+fTblm|wyHyGy7bT}YeyVCb6gd|UwG$K@)EJu1o(-9mD
z%*;MDOMt&l^@~GB!-&UhK#Kj^=n+e%Q)ZG%O|e57ktyYo^t)5(60Q9MvMuWlBQa>e
zKM<q4zv)b>pRGI>myOFw#gfI~FaIp1D&tCIn0=<MPnXMUK-x^r`&F;mC(lN$$t)?)
z@yW9hky(<66tXq)&}QrZ2Vsi|X4}?>aNs-W!&lh4RTkyYfxF_sR9UoL!JzEEXY(&X
zrJ1<6RLCoD+=Y(?4WH16#sN#oaD-xoCLj~@a5(b)jS3@_x&*#TZ>#3=pml;AU-5Q=
z$NiL1K;x1rhrup+3jU>fTYyKjhAqbnU2^K88lF5GjTq!ML*pwsI6ag-eK<xtHHv6l
zMk|OW^#B&zC%RP~CP@}5JLEDDmn^N|Z*bgye)bX+aL@uZWN}D_2hT@jno{6RVgI{Y
zN@Q5t2J<SpqC&`{)D1sLrg~7#+Jeon=76mm3vrIvS{4J%8`uEM7eCBdOn!D9{j9Nz
z84a;h@hklrI%FX+g8dr#d6G<fsSxUCT)MF}WO2ySXsK@()QLsIinQ4_%dR)p{xO`I
zU>2J>)tg-hvvn7<f?{hhf0(J6o+in3D*efuKp3>0au)hCN26>fug#L1Qt*|dV|M*F
zti_E)7YGg|CrxK|t~lM}X+fNxqiB_b(=#5BO}UhtQ@J@wrmZp{Cn@WCcU(*f)4eQc
zVj??C?m!;v+annwYBT|o41z=^8T!E@sfX-Yaj@*61EkI0_M9fUFjes9E-j0`2F@VP
z7891jd|Vnra2Y3Hc-B1>!X<XMceWor`Waz;{+uSy>1zlidE2pc1H;;x@E6UeK-Lyh
zH)|5H8z&N|v*6vP;j+|<xLceHPQlD)<y^M+wzqb6a4!4tvNV_5W?^xAaZ`{`3mOuO
z+VzQmN-mn%ec#*NeYp3Ii$2*uyTc~ORK1@q#%ylsU53<6@41)W9@^+y>u;p5+Jgif
zY4F7cTpf66_j7CS;iH{=h0{n-wYTH1Qlq}E#MC@Cv!1!gl1v~*N|SJB=EWP_GqSno
zg%FBB=4szHS-dG>OE!(ZWRp#j>89>>v${$BUcbM+t2b#ulfz|97d#mA-`J_fF01zo
z?BjZy=xmm<SzfrpT0Uc;_|!y-NSyTdG~%H%(PLi6m~}`bt~zAFLa0|~4nluny4uf2
z7?@@&CZ(1Mw;|k)eXX4kgh}c?XaEY*{F+K{<e}lP2c*3#+ckqC+pX_8=CxNTpUqf#
zEO0cHjJe7l7~u!m{b8yaPnLrA%nY9DZU>}IqbMIAO;$#jBkVQkc_V8jQNlV<4@VXu
zn7e*tn!5KD^ga<H+OT|vQ63LRUNUfx*#)vw1t{nd;mLkfxa&BCzlRLcNn&nJX9EDa
zPtHN14LqTfIW;e+I|If;DjHmn2b$<^5Mg_XuuS7Zq>M2A5r=9?;1+DSr3Wz24Z^36
zCo?*1vqDKY<}20YQE&9zqzmT@h@^BS5V2Yz7*M1zIZvUaN6gfeL)`&GoM6T-!9fki
za(ky+9<vz@mZog$javvM8lQ}wb`fiwjZR<u_rI`^CD8YjMI6dqi`-O#c}iWZsf*Ro
zdw)!qEG1tXjCRvJRg#L=%fjR$E(^$<z1G{smB|dNCFSpr_fH59*AbUbk|~MAj0a}l
zaJ(P;KlyQQ8ad{lU2!$nXGvo)I4h6_YUcUlPkNG<5sjZf*D%q7_%?b<f=C1x#JGGV
zshC)VTm&DYcyM8a;Y%9zG^2i?KOLoF!b*CGh=BzrLe|Vh{F<D{wiG#!xpFRu&K~I7
z2iANq(Y4kZ`C<R`WO(vy06sTZ_=~3OuPv}OK1rr%Xk0NFOmJb$An!C6GF+fYQyLe8
zrf!{R%`AVgX*0fi`Q)ez5Zpc3KiNP1R}o~v9-JhM!mVn%G&vX9gmnQL+u#oATVu%t
zt(Ota;$U9RRMl&(k>|q1z_ZsbLTn0Iid>1j#eyprWi6&;!ZcitPFriY2FGnCSrlz<
z_qVnmw)BLbiuAi|!bW&^%r5vgAU{N+TE0l5wh51OZwnq9U0p6oKm;T9GVt;Nce}Qf
z+8w*r&(N)Xo~ck=#l2ilXF}Ealq^NIZWF(IrPLg7xp>b*S22T2Ki#yM4QfMb3b5&p
zFw462vJ3s>YbL2cCEGXjht?z|$V`wdMy;~t7@hUIObK)R<?{4HrI$n>J?1~o6OYRt
z8DTlOVsJg_0*7P&rdP5X#N7UzMl_CDWPi@ER89Ai89zygvriQ|kJ(u~7e#Wq57V%Q
zF-T{}p(0JL5j2Nka-<uQ>YQS!)V#+WBb>2KFVBwv7}&ZKSjSM^J5|9Pxz@r2O!Y7>
z3sdT$DgvAb48_S}&_Q?=$TCy4NRKn2l1tC6e`OV~9>%1DT@6iBP_<AIDrL4{Zf%aE
z5Yxg&_sG6(W7X#Ym8?_#2Kv>UE*>A!|3cSiG=&gz*QV#47{2t+>^Z$~r-HSdD}|WJ
z&&7HKKYInJMK07~&5D$1uH9t2_EL*iwhV5;&wn?v!uf<={Op}IW&(li_FxM#XwapP
zCzxWr0{r$W9@voNH3KIaU1<Imv|O(>4&axpgpEp4g_z|P7xfS(VF$uh$`n>Rv~rl3
zlCMcfmxg7q$VGn$z1XiOOAQyMP7ws+vIvuXEE2W!I22%$#q24M*dR~LUkY@Nc`p((
zw}SBnPoRc|tsPW{SdB`?_rWoY=WSntNdQX_WBG%e-#2PNlP&{_!RYN=jmp3?S@R)=
zT-;DF(<=HjBMRM%cxu8i3V?aXQ4CF4*}W-1H6W1vSNA^QalXYSAj0q2uhELEE)9`R
z<Rl9c=H>vN@BTE44A~-A6fv5q1ho`dx`GmkOo38RUvodxg%?d@j@iX$SgeHk6QJ0r
zxdwTi#dQr(E`QIuSFR0<jm)fV&Vfr#K8vLhp_B?#lEb|2MpHn;gP0>=V5Ci@yrP6$
zJ+6-)kCRNf-3QzqLI#Ae<7FBG#Em*lba{trOCeG~jmdMH2aVC71!k5cWhQA6PRoTL
z!8falHQG8g9CJ%t88xnd)RJV0cW%#VGSFjm3;nGC*bBDw%gE+ax1gnROQ|Fx7aHp;
z1=}kFeL#R?K9O6ljHy5&ysgb=<LRXf%5~kd##+z4s4BHcHt)Lp(%`q?hTKqKPPKkg
z8rbwOhdg~=j`k`ckz#V2d~S1bMWztl0`mKerW1Wj0}(|=!)y2%5d>M9=a{wWiq`6s
z!B$~dPT$j)?Vnq^Jv4lF;HiHq8G-7xhi0lKBoWJJRA!8r{>G`HdoQN8K#nN4`2=E-
zWU5#x){Wa*!(z`A$T)^-;$2y<S=hQscTuEHCjSLUzxm#S`+ycCvxH<ZQZQ%LcXm2J
zz-Qv=e;uA6kp`2$H}rG*x@KEFZoBL|Xe~NH(X(oe9I_;3f%TM{(n|qi>m-@>oKeX-
zLiNa*@N;wUm~8d7c41~X+$oM$u^QHmZgakrW@@;QF{+O&B6NASf|LvMrx6OgE(iE*
zHINybysO9UCwPPWhkOclP@`5=x!$+}=DQ0G=4q%U?lbJyJBl;PBgiXB=0aSUrDCBu
z&}A6+czvqKanLBLSnk!GJE__~Lr^jd>XfY-H(3v53mu@v$b}lL2LsiWGQ(1|ON?Bd
zBA43fAq}0{^5Cq@1DMEuqb`z$xyWlXa!J}IYH~r7K_LvY<K=5HkJ>%RmM1ODKz|4~
z9U__WhG9`cTpT6HM;VVo8{8?gi7ED0>u`wV*c1D(G+b9Q&1q;jMR3bW*4T#l<sysG
z+~J13Fq;6*jMQyezHCiRP4y;&Q_Q}F%n6rRR96Wi=@K&Vc#}n}WO)s{*W>|v9k9fe
z8$|`Wh}niKC?qu6bY}#!0HO{)>&R)Y<@}(Qy`)z(8KtjDB!Y{|Qu9xrEbU=;K;VK=
zOj0RtnHu9*E4Q5yoT+l$TU+1xwyol8A_DUyY33Lld!(mOe-8dh)ldHpC#9F55l78w
z4PztqU5PZ5a9T888bT(`M(0X7TDmkwwOTkm&jbQCAP94`ssNK(sd!rYfA}26UkQ+!
zp56Dbv;<PSZ@I$Q${>h-t#-rt4I%Zk@va4}uV2a!a@0{psHs#&pkg3UO$yEh7!B&x
z{IpVsr$)2;)LQdwEFpQIzl9HyOp%a*C3rZx+<`R5Ov(*&&seEVnqiH>)|y4kMq#7D
z!8ufPoNgS|@`YR~Ayb;uzz!kxg89><ES99Q*9l8GILSC;i&q^$<!n;Su7I6!I=`H)
zvm;sQ1b+E<sHk{{gvOD8eS-4t#x9npd;#Z_w&|$t@_^~y0jsFFkjxI$0aKG16w;7@
z`bF<d7|=9Cd2P+r00n=)UJFT`VKoln^FzDdlFoikIjU<A=8=apx=OH5Fa}XBS!A{w
zQO(e(%AdmPQ~lOE0Z49`2f?7V2wirIC6M*F&Y#XEP0_<(<GcW~^Sbkg`N3H9@@%RH
zCnHlT$85N?n{f~)V|al96>^0?Co;jAblD5P`+lq`eZd>rm&rk^Jg0FOp#n(X6`rO7
zG*x;Ntjhem?}24NM``2vsxbppH|H^lXgXtF^<SL!caP+e9^zXXhq`sG@3z%BxjGjM
znqI&_Cet_?G+|${xV35coTe9r<VU7MZ-Ga~^I#n58*H8GcwYChkZ7@B({#h>Mfly+
z4T;^=j^>WA+Qe-K1a+Hi6D1zee&!lz{uSEPz5)DdljETY7Ho<(ao=QVXq53UsADay
zItg>Y=G9}kDc71muxvI4rH>EC)}a=xe=JWrYh-;{>e7#~$NYx&i+qq=y<J+W36?7+
zz;*qdnVH&~fE|1NI_19~?}UQEj9-F7FAa^iK(CtB&P=q`;xSxy<5U?{UG<G;oM~qr
zD<hVc><2|skvo23azV?+Qc12@6y11kYW0}LVO06N_-zx5ZtM`f4)Ow&XmWN9A#;(0
z`m|=i@_Y|V^C-DsS<^yAV8qC$utP!?^1PC&78GVFjkAcRcAgz#O*2!WIU*oKUg8v^
zX0<c0Aw5QI0}nmVA>aGAi$O;?mEYY=I<2CUFxsQ?iRK_O6`JV-(<nwF2&pkL*ascS
zJUbra3m%i9nU7&P1F`VKRg{3ffQMyq?%}SoG$s%GkMJ$iD4qmRcNt9vntuT|7UwX@
zV=@OPc?30>=eJ<NEt)3Ge2$;^nP_ZmZobLHgmOr0ebh~CHgV(sL5sO;5|fF@aKW1U
zGlN;3`LPBS=bdf16;K&e<}@<H56F+}reSZw6zvrvbJjb=y{)`}przhSh#6>s7wbP&
zV7P*1z-a_$<K2#)-tL}?<c~k~@Ds?uYIt&UPsZ+r!Id`*_I}10yieS(VfKCDe-GwY
zB7B>)*@8&<C~m^xW!G`@tz5=|1y@w#(+ftR5P+7F{1pNuPnK?UsOr0nO@L5&-91dp
z=)AoRTN-u>eJ)Ja=LO}l$*pazT4;kKFhuD->O0Y$l<oupleWfDF40adFH$0TJOe{u
z-KW;+a#+HS5>FHwc?W6osuP!(u(0I@M)T%138<`)V<vq3#Jkxh%b`sHWzG95l3?B3
zQ#B1~X$g=(=;l5!`q>W>@j%+sn>ht(EJDaRZ*DBaelhax+1be9aGR*8c0l{diRlNE
zXWn^4Z@lr{1}qLoZXYl5HUlyeuI%5{V3R)2zSY~_`Hu}3XH)3vexnaZH!rQ!c17ph
zMed}^j~W7D*~@ZL>ij+lENjv#x^#+#O9@I*JrOUo0b$uhBlwVL&kWTwCh~HBG%Pcy
zzH-6DV?td59_RVfKMbS#Nf8-u>31SD{#O0zh)pGCY)YeOLW2tu6iV|*5oOK>=d97M
z)w#)lhR(#THBFYX2tWWbq5*>*nnWrlKCEoEB*$Nql%c&9tb<q|6ZLZmOQU6vj2R=L
z2r?IJX3E?s$|FEbW=^?X&u-7a^H^LNI*=E;*+hrJb1&RlZmvNx+%7KCDgyrdYz%9E
zYIe+SDT{-2nb_371v^nnV~J%Mok}%teZvhqa*YV)%<ho`TqWb61>lKf0f7P{DVt?9
z1>*=3HF#GFtMZ05m1Mw<23da1f33ELREr0Jh7hf-;M<|M-dhKd+q|+s+s&!nGnE<g
z^>{0Vc@C=g)A}obXM|^bFVuvAtCtr!AeWqyoKr@)zhFyrb!xZ0+dDG80J;Bx>CGF;
z`V`vGJ};YVp)Y^RwbN6^(GFC$`4L>OrD2NmIhVS2A<$E!^sp&}O*a@@Z;z}P;@hqw
zE4!)S*~rpf5us4c96}WuvzXj1hfFM4j9I{>r0CtG`${br=C=C>?7f0|pBo2)&>0$W
znBho+vENtEBv59TTx1fbT$qJbmeZ*MUqY&|LXMlmsp%;XEN}0kQPja@CFZn*3XPPS
zNtSjEL9_7#&LNFp@TPv7BZRVoq}GJ*-5j_AJp-pJt@vQ|e7~3D9j`dfyX9Rm4bk^r
zxVu(2F8%%&_I<6+PvXo}uvx^ccU`5o^LIVrx4|XvYtcSNvcjK!*L|xac4+Cwwciif
zy|0y)P^OJ`{Fc#3%@5`bT$U<YVdK?wi3JRGQxcfAE-24N{M#;z>iVh~!bM=B6{*)+
zBWN}<%+0{K1b57c9Z!)fJK$HWxvovk5rE4G`dw@j8|Gu967{}np$k}DJ1Pz}s7u3u
z^C|9+$wO7z7h}Bg!$xgFER&=ODyo_AHyh-ZN8y|sJ*fqk8s_NYkvu^z%A}>gK_2?<
zktBu2)dOJFtYk+Km5K-UOE2rjgQJt-MmhUceX0&L^+6(}{g5V_OxXm~HelrFU|WkH
zEn@72M+e)cDcCT-=TwV(g;@JjhFMvLqr8rn*CDv{(kp429lh4HdN`7$x!HA|42@pb
z)~iQ(lwL_}fm+u?_paOx&ObkCys}V7e0zU1wAL~J9Lvx^1gXFbnU=)H>?&G1_qwB#
zA!b0~XAl>fmzc3mb#S)zPKQ}cm4YI}&`%HSDViPa%eMZn;dW}m=+I@1kXcah-LpEX
zJWajQOK_to0Ry?&PnL!Z8Fzge&%inhjq=D5MQ6?vq_h%a2`NnOO`D5e(M2D9xx@CL
ztpTLtH$Z!6S4)oVLHj=;1{-}2SoqKOHLkL<xl<GSFx-DmQeol~tTN43Zp*8!D#!|A
zj4Z#fK;<T2Q+O5N(gvYjNw3<7AuqT^`yr(Ba;63lf^k%8iqP??ab1V~{gy>$ceQ+2
z6PHG><R)Fv-$dMH7g*oI&aHdJCUYS!G~%a=Q(*)Hvj<Pnk^!7jHi?-c!$avy^&t<y
z7Y`p{8)J18#-|`pKWeMK#q7!g^%@y2G<KpfWY}Z_Bw|jH2AnLT!5rNn;(&phD~;i@
zno@|)uw>?FVKMg^xAt*KLY72g$wFZDmm)(dY2yKGni#tfec}M94!j*WV_iXOh+E;o
zZkz!mc>w<YE?T3Iq7Mff9!lKpypTp=|KXNBxOjZI(d_?+*nfTfZ#;ngAI5;;hjt_G
zaw6rAaL@04K6ckjvujypmZoK8Dwe-;c*F1j^(oYB_M$WEj&3tFfg729n|rH!$pC!)
zRj;Ni%T&xRDjDCNf#I>}-7@1byGNSDo0!gCYhGkneg5+7U_=TIXr{~!cCkMi_M9~d
zF#DY4%?<v>wssUWU3~NC>u+ic?*bDy<te+OQPgYcpHI!N+Kg4kK5a8?!ROYo-fnx*
z+puP*pkj`mS83zz^Sc2@F$*GUIgg*T@UP=16=u`5SgFOc0ehxtG%?AR<8CU1BC*Uj
zzf_)kC>0luSvFp9#3Y4q3Sz7SRKI|Lr6xxQBc^Dc)%{_)zH+?5@V0V&9pepaNW66e
zXys|3JqSO*Z+vu7h_y`FEQ@Fgj9_bxJV@DwE$s)sx8C#-GF|x9g2oxDw!N}}t~6b_
zI9;_o-O=gUv!j!|KAl&g&b;zV)a5njyauM~T-$1aY~eXqe(=`9c4$Nqv1WfjkClfr
z2V#*#O!Je!h>0l}gS)3Wbz~8hip=Nx`s=4W=5ns#Z|hOt)tsrX5M=5o+G33f<^wGj
z3%bQPYgqSEPbTFs(WkCu(F0fH(Kpw^_WU9y&Teaf%OAJ4_#9*=gY314E8?2cbN92|
z-MRQ2@h5{ssVW-SZEzK}2&vZ8y6rPtSF7-?Us((Hyo`#>g@!CKSTP*Lhm9JggZc1D
zHl4DRNd8-1FMAH*`nEHu>;l1o0ppOK4$};Q=c#mY>3KkhB_R;mpga6EV;RFCysE>V
z|C;SGZ-_V!hWIc2aLj*m>TCoJm%d8RD^^h5U;0=LlCuVL*0bI=u!^1jH&&TgOk|+Z
zn5`<c)gcc%<m(RE+U<~sTOG3ZutT=CzwVIj-Q5n^-P-Dqt^W4Ij%mN$-}$-&U3bW%
zt#9<(y@!t;cF4o+ulK(0K+3V*d_}nD2Q;ApR~j+sFY~3D`7fACc_2&S)fJIvwP9<b
zi5(`>Uv8S-HrLE$HNVj>%j$+S#!1<n#Spk#G`i7=$W&==pc%zK2Q_wgB<wa8!>$Kd
zUJ!Btb}%wsQ^PEZIwYT$Wg4w*!rDKNUPBPC8PGh;!P`CPk}#HoUo)02|AD^c`}_O*
z{_9jE-cJ?yzce^`KY6h5-|EdTjQ=l@fr3tY0o>(<I~C2GMNk>Myo7F7-wnIBW<ihJ
zZ|c_3(X;QUAnE9tcJ%x@dRB%Otrb%>{<~`CV6Qa;1bHos@Wx~EB4P1!J8O|HsPa=k
zdT%RvQ%k|Nn&rwVgc*WhsbS;bD2cVAB*;*Hv$uP@TTo8F?6j@VpRuK3srefBAoJ=u
zqMW=^N$y)PF0}B<$3fccRA^?1Wm4}FB(2SBIF#i`h!wZZA!yO8!G<j6pBAW<r^d)T
za7l7&pG_h$*<4T_Z!)|eb*;KV8g3e7tL242q)bRX&biqZ^HTPfbP?GCKQ(39E1U%l
z;ZRC@hi7EID7k&rpYR>}sdM_OQx3`?rAYx-IqN7Y_O|-6?SFmBV2Y473E((S!Fbbr
zQumoxowsX(!Kzhz^}F-)1yl4q=St2K5uR&4=G?0Wj4Ww7V+wj10Hfo*OIZ?86qyF(
zt2bMPt+4kueY-{BuAO>I^O4B2lul_(Nl4{<B4`>K&*!{{H8L}8G+N}KaPgbFw2y!(
z^&r420xhm{zVfbw>3CD4(QYuOsgj#2WemaJJTQ&cBoA3YQ^=f^50Cu3`#HD?&?DS?
z)8V=M%Di?CLw1AA7vGzb!dvYXVC#$oF@H@$p(pQ(3K}~nVn~y&Aa>%KOKuFB9QeeT
zCQFH2j2Nez<Sb|Gms>Rfb0xmXjceHr<)@Qr4|cY9cG@<th^Emn9}Qxr4-GfV4x!S|
zP-Lnot$FLfflSUR01@3aB&UHlu2_c|(=NgWUYVXu%x?n4nE{KKyxn9ty4=&ug&!S=
z8Qv#Cp$B^b8Dkg2<Z`cM=P;=VAqS2b6&YZZJF@s97FV&UOGbDotNMG*cmJ$U?1CpR
zvHby*92p+kz}AGZbiC3ZcjT*YMl5&m^<2Xo<Bfh-A?7&+H$Q4het=^>?Dft=y%T50
zV-Kb<ceF4)Lc2$O^q^FB95XCxfFAWdR~5_;wQ`~zbW#K5smB=f3a7p9jooYINDzn9
za8UG(v7uk)4jG%V5(IcA7{;7fVb91=8Njibwry&rK#OB0ksFGp_~Q@;7`S)P(iydm
z$7OA-yHi?ljAS*xIcCd&Pa#;&-vzK*<(ZsNvQh$}64UK~8i>#4(GruiXDL`mOlmQ+
z=Kayos!XJpIW-ZGV#*cq(uW#L4pwvPpr$!XS0f0W`H*k)P&a1!#1HE8gI74iJi`a<
znXli;^;6iFZdzc`_A@2APCw*-o3m0sU=~`GGSiH8O75<?dWjtDV-*5_4qnMPqk~)M
zd0K<MMLEdB>aTsA=aknd7~?Ele{goDUIt550qvR&v9KI)iB8d#XZ3PD(IiPll5)Ka
zBfmnL#$K6{xkDg%Xc;7O0gWEu%GFz1o8rTC1yanw@ggSj8#)Dz!M9q-QNr8pC|Yq~
z-CXxm-xsY@C_>U1PgCf+EB{-qL7Xg|cNd|mP|a&)Z#K`Hn>tICDd01xOdZ~Ky@Ez=
z!hb_Qw|W@H4hFEr{^30{UzZ^El14n_YMDFL@z`aHvpev;Y2;N|>3_3Z01cy)MU}rl
zK*~JD@q?7jXc|Tuk)Xziry478n>~ptwvq2pUcZx1?an~%5In{<+>@9`9SlK_LD7_@
z5Wf72m^huMv90GF57C;{u~F+#L9#37Lcw>Q-L0_k_VT&Kd8Hi-<=hGf?V9+yqy-OS
zsFP?EXPD(7q>wOzLCK7%$Wk>Y3lXci$$+wq6@3jkPh6*W(NemqSDT*0&!*nR?k{2@
zH`lC6y^AB5&h66yY4=H=Y>~fj?vTG5w@^Lyk4B&JlY63f$JDGEN|~|rluZZTeZT^(
z1<>ws;WfD6aX4_fxuFa1t#PTRU0!_CE!-u7ZxM2U`(0&|$iMNyy|Mtqa+{H~__4P`
zSR4qA2u4TGox_4*TZ(AeH=<~qpQKo1>w+zvR)INff^KbG3JAKQdcTkXc&$=O4o}7?
zKjc~se;`bSpw=beXa~Yp@&L{7VT@q{#(-NIU^w!a-nSlOnC#n5toB+<mCGtaQy_(T
zXplKNtI>iS=0#q?naivwE~1Ed3P<cQ5uq#*bC^H!T??9k0nH}5(4Faf@*-0s5z6Wy
z*moD!;$^u46OwVI&aFvRds4-s^zF+hPmYhyPmhlG|K*#NJj2rPc=+;p$*zPbz?(}K
zEluX7H9M91H>M}k$g@3t_2%XH$h;og_cz+1JW0dkKtT?&sQL0NJ*hhlV_1_mky7E3
z`8s;YBrhRvOl@a~s~4tJ5OH4&$d=dR{&dP?P3dxNLl?9lcnhg{ZBHx_;eP26aS>mK
zkj!=Lj6Xxnxr2|7phmU{<iLMjqC_GhF<U~K!y>NMY;Z|)16qKwNhwlP0D=5drx_yT
z;*spqB(V;+ezXFxYd8ZU6Uc24h*+u=Y+l7Ju{&Zv7(@Gmym=8{kOh4`zF=2+w{uKg
zSg-w2465Gz4KuviPxN(s8B40ToI)<A0XY;WLRsFzhYk@M%}<?OuTBSaUn3s&2CiSR
z2-)Tu7z)jazySI|`G|_62st1S0#u&)+nFUlm|?QkG+DJW7Veyv&(-DLGCU*T{iFD@
z+|#Y<_!4R`mG4S=ue;c#s~vfEY179@goj+F8Mrh*$-)`rnL_s``&GF?L7X%KUQIvs
ziut=SXnN9{q3cj?-l|7`ZfZ_qQJ&3&r2&hT$-fU&51i6$l@Nx?LhD0O5`BT1gAS-z
zuh|6%T8o;Ne||34bdIwq`q|1MJl-$9DNMRhNoeJyO%k#N4H?Puk?atq;kQbGPf5xJ
zRMx~aBwj#31=rc85N2ExN9Eb3Sh}!j$7U%F7)hX}qt`ETIOMQImb@>Y=?}3Mq;bJ0
z&b|Q0<s#fbvnz$T30YN)n~>Uq+_&xEs+;fmCe(W;-0Az=Nnxd%Lj7)NT<J=tnqn08
zzK+fF1AJ`PIhCe5^WN_6!|hca=S*B}_p-ik%pI)-)l(tVQ&(D|pgl>mcwe4~_!P?4
zm0!G+TKvbkd5;To#^-*4`}`2YR3tvDv44ELYK_)~t>PC@O67pxno6h3g!yIDT;<RL
zdyU$`j*TqMiz|tg*hutV0Zd(!%7|$C#oOwFhNYjCA$J8S_Z_>$2oJZmAMW@ZyO64A
zpm6C5X>42xFv%xS6&|C8%M=*Na~R@C*o*G792jaQU$BGN_BgZl&i2l3AxiTG{V(n>
zB9KTHDA4VKXc54nn&z$Is53@iuw_CymfKC4WU(n*T$FB|(h^-k&W^{qqA^o*7Ax-6
zS@p9flqGX(MBvg?$jN8pc?^0=PVjgzj(mhyJrBJOfoeJ#A2uStG9{6_R_MOxUf)sl
zFAM+mDrm!LXeg-x4FQWkbimVv*TVzO2B?UGg-Yl6i=gdkD6oV5(a<T~R&W}16SHo&
z(zivFRNejzO-R4A)9QJBKLyJKR<Vjj-1T}aRh=t<s0rSy$>ePeQ$+_LAbI*0Ro3>t
zLF`tbvP|SXbUC@2B|obbYMesvcUI)A8lXmpL#%JIDI_Q|8;_vR%0d~M!{*jg*v0|m
z{(uR?()Hjc1PWr-oApThVPCclNQRt7E&=zyy|JIr;6hBNx#Al7Rq3(@-0LU8W2j}L
ziQAO&2<qln#)mFzC-9uU_9|hb522sVc>=C_w#>G1m@-ASuuPLQg@W=*y9P%?-Au?T
zFV%*b)K<T5rlk8qKfq%a=LI`+`!-U{gr!~6hnb!J&`irZT28@pj-tIzUzpTn|F~qS
zweCR<af~{%8P+u##{iQD!q38Q#sg0<OtuFp^6VPgTW(+TMI7oOYj=3$F#;CNUOdXf
zG$u5-KvAS3`2Epl?TUKS^X6LQ?s3J5i`dI-4Keqab;xQoHhmAryu%w^P@HGno=0)2
zPHd!<lm<80xpb8g?|mHA$OBm)X7?%hr`<sB?(C!H$&sYaSMC1ZYNa0Qz1HsTx3<c2
zt)RJGmZLB7{76_-z;j>3`r{IlH^!mYT^VvbVD^E?^L#3k#QS>EmG&yFx}A}C^=m5)
zQS09ZZ)YMYvgqbM>F4!|ha1f8xy}JTHv)wVtg7kC-1SG_JjCfFNh+pw^MMz)PN<@4
z%4dWfm?`;=U^V?w>xczZcrK*6L!Y-VbFaS#vV6t|1>#rAs_k*RFNY;B6VIrlS%Q#8
zA}&b4hL{2uo)@qMQkiENFN^>d<&I0i>2f-REMalTVyyLIM;Iy-wq<H<QRk3Eqm<Eb
z39PLxuAlphq`ALHWC_$#WaO93+gu0|%_oLf*~OEV^nR|ZOHRRepyMy`<<P5*5sH{W
zv!B5k-ISI58Ou*qJIj+ZXzs?C>VGy*3`=Its@u)@&-GAfRR_M+BR?TrmFGnG67tvO
zhuSf^^e89lo*b2;%OO|3eCiE@*=R3$$Otw1D--yT#jesuRlJr(X+WZitAN3Qp-9Cq
z5L!PdJa!pcF?(=-r{6EVx0bWg<F1L0FFz;FfNt(o#=AIa2)~jw&ADQWO8*4L0C7gk
zK|!i&8W3<q9hhBN(a7s1mxyoZrM{8rC7`!VrC=sCt#iy#vKn_Y{vJ)nch}sw(B@o{
zs=<JF)6kT>%HByq1EYi7i^BXTsI7qqAQHr3VYl-WHE(@0eaTQ?XR2RitbaK?f3kn@
z-O<Tm(PE$5?5hnc=6gRhwA#E7BuZ8Uijq4S=~r$>S>4@pf<jT_?TlwD75rYOH`oX3
zEQELIvS4^vWqP=KN4^E(MjM3VOHGL$C*$h-Vsr8s_Ho^evF@1@jEC2{o5*^_W1;K^
zks~nd-*=%RBuKIW+3NTEi^AgtTL6G=^|yDPdvEM~>pQ9MV{hj<$JI|$sOPxqM%mZz
z?@B#AeQ|Pjr#t0Z-tkho_8;<Axea-**UI(!9`BXw^PMkNsizNfv+N*W#MQE(P*(n<
zK%`O;$zrG@!@8Y3x!lWz`s8xYXU-~7+MX>uuKH7nX;C`Box9P6>Q)yH!!@Dw`PTj$
zrCu86jX#<5MxCo(hL`65XYWnB+c=VR;rBCsMIK^2B6|oBph!x>+ui3vBqigT3z~rJ
znd{>tB~S^VnuRL3vcSbNw}1OR84<bFf`z2r?QX$mro~z!m&zqFmgg~Hdj4?QBEXFV
zeT{DW8r`;8ln@P=bs<7_?aBr05YF$fAF(sYX&m|0)voqtb*+eMapF?itybH;N?|F^
z<%xH#tV6a7J6X%;VcX#{F04xK-Yk;kQ|})%jOEyMxdO*LCPA}h8fgSh&C_Cg9k`yf
zhGP6-8Jx*=$08SGU|gZ$#L!@QGeA|<aZ4@ZK%`72bHU_t)X<PxaQshs2sXnn2VV*#
z8N?r~p5JHUp~=2zri;d$FAl!Y5nhT<Y1Cmm2j%n2p&`o;C%U!LBUbHA@s}J!{e{#c
z@idGdDj&`w+2CVX6qNS0V~iK>Vu9CYiK8(x)?ko!-XPzW$qZ#>t|SOvaP}u->?5RQ
zS5hO3q^p5?<<?gfUen$ZO7qhTq5<f1cu;n~jMLzYnjc?o?|>!p%U-jlpX{0k(Tce<
zPJ;qX{1E)h3A^WErXA!6B^rx+TWAtnq*!wi2XK+5{#fpOF|{~_hn%2GhljI=#%iWX
zK@lenKtylD1&c*S^kij3^hpeJZjl7Fy1|y-1XtPuJf_PSlGwwTA(ut1ZXny#F=(=k
zBKBSX2AP}KWs(YYoZd%=Je4wrF%8TPWJPmIsnv7ka07<wl7Tu0%S1C2&oCI^^hzzY
z*>cgWk!}AfIn{Lay5opPm8_oOg3n9n$$Nc9u_O$$te`wgO66$)mGDHAGi>z%RoVeS
zt>Yjg0NX{9L?-WFYps~`nK@u-*iE3j&;q58j5!1E*gS~a@(mEg?6i-;qpCg8jynpV
z15SHqHwfsHBJpmb;gaFsVH|{aVX)*8=|w<!*6&_=`Q!a0iIlW{5-52Wq0Bn$$DMYo
z3I83u-TA4k*g2QCh@SPVQZKo@MHsEaBd?f~7j4~1u62{3)#`K(+O4Bp>rP&>btkrU
z?ZcK^4pRe2nnY)U8x3PNUq)F7!waOE0gPGahy{eBs-FbCzADI9Ni-Rzvl@qsyQ7>P
zAq>*|g3TJN-D<Y!qx%Mi{6|tZfbKO{%*jT@K<BsN1H5fj6!h-I*QMt)$41LkX82`b
zA%Zyv_7+&y43dC`Wo6xd&!{NfNG1#+F$j(zOKwHXMoR!V858!Ie%xF44_l~1Xu;in
z53tbRs|sPA|5je*pO*qCOcxjco@i%gMb$}&-++>;Q>B%T7DXUTvpiY6PJ8+ZDcYFc
zS}t?|o715y+ke!o=zzcU2bQMYN7@qa`yYtrI$Sj7T>jhueAimIxa9KZ?v&gwIc2Ku
z#3}&~c@kU7Yc)M(txmUbBPc##kb_mB7h!yRq0|o-J;l4B=Bk5KswuiJlJPBtkEwYD
z+A)M|>m7Zk(NL<zj@~WFNqv{xYVdoFxLzu>!<06mwltieZXgA$v}J&>XoAy|E%(aF
z78tTFiHByn^Az9O?OP9UlN4@evoHX~suzG4JxN`;j(ZzGSMV*|k6}&MZhSX5NbQy$
zQ*N=`Jd&+_;^gmCvy*(ypkChzu^>!ILr0>GA=(ae?}r(X{&vR2Jc$P)Yu0XsSXep}
zZL(Zf%py%jVy*O?@IJg`gahT$asgM(VABDu*(?=umPEjtK~G|-sBpDg$LxU}N@N*}
z2*m^;5g^=S#_z&pX-w^@;DMT95{0nc_F+pRcM|&#_PWI$*lW30W4Z!EU4BOurE90d
z(M-5F#K}m**6r34ppCptsl!?n-U(HS4ce?9HNwg&wqd;rvT_xB-Kv@X*`R8<zAUZV
z>kX?`lvS)-+2XHGv5iHVJUqIPa1KYl3!7c5Gk^jyL@+!Rbl%-(J1`v8KeU;7hwa*-
zzPHbI7Cg;D9u=;ugWx#xFRR6PyVHO@ki$QrQH@C|#6hjDF7(xf8yEMEs!Sb&(B!{p
zzYAmlxuI><-KFX}G!bW#U~&xX(koKZJMGrt@yRP=s!<zCt?mZr#{nMeUj5kV{8aMz
ziG5g=`To(;xMzO4Ls^57lIWNBVH~JK7#@P7!z&R^XJ?@tt8-<64(H;K#p;1kk|I(R
zV3QE2I_e3<7)B6qO<rI7<SS|FYh<dGnn)s3F;U~5Ms5?JBH)TSw7+i29Us&Ff<KCs
zy)n2`$Z*uGMQ@<>Wi&~kORyWFj%0oPhPte;YNxMRzlZ8jF^-mjP^V+@fd7PKd;lUh
zXa|<F#2P7t8Va~s*NsgFEf7&Mz1EW{f*}3JWQoTarOBxKQ?NAPLro^89q%>u7bB$A
z4*RQ2;v79E_9k%SlBfy897SNjtwqUn0DoR2yiyC9^JygRz@-B2$c)XnoQ3hUhId>A
z1ZL%c5Sw8+SO4B!@RZL*CQ^2}XXcX*$$)oM&CqFL<A_C^K^{WginToDstyA|K}Z(O
zt#PkLT`tB-3de%1E3f2eA)Q>m&9$ydeFmzY=1h(Ra`XfHkWx6{yE{Z(I3wunOge8V
zdn%}d?|UDCWI<C!&<P<{Cr$}<!9xl>{Bdx7@bTu_b&%sB7c$I}K-$7j-uFHZPy1zT
z5JXq8Maf6olzg<R<dUvEc|zBotm#^TW@4f~#{3|f^s2&xtL_kwmsB!%EmiS&fKbO5
zjpT=-i1W9U<IFQA=1T7M$*QP|HFRbyNdpX3)`Yc8W&$$#>V>-NDkgO5N}(C&S3R4V
zs_9Rnh`81Kx`CBdD-T&3PNyOT^&wXjFu$=>=?!WfLqj>N#qO0M3b0gHZJ9T;*^mP@
ziHV9MR~RnWY|a;S+<U;4_Z;8o02umFt#+4*MaTcT-~Z=D_lgadfH$wH!r1Qj!}I<g
zBt=X$=-5bPe2<cOllxkoR2$8JMK0@vWjrF*&M*y_QdS<B62}4o1l<tFr1hc<3a&iB
zb&(#ANuky~rRr-)Z%3lFXZQMYAE^q_5YKknP56&7^*@JAfPxh+A=(zjz+t;oe(T`y
zh)PiZ+^L~C$QA%%;C*(<<t@$;zF0&d9u(AQx6kCtI6OXX>i=sg*>f&$x2^nT_ta65
z;QOj;d%3b6I_5vd9y`u|Sn$}f`5Vte7q?unL@lCl9A;_~I_WUhk_w9*2Ma!#=amMA
zIkAL%6zuE4p<!z+qdRRqp+spIvFmu$cpTK!UK9t?O!h#?4D9dtE_Y0<s%{ryynHZ<
zkIeY^R_7hm>PV1>PJ~BT>Qr?R1Texza#gQ=-CTGy*Fvi6oW8cI0X1;Ul`4Zt4LWTN
zoPt=U({8L+hCDQaE!2je=`&`Sf)v$E&D)!>1o9KPQZ~k^$b|mJ`z)L|juWTzh&QlK
z9u&`ilBblR-X~=)(3)&X!}rO=1rU!ALNoS`PPCB2w!+6VSVoNJ*hD%fDH}c3>N-3L
zm0=*%gStZeMT105B0g<`o#_gybAz=(i^bDM@5$HE`*rmG#-sOS)#%milaydb80*d2
z+~%XYhc%l$RD5MU{}vr0)H#QZc*Nte()!h(@8K_D%d@#c#wbaqD1G_j=;A%;$3a4H
zur^Jjregvcd=XNP1fFDUW?9Z2%A;wLhS_Yc&o8k<-t5=ec~(s)IyTWsNz<1?ign84
zAejSYFPzMfKu^Ejq5Gx|bERQZ@#w%*lHh7G$yZ_m=k<A#nS&cDeNeEBdA832neMaM
z<0uWWcIc5+_iVGrW1$1GY|%P}-`usIPpvBv@%^&@JnP#saoq14y9YMbk>9bmbn$^q
z&qBEX81b>Co4KdV!Cqfi23&@{zB)njg<M9u!kS1Cv&OlUjGL<V`g9h;&>z3E;6<nS
zjw;F2i$n}{6r&!6-@TR0T<qTSRIqO$rjdL$HU_G0Pe}}e7W5f6Cp$k7FW#^VXHL`@
zi{2CgIxpT-Oepv+BECx=8JNaQDA3G=bi<c*bN96uY{nhGhC||tLyF+mt<^6YHKI5B
zBwxe(PLlMVrw*wY!aZo)0-EbE-pQ%Becaj_9G-0mGe)vxLk$oll(jDnwzU&X<Z>Yu
z0+TdTPj>-<)s{QTB^`o3>^S|srk^p=1hZ1TG&LzQ8b1wqzCms}F4?_^qNY=(o*x}U
zG*~Qm^vLcJnb;8Pnr1gCW((7<+?l8c7wPn>!^l2ng5WT?&#SsVqT}b`qvX!aALAg7
zEs_;L%3~;wUOJ_qvh?_<DnQHo5XPc0CEyE9sY)Ood^`)q9fnL}Op-fd^4$RCngA^w
zuLlOti}!XFcIHP=a+^6Ur!d;EG^ytdRgJQ00ud7!If*S+j?gzMrc=WdyjM9$mAViI
zpVMR%#`{c7i|jK^?R~waK=^~R(bzW%8}n6T-~oB4@n-jD6Z}}B3y=n-<0Xv*rRE94
zI98?`Fb7k_Xrel@EiaFVGT}L}JGWY`ePCp>Tx$ad3JHujK<a^q<1sA>qc9E#hep>F
z#)uNH?)B3o!`(Z_t=C<Ea%$>jY8);;!}9hy6`*AVpK-8<69_h(VOX_T%*0$N%OH=Q
zkW7<!tK!wHpyE{tH`r9K5}E-O{087}GJ&buOH$f-ruV<KoU+zJhc=(?G6*TP*;U?#
zhFz9M`C<ut{)sce!HXue?Z_p6RoVtv#A#aXGalXZM>M>}0(7!X-AXz%`T)y02-Ui9
zP{+R-PN{%!BWnvXT$$?>@kmwKsnrY|Lpc<KW;)ONR6Hx*1`rH6Ii>Im8$mDR1R2<c
zq9?Hg+@=!C#-iBx2sVZG8swV8S~+UXdc>N4F0`7GXy%PjYI5JP5LUc7I!!@RSuFKt
zs5E7WG%tuovjGxK84Aso2sDNMDB*LfW^>z|%dMKpt(?d0iD);4=B#FNqYV(rsbGl(
zKoC&7;BX8(25QA6BmLm6jWdu!zD@iKCheq4nW@|74-gIN@8Y^`Zg!j#{fxe9!uinD
znT9bInIzR}hr9ex6K;ljEIFVB+B7|SRL49uSek72KTyW!Ns?Ho89eXW8~cn1CO?lj
z9v?`-wpaJIiFz(4Wp!v&O?+Pk#h&+hpGC6w>k{nw<a&iwZw0Adj!>^irdJ@+%g3h!
zWjdZ1wadK*e}dOJkGVz~z6s|FV>aP;2|2y)lE<cfLjzp+OSw;UwW%oevCM%3+e#}J
z5TdJ5toD2`<?w7g!?{0S@GP{%@YMS(RDWSm3&_c_SzxECEf}Bgsf#yaDjqs)hsXj!
z#Agrzc0Svoq_3aDsnzr-9&~e>5IzH88$NiC8)jFg*GI{;;|KL(ID`Y|tM&YdgM}C1
zD#1`NWpg2=YNjD8OD0$q+$D5m#m<l4{8!_fdE=XaeKTx+BYyhvo9w3_zlnbO@tgQ3
z_Tx9x&Nua+*f)31KGG*DMsAi7YNIN45|T}r$B#bE^g$r*4rCT2OG*br_!@`68eF-m
zi%QtvIk@wkWEGxeV!p@#yHTo^*O<Od0j^G9ovyk12$%ffhO)={B0aSdrN{I!=MVZQ
zC_gVm`q?R4n~hc1L({<(S1z{0TJFgTd+OWa(AeWtL00x>gZoLnU^<bt*e)%#dsv<=
zL^D{KCYO}CT*xdHe2#^OK_tA~ABr^ArNaAX+8zvk3kSak)G0WTspFjL3X_m$s(aE>
zvrCmj-=k2;lU9+s9QH>MuvxMIk}aMF+B)&jFcz@}1dqi5C;{qmXwyvaK%`a;&<S-H
zZ^{l;G-e5g09yPonOrUBL#)EL$wFSdLBD;E^6%KMTx0Q46+SohwX2bOyM)rm0X4}3
zn&iMth^puO>icVt%qK_XgZF*#l9h-f%ttoy#CVt{c{~$iRj}wCrhyJ7umjbGz2Gmr
z4_V4j&1*W9Ixkq{`j4kmpn{i1MmL>q{B|YYNgnH@T#!2M!ZJKJm?ZGxw{+b>B%x(n
zL!>1#Ys}-Up|%8LE(IyXm#dyQn8(?H_k=F6!>aEMA#wN&tdNO8*=2@Fz|#tJp=q+<
zQ}Su3+7A=+DXN?AAiI>Ix~zKX((kY`0GE6?@hWBv(mh3SSZzX!fxF&m-`XaS3!g{X
zjCK2f>xh5#2?F!YTl1b*bdgNsNk|_qk6r++ks>>&gY+<-Hh9Bat(E8gS7rW}=Kbfh
z{>?^hQ0r*gl6PQB;JR|yIv-Pj5CV!HQ==`H@Nc+O)hn=LtejdEYRn4EnEcy5T8y)#
zo1{((U;KBo7jHKTJnzl{29Y&P1aQMHtOvC+@S(Z~JXF_sK}QC3sP2FT9eoT<c9;t_
zR4>2`xo;h}4-vjApBl1Na>%cm9#Wkk^0X9@k|Ytv3TYx+C5lw0iaaq{q%0+av0}o=
zb}1uONh4298!1g3sQ?Or5<W?Ej;2e3olgSLc=fooP$Ev>-Q*r-A`*9$5f$Erk(dgN
za!!91&7OmEj3Ls=D0*A?;x12LtS$j>N&zpK;CWnMBXK994tphAuS}-v4JFJ&_2gpw
zIb$-6$AaApHsf~!ocnhoAfvLbrjrY-q^OolFtH#~0Sn0&9)!RS5N8Ml!X=B6cuHxb
zk642C=|T8AJY}rZWSGG~ejkzK6;u`*QpOmB+qQFKvz}wjoZ6kn1=K0D|Dfdrh?n)*
zuh;M2To125_xcCD{^#LM_iE7Z-ke_zYt{~Wbw2#uJ-h5(Il_Msh#ned6li|WM$3%N
zfi+j1wcNXZ{u4WHw%d3#HN@m7$RNlK{%i30=6rDd>E`tOm5WB+i&4N^^;{}mNdv$9
zzW)IZBmMK6%j+wzJDut)!TIXHPqLYM?SpzxiBO`9BjQ%=E|Ds7-%)ncWvq^uj+Aj4
zHWF32yLR*Nu-RfsYM&42#&NUdwPs?+$-b?dcBs*?b>3*`db*e1_dnRZ+r{H@#|Zcl
zJ(f(^zOyh-o%uB4%<X71D@ijeDKm3~nb;=NjNfAu;9i^r;$>>@<A4oCI?p*UpkC+3
z+L)`HMrJm~>^Ny?@H+272RwsaC0Q@d-Srvdt$2gAgQkWg5H@kQY^)Yh%~oKVS($l6
zGgLV(2$@>Z%P`G;B}6k9&#b1p!FC=vOQbo=A~f=?c-%2MqJ4Jf{O2W){s&*N58RQx
z9RAl{MgW@*+qp_KWZnPtAu`IjaFyT?61(l@2>{>hIabS+U~BnLRRXv6HzVroYM>22
z>fO`);Rmg9Hyd|8#Vs^!<nKWcOTfpYdk1y+qk)%I$u-7;SZZ6%-%1X|p6%Q5R~j?8
zdgCeqVtJk+oR$e;GL}RN$#tDKthB#MTobFgX9}xc(JN6-7PH>*{?F!m_rDZG!fXA;
zNroAzJ>NSVf97%Ux#(BL=*4VCV}ttLAm&!Wg>LBSw_mgbLTqbqzbma8Vs8^3nsOGJ
z7xemX<o7T4{6E$A@Agie`TGt|R_8+(t5Om$uqtF=o1lSJVFOix1J4Z|cxG>`i#JH`
zHd@Rof{z@J>CU@%Cr7zd@}(5^SPXI7kbbJOxHpI#yK6V!98eDC0r8?7)Q#1xfnqUf
zLW`~8MWtu-=u%nIx-nk;yi77qz^dM6s>vfLCB&qz>No!aFP3`Lu@N}VW;}JU-j8od
zvH1f#v}Rk$c26xQ4ITZkv*Iw*E9L^si97AqZ4n*KFQt8KFx&3KK<wz9^P1j4gC-z#
zc5}jy;UiuV%|wul!PlT;J!<vBuU40+s~Qd2i$6R|;B1*L4FCoWTfl;HO#<Uc@R(5f
zJ|Tk-`2EzrlZoiDR%gqY27}G4GBiRmOBVVv21RE)HF-Y-HKwji_&Afbx=Hl`^MZ_o
zSac_uNPBUZm1S8|^o<j<twGj#JQb4dj+bdF;w*aHM}$Jvy>1r3Ub80e#shc>f<tp*
zoN7Wo#^YI<#NjUm1RhwI2@n!fB1Ae#(m6Z5>a&lh&6>3De)m>hLExq<+p1ATc3c;I
zqFEzy71A-?+$zat$-NskjNcMW_!P%IPStRRi8H(yG&tl}5Fj8bgP`HzdB4tf)e0Lu
zdM|?#EFhs^^l04~@l;h@H9bkgsl7xoKmA0?&`$%vfP9VriGSU`m1uoaMZMQi_5{;O
zjeftDoA$K3ii%c8L4{J=2%tZ>>dE;$iPh`K3yOI;F2xZ(Y8V)C@ZwaS3ps=Nki^>k
zrx~weQfdu2Y@DPh3H=lz%_uuNb#T&b4Pb%G5iO0mqxhnIk4L)YP1c(bMhXE+1(wlE
zH+b}@*D{02W=d3(I6+0+Etg%ZYxkiP`@kZt!>(1ip){}424|>i$}8%Al7EQ$ddxZ)
zS*9QG2f-bW!a(grfipz|{wUoP6*r|p6U~ya)2{8H?@5-9g6Obz>)mmgzYzyEgcY#S
zG7ciA00Q6%1FR11>u#k%U?lED3LpTLL%4})vb1T!SJ3W%skID1M8PsZ>?@>~dc`K8
zK*K$16>>o!ux>^65tl&6$((jss`EBrqlwkNb{{vga4vA5zlX*a&v}&ZsmsfCPBr-*
zS~{HML+s>BzR<=-9jH+%5<TXmfTc;271_1U<1BrAnsk@k%kw%g&IYh90_=t0(9hgT
zC){-@@TpvjdlR;d)%pgkS^Ko(%3K8jfj5jI+P5<Vj5R6K`rB)FnKQe5IiaMiY8_ar
z4a~&brRGcXMnJw<^GY91{M0cjtHb`s7-bsj_x}82?~0wC-wb;ndZ*ptIb1c*G@DKT
z`SYu@>Ze~$Vky+5mr7ZryjS028EZZ=?Xm)WLaE;s;gJZ%(NB{s87GkeSqbCmC1_{E
z#Ibv;H`~qjv65HVgZ-2^`t$A~f_!oHZ?$CIi2~X*JhJnphBa}roe`cyjqio79@)H<
z4r6XYzAcP3wKfKgSu&=(az#A>N8?E~)P3dDl$H?8sBP#>a!dqHb5-4>PAG`}z}E|v
z!pl2fYR>0!s$|CwV!fyi`UuS<febM;eX)><^!Dh@A#^6ZxsMl5T5sEM5ryc!fCFJU
zI$jYJfL#thsZXf3fcrGebUHjGR;k;~+U4+*m8jDyad9S=6x1*cYR&1*S+hpNPG3B|
zIWtSvy@;ak;^aQ2BVs6IS#lh${p#rkqR@us`LfVik&T1A9CZypyWU1g&92O-(<kq2
z92g_pbE4*kr)Qt9`{y^^;q}d`=sE8>KZ>p-NX~nDWw0FEfcR?*gSOi(<#uf+veymJ
zE9=&$hSik{+cG+Ag^W#u#Y(*?rE<SISGIGmY(jukF(TJ9A(ikTZOwwTDF>1rCk_Kr
z=@2Q<BK^vwNZUIP*AenmHA_A#oNkTO?V{_}2+IfCts!Qsq-BE|tRZE4K}xo&Ov;y_
zV|!sTwhAgXtnTxP*h=}Ns<-uj!5GSC&*U<~PgabLTiNf$u;rJCDIP4-sj$p;)nlPI
zLA@}PY$Rp?jO^hzAmp*-qtUPkGI4RY5dS98$VwUngd$5JSILiACK7$L5+cOc+0_91
zzD6Aw1C|*C!jMZUub&b_7Yh=Yu2uU9m{#!7GkCINd?>!TRRfwpk66T=T^*CAt(XWG
zLLifWQvI>lbU++w6gJF!IsLYK_3^xMdEPmE{pMXBgn@MX;l<!!Fu0)8GUgcFsezd#
zP@yK<g#(FU)1DBprc(<wCZ(ZSsJWh*{E31(%F#c`oXd8#?RKw(_kfi~r~5PGg#y&`
zqMv^7FsFm}-NE^agNJ|As2ioP0rt#r+`!WZ+@(wUeDQDpZ3_8#eszA+JJm;#ye$69
zG8L{QxKJXe`+q*&oL5S@m!6D!Stj9!LFM~VIN~Edj*?~I339HNNxbO2@4oMzUR-}V
z^F%vGt$+LPPXk@=!T()<=u!{J<zx~*lzy|prw<=`|LGjgu8M@W6r`-rwfT`_nS*OC
z0q)^;=e>=OdgU=p-W2)m!<d}<<-6xs-GUB}zp2=Sj$7ZXj6-$$`*$3P8YUD;Z~(!a
zrcqBg-u*65cE6)T-6|W#SM$Xa%@;*8(@UAWjGQNDlI8{d%jT5kJK|~f!zY>!H#~v8
zxEbZ8EGS=%C;x)Rli!Kmq+Mz^X+Ozs(ms5<z1`%QCKE68*l;RLc{);`bDTtkknA46
zKb~6dik;&*5DS%wbE6x}C8}F1qz!Jv1w_4p2$}J0DJghxxnMlADnI44Dw*;&T%2C@
z2k`U&ub--S^2cAVu7+@^yrTNHSJ}2-TTP_siJJ+YW+TCIoz|DX)mJS~;_H?cX0Q%@
zn?eEY(9u?_SC-8|4?S_E$cL*%=CKbwc?JNnoj1;`j!8BjxDpc)#2H+~Vlqcb#~5@(
zO!obnsG-A-pPfD7ee;({pvVdQ)p97d&Rxh=EG@>}vuEZ5<Vq-w@7Hr_HENwB=~>Wq
zh3)o*!Rr|F;p<8V<O&G80*GB1j9m$kowwVlIST=8Ca|i|iLk@moSo8B`F-UEqNTJ|
z3brmda$>A{G1yzFN|3Y835ey<HTtVly<@A#P%L$j9+El2GaJK2eQ1WXAIqCz^hHPp
zr%-*6i^~|HFiWjT)Um=N0c;-TWqT;k$yX9xu*lP^o{qpJJ_k3}Nb)(P?&li>Doo}!
z@NXV$G;+-+F`kVWMVh;cZkDiD@I_wPu)|bvnZy`iiZ$-ZPm5O$4_ozTQ2o)g)uIwn
zzp&lEjLA{ZPl6wS+t7vDy%C_H04Iz3qR0i63g|RVrZsvrY|6N%z&m-ML%q=LJ1}<p
zpb$dVLO8)pe2`AXNv}K-RZ*&5BrS^2aSdR_!#FI36*tK%A&<geaNbz@-OA7>%;br~
z>=|x{tLwA#-c@h7!sB2bSr_GG9{eo=oOHiI`)PQsHhJ6bdb%;W#IRs0@njQ^k+7vn
zBlq5>wu~}6wie~uvE79|Z#Z>({`Y7xHTC~$D&5jlT5Ynj^UDF{+Rj>4Dxw5Z%Y44S
zvt^^EeLB`Yk+)7bwux423)_S{!(_7x1F0OK=qt>S>c;|BP#Cjtk>Rqej^Ij%MoOtW
z<Z!`ut36&n2Mpdu4r1+GUY~usIL`}*RYeN5^*hfOp@quudhpumw>Q_<!`#LG@TPlu
zZbr>0Niwx<Ek1;iVa|$@v6p8wQTI@_1eRm{4ubGze7?{;Quk??Wro4UnSQSJ;g#88
zI|tc(aX|Zqxz`K|mmp=xt{fUO4Jhg)BTn4$QfA3K{KaCbIZJaIE;6>e&^ermRI@?C
z_P1y8<={InQZaz%bxOT@+PeakSSXD!sjh^+zj-C-jg2Z%TclzVh0|F<3)E_IDjN8J
zL+Wi}U0{q+V)tIPT3D3zboFraI28K&PMAhuVlC*E7mCH$Tt773y_te&AAeB=(TaVt
zhG<1>sUqfIe2$K2WR(Ux{4N3=@_1EM>a90$evkUCZNNW{f(v>q00{U+#7WkGbVRgQ
zk&0>+Qvc;fnnZaCb1wC^`;^xSPPeg$I0coglhTCPGh><Y#VuoVl-GO<W#X)ou3^Ne
zfYUUDu*7Z<B(c1X2~N<}`8{p_AMAv%PO<go)-$nteOXUAag=WpU%li1#NKiHx&N{K
z;(xz<g2J@g(j%^^M=(Vduw5ICESdZafuE^pjQMybzTiP6O8|!*@Agx1s_uDu*@htR
zw$^7RmKJpOrvbjde>7(Jd!c6r5&99fgCPD2K-m!iJH6@~J}K1GH3cr2haEhMIlmQ5
znp9sYQoOFu#2B3$3Q3W{23rZ_QEq@^oj05PoU3N)8mcP!h)$NQot7m_SCvzzo3%P?
zx=_8%@0KI+y+|c-Cof~Q1j3tP%)S8sRwm|)h-cyp8}lfV`?Wd?Gh#ajUcTG6l11St
z<*91i9Z7@v{4Ef8A@a*2R6WY4Ty?Li$<WF0;APzNx)Cm0xZfb6FjZ9oSeMB%B39`*
z0J>s^UN*Qmy)`gaQZ<hUcRU`8W(~Vd@6vtuNMU>0q*LD|kJMv;U_=HL!tO8>W$;{%
zVHGP_tE*1ycGL0f<cKUMc#e}SK)5J_rNrbcTrh4r)p7~dtLkG8j}GRDIh^7=a^XlU
zy*Qo>?425%>AL+M;H0G$X)u7wqrX{^sTePmLyK%Cp?V9{gf~Gf-DI4+=x)D9?4sHN
z3j;6A;hS-3Mu(2{5Yo7#G-?h>P>WEnkGGW+tY|=aJ^=G#klbvAb*7IQgt$sCgh*{g
z;AOOe(PK{Nr@2Ib7m!xy0i#F~mI_{NyKi+V+QolyACB9QdlgRDW3nV5lK}DyQZY`*
zk8VUcFIRNCMfWffG`d2~(ypo-+y%dKYvp4Q3#2<alGKOVNDwxDzKpVP0me#n=*C8v
z>JM1X%`-|ivCK=kV(8gAh6|6QyZz>{*?!wRJU(t7w!9BCS_{LaTQiPAV7Rp)K>IHE
z6Cx0~cwNhE21{Jils5#BSb!HoyYH@g3HQi7V27TE83CohR3UtwP%=5=YWVVTnn-Cz
zXp{A54^WTqJABf0wu2ajJF6>c)KHoj$ii->XqqSDrr8Y8J+`~E$mwneGRt1ls8r5F
z{M13#G7F@$ij{w4YnJm2b4Al!(KvVUX)rv$xjY|y`&q5H=QrP<dteo7taZ-X;4kW~
z`OY)ol@{pQ^VV7P*4y+L(|{oB`VEsoZRh2>udD+LT?mLAUXR&6gM0ZN^Bmsrgy-dE
z6`t<RTCVkSkJ`>!fFZC{HQM0?BM?IU<;+0IA1)XL;`=@-8oBDcaA-YMcvYVn4v$YR
zL+6frNbw}t0N!#DUK7`a<d*6he&aRyLD{K94+x61*rs#A-oLho%lo*zm-D?e&t3OD
zgYG@QueXzfRzn28)ao3|DOBHmKTx+X0b$PhgTcv+l*|~}CzU3diYyJqov=X1hS-+S
zYF$;?uD{f=GDFoFUoHcIqw2X;dFBlN?)$;;`sN(gtcr<Vu{f%_IQ{1@ite)L7U3_3
z>zBhVmIcS2@Ai+EkOcjjPfA)Rq0%2=q&Yqb<^*C9mMaZ+*o?`9qLmGAOy!tdswPnR
z^eG?oddQy~c{8VM-W1j-UqZWecyzf*Z{<BGrjyFND5WDhzxY+GW2TyL%<XHh`?(zR
z$P1U$&y_jAVWg(ym^8lz>t0-7{V0mrTOEcofj)Q#xYwd)n&lYvSKlFjl?0-%VXjG>
zfft1sS#r+N5f)<JOu&1U?79*6L-*#YclEL38cq@$%<csn=(?!2NN{zcCN&W72xx*Y
zM*?YwT`+PW;nrB2Tsond_K?lNM6OA>0qM+09WAG9w|;nZ^6qdCK?QVO@bow1aX_X~
zm?ixi7S0zDl#ORtAkfjBZ{%9=M|FBL?Gs?sN92ER-BmNPxHtpWr;(YZd@>2gE<iA@
z>LEl%cxMKX2YBw<vNBH6RLDgV2bwdT0ZReZOk=L5B7m$w+}$}<Z-h|7`$WVV(aG|D
zCIB?n4G9T^%(Tf5#>_}WNjx<~a43*g9lyDH5XDrf4ts45d-)L>IoQ*z*EiW6G-$E^
z)y!}~s%->}`+Be6@s|_Fe~~+j`D%`N=|hsTkKdhpW#MVl23|98K{cmIGK~bpkE=Q~
zM)Y_CXXOrry2d=(@r0j$H&`v4#$R(JGM;m9@q5|uiwdcX4r?{xzk?Q)RuU)ftu^8S
z-yGsl#NBYK#ivw4r%;ft;?oN%mC$h!Y>SW&9^ON#Vrx+!bilF(erP+Q-89xxF*#MB
zL=o6b&I*N~s19r<(g|274_Vkwkh}e^*nFRH*2o<*Di0aYD1y8yt303UeV^+^mv}-~
z`a;)B^u3}R_(fNEMmO_~zNmL}ReIJ-ct~H|M_TD6eK|jAg{O2IU4P9y%2`t@SHOKH
zm*W}Z(y^`OLT&4$#^(K{_$$dKrWSgtzI(6eL-j>fNixTdXZBK!RT^!|Og8zmP{m0o
ze-0`=1y!7ZO2WS!G<v_{JQws;0ebUv{=e<w!B#|st%wP8qryr*k?od^aBwO=^LjiS
zR)&bfw#UR_8>8Z|iukvD)Z13e@KfU6$|B!Z#=fyt(QjV$8J!&Rac|FVQ&r@fAN%I(
zB;|`>G2XO1;<Os!ssiI`_3FL`Qmk?$SBB9#4wPc-hQ9`aTS>&3hTHcu3I@x?B1zS$
z(I?+j^CJ>dK7Q=L-`yy(mPc}{`G-I#OIskNe~@-2i~CzjrRmQF+YOtdxlaQ3n$Tay
z8|8YRXj`w4XPHKz^wX<9Q5D09@f5Q;kC!}(9-Hn;5Kc7<3Fa)$MG!)HYSf#saP`eF
zDjd)6*g=j)S5Yr;+QI4PPNb6WS;7yaI5oA|9GqrAKY}WhtdI#`S?B)J#=j70LmLuw
z-(oCAq{e(0MTl0pN+ePNC9%*1F3#9l^I<B)j>L8!hVANnTkPLG_e)XpU{IdB7AG8&
z!i-AKAWp-Pn_j7?Dn`#>j!KDhvp7~8f24a2b??tkRsG+(0bSWcxdJN0myU0Phzf%^
zlx!||9LCehGD0daFq^HJqGi5h?ydz3ZsP%Lj0A&`gG3Mb6>H^-mGKoL|Ch@)L|tOy
zP1L(xHz)lxP2&HZj4XB3OgPL)u_Y+<#JXW4+B^tRVLa0jW>Ba#-w`1XwJOQEyWkuG
z$he4xyPxxa+Zw6P%(>I0=5#`FbVi%2zR<KN6^4j7FeVwMk7IVc=ZM0odT<uoHxx-G
z(8cKuhwd~@7AY)(6y7irQF3nu7g=PnI3Nzh(U8p&v_>woq*2N%)~wusaJtV#H19aG
z2u3l81@d`_V{;k9U})wT!<@wf2TZ3z8ZR4M6@#icQ`obHS(!X{;86oanh{}Ir_cbO
zPtEO>e@CjRBAFWgP(%kh+aKFo^MKXdzNn!1@=DM;GAcrDA*rwn0NeHL*V#;jDH9Ki
zknSs0Y|rhh>)3>zOmrWGlI_qC*a7o@97Zr3l-kNtF<zz+oA}pcWX$RmX64N%jAbD{
zMfF{iSTy7;$>7b<2_#)bW`}q{TBtiD@*m!L>})BtJw91xjbzdosg)oIWtN7crB()<
z$Ri5g%&ipCG5ssKxXkaSV$XCtV5>xrs{fFo&KuEO0`^2S$7yT)AV_4W#Y!UXl6G?s
zL?rwUb(@EwgAy}nV$o!$n!1b0$2j8;Y#QDP$>w1YLm;ln#7t$Th9Dqz--*<nr;}uv
z0*+&x&6;4AM_Kz!3bzxsvwTr9OC(Zxphi{WugORr)U~Cmfn~UzL3cWAr^Q;V&Hiw3
z#QtDB(CU#N&k-l-C+C{_h?h92dr~e%dLt&j-*uWMOLeGrroRr_(~sPSanR8U0gCbN
zQ#>MXg!y|7Z`EOV-z9M@Gg>sWNH*1~-^8i+Cr5<8Mig3>gG#F60*hpG%quy+w1D-o
zdgnAVe$ZR!dJavfI?rhVtLur}lq)L>i`EnAELB5Z(aQG9?z@iUmnDp3`G~y@y8#$4
zx9Wu_aAp2II>U`sWLt)b<`g?^)LlOYb+Y}0y;4){m0qKBH1lqdWa)?VE3d<s9<mf^
z7~l};_%57^-5V3UPxNVZL?z`c2GfOWee(*jPT=R2(_3`47~jzM^pC-Vc^JRow*Yw?
ze~M>Sy%>D_%(|n%-=^}uW$6VQfr2+^1ljJ&tJg2$KzjKR@G{*g2?~@-b4`c^+z8c@
z!kAqzM0{xhCg(gWMD#g_t`hSfh5@-jl_Xv-FNlLFnLS$@pvgn6kd#C=RyM;8zS^iE
zRp-Z*ttpmL-5#e!N4iCB+;e49kQs5yHuzy;1^^C_VAKW}h>VAk4S^;3|37ieKC)Lz
zMUQ28Ctj)5FO0|0G7!3X5GFLe>7TM$D6?dm@_8OGl7X40qo!Oqu5HqrPDM8A#@97x
zM=64kdL5dFA$9lne=Z!-)q`Ly7U_!cq!LWh@?eFhh%QGbWo`sFMb0@GkQ%X)FmIe?
zP&_Qe7|(5!Fb=#UppQrEz~Z`t!a>8_@s32R;ZoUdVF9%trW`}nxRN)<I4#`+Rux=|
zu&N^ow#QiAy8J5qRs5B%>zj0S$s)h!2&n4rm+J5}#aDFtOLzO4TCDDRe*@a2&)wbP
zx9seya(|;<t}4E~dvm*7iM30jmANKz$Nd7oGChbpbwQ4aoMGQzO129NzB+SK{`y`S
zeR8gHW3bjh4`s+K@92$qQ`Jc+u@Gxl%+ZB25HNdysSjQ`gcN@lzl{Q<z8FDYypZeS
zYha~Q4~jsWChP1AKG&QjGP_BV><e4)Y^J?q4sW)40CaOVrWs?pfmm82evm_A2|#u_
zk=&`|KA!V%KM@2zi%(;QC)QA_=fzg=EXUnnYyt*2?rWQ6>?A?rEn`#A{js7^ra(Ry
z&^fu}=sX~9m@&h?!cK88beCCzA9N*9MpXb)bqrEz2of+i=<C}CKk2tCMs<>8q#Uds
zU^IYW)PQ!!Bbju}x3c3wO@965I_w}_#sq(NfRElC<|mkZl;bQiiAyXHa-4=Ev^CWa
zTdg;T%^E&52_MQ(f^!m@IFroO!IUj8g$;ow;0vm|O1&Iw(=@bEGh_lphbjCETV`Pd
zF(Eu=0-=72Jd3#on&ACJ`wL-3KyG>{RU>c2Qy`)c9$|*8)m2X<X@D~HiU%+slV#)r
zcW4ZT@7~Ix6{@N0J-Ca~`YmIysX82Z=~A7xG^&UyPR^EDkle?$x@D;Q1n*tP1G-nW
zn1aVaJnF7S=<+ZQAYK9TCk!j8HV6O!mL7iqF;%O3K3q;74FEkfkey#bh@fjg5l!ur
zR~;|MJSsp_ec5-D&S8S%b2wB`m{aE@W@@?zVjN1Plka0nlF0!fIqGvMF>JYL)?f*`
zO0pZ(A^;$Vn6(|m&C<F12k=<KV1Mn@Y5@O|JUn*tY#_T9rF&0X_Y-LoQILl;iH&bs
zU51Yf={?#9v|Pw66@0F9>>UquYd<e4lu(G8o^y)2i5}T5bo%hL&u#|8Jy$}by+Q<+
zkMVexCULTq(WB1P8S(M0S}bCOMo-4KBD)CVsYnf_NxS9pHDbPvRD}eBfJ^?W3X7+7
z9~aGi7eW=|pCS3^)sN~pbDpN~=42^F@YAa%QZU|tq#G*X6wd7QjKSejpFY>Okb*T|
zq!@RFFQaSEFw+{`^oXb60iN-g9k&nJ`$u(p(+-cbt3iuuyN`h*LQ+};PWH1{o>EcZ
zw51)aBo125J3?Aer)xEo*+Qi3!(Yy>Fjxi_9zLF#YP#G!m;9l(=!^7QiZAW3<CZ%l
zSpeax1lAG;kpMP;MJnz>{J?yig?H{)pg<q+3==p;lq9#y1%4Qeff^Gctr{><c!z+U
zK_pI%7zePZ!&-7}>r;_wn3J-i5%gD;-6+;rl|JVWXJR7KR0OsXXW%K77);!9!8qp>
zLZ5|7jmbglFC~tffM*=F?nHeLX>g9zYyxTCTve|a>ua`5)lhc8MRWj_oF%DRiH5_A
zeV6({ZI*ySg%+LR@Iprbh7uRlCL0*MAbm~M_ZN{S5SoM|*g<h3oTenEp*tL2NUEF@
zQ&DUH^k^6lv#7(oc?~(&*fE@#tU;YcLJ76yplX83ox{_#aM7}KY($idbjD>8(;!9N
zpn(GH?4@J|G_N%cLQYGS%-QvzfkCvy6oe%v5098j=YM({g6h-fmWWvr1(I<BZ8Fd>
zw3HEAmZbQ$Fk?JQ;%SrJnAL>i{Y;&2WTN^3Kc?z1-A}~UY{NTaanE{vH;3I+UrWAJ
zqdVf5H$RsiGcME|O>jCmmF=n(=YWEhk`&Re^w8FjOBkxBYD<SNI49~5s$t4wx!|dY
zGYmp=G?l^Wuy1q-EEZT-WKE8<MP4C<r%6X@va9Rid54|q6xDt2Hj<tzB|~3Gg_;wp
zzZa01nxqI(GfU>gky1P@`Za?I{J0Ph_L7U_b@+sLM<U~UHUEKpQ*y5>B~`8Q@f3FM
zax$?xyGkH<g=cEB(CIY$TAvf@yHiRpOjlfDM^OS0T$H5&uan6)A5#j2ykBM-EkgB=
zs*+z>BZ}+@(#ZjVa#gouEE~juqMn}OphwB{G(AX@q^NCEpS@pBCSZC0#ez7^cpQsJ
z_xX}`;8cu-TGMkiCW0CR-=HQqkJy~Uit_VPEX5%FMPN?I(@S-IV@^PnTe_+kB}5}1
z7)FByJ!E(bh5SpQHf6S{;t0`$QniYSI7>r}E1QlBJbAFJ7lt-A3Uau>EY!%7hOrng
zvn7x6-HLSk!;1m5NY41Jkokd{5s;Yr)RUz;nyKgYq*P0n(stF66TdyUed2NYxX_J~
z2`Vph6ipM}d&trEeh5=BUGg+g6TH_Si1EJ5{uajWi#Rp-C_%*oTj^MN`m~{d`wsRI
zJW!W+hwTKTl*3EX*f16%RShAV33_vm4v$+@B5lezu?GF#4Fc{<rNxv1n!qDqew^yq
zJY0Lo!dag8XG%dRfh<iTv<8wiC-@B_WDDL@rXMPIHx=a+JWkLb7_!H21>x_S5Vzc-
zgq_`lUT9LAfCa$yRaQm7syznkV;v^o(u2yWuCu`?j@yI4zoAG+7)ru{P}VIB?-i`d
z?t6gg;u?<u<AqIU<5Zmx<szI+!~v9ys!ONcJZZlEUvkC|k54*pg_yj1d;DfJIXryb
ze%lsfF=@AgccalbIGntB`}*zV^~u|J;@v1XJUTiai9ozQZk?R)H?I%H+r!tZs-`D9
zACHq|oH>uuoi5(+Q^_zYGw(V!acoXYR+a7ez?{dbJYyvS&_CxqQR1-kUNcc<-7FI_
zOHxR@ibST=8eGM_p^N-&-{CXgJC78aUZ|U!s#QL2VBfXat6|0_3Bi48d!{RdltCI%
znH15)6O|>nr=sD*wUWYO7D}R*OZ4Ffe3q)lO;66RlqrV499FviZHk$$e-$|61z~G2
z)L%ke5mS9zsas;KZzR5mxt=Sy0()KmDlph9#=1_AtsLkc)z%6@ZffL;Sp!4#SI*MJ
zpO>pyR{1rs2(S`bXNB~qS`HF{PLQfn7`UP#85qwnyj)1yo*_xh+P^gr!FDq_<MP&G
zdJE_cBlAEP-k_!()TPK8*-SL@cYvFdtJj_4D-a)^(SH`N;-9$}^B7{R0-D3#^TSKM
zS>@tyZm55dJWm0c9F4|D?<S+xC};<7+i&>E_~_)Ybu=Eo8H;yEug7m*Pev_%eDv;w
zzj-TK;wTs&w#M)H+x7_$-b_|j?pM@6axpihUE?{Dr03xeGvg`rgJ;VGJwut%!CxC{
zGo`&(wOHoB&)l-<O#pi`(E%m0y;m_UTPHH~i(*#*xolKGb&nN7y0(_RPCeA0^7-2t
zN&5ZmXKw8`Q(=EIeK9`+y}AZG<4U1N`$&0R)iVQprer>NCs{`-BeA~nRUSNRy3w&8
zZ6;8n@#kY$GNUltA561b$;6aww7=d69{iAonYfO}WfjKP0q0=LiaT$5xIOMiI_*||
z6gQJ6Hw;g^;9OQqPVSNJ4+B4fbt$25ZU)^ZJ3nP$>`A66U(6o0Axi2*S5MZhcpM^t
zTq=3vsP*n-XGL`e%h6xOIP*IIujR2;V9x@C)=z_-+`S~7@|gIKJ8TEU=bu6CgfJ)Q
zIH&93#rXS67oqv-WE^_&+UJM2V3WNG&{XKX;OuIEZVB`+fVqyGZ92(&S2U+h_D5|m
zgsk}HAB`R5&rNwZ-fjM2uk%Osb_3u3GevIi?VFNwHAC}IDr6Gf3Gl`1ri>oJj~B*M
zwp_U0_+B5)tGe<!IHw4yNm+e5!<n@azOUVR+j`sH_mqXEYX(wnfoDh(KGM}_{eR1S
zh7TXk)p{T^O}pS=j7&r}o<TgGlj%h7!#ih0l7Pw>RiorPgZCWWW|sL9?*$?fQ}7P)
zMW_u0lDu9Pb^?-M1|X-;vl&J8K!XoZygYzsn(D9Zs$eqVi={gt0*gfyq7@wgJspEZ
zcdEH;azhs6t*f+p2LFFW)t#V)3_}lUdba5sCM4l?OV<9sufMOqufMOqf1%(13jhHB
M|K<+lyZ}TI0KZW^iU0rr

literal 0
HcmV?d00001

diff --git a/vendor/github.com/cilium/charts/cilium-1.15.10.tgz b/vendor/github.com/cilium/charts/cilium-1.15.10.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ed4c82fc52c2ee5f7a099e87375f60aae5dbd20d
GIT binary patch
literal 180660
zcmV)BK*PTuiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ{dmA}&D4L)7SKv}-V>{tnPxIW(7g>@$yd&9+B+u-Allg40
z8zeDmHhO_>Nt{jgZ@(X^3TSk*DN(aC$)1y)+<Vqy1BF82Rqu*qB8yf3Y{_-rTk}=&
z55N9@gTY{MbZ`LwI~WXV|2sU|9}WItcyK%z?T?O*j}HD}FdQ8m5B`A-egj-K{wqw*
z^*;>$>apsR`#<DAo~A12xm2kcw;1C(mvbKF%VO4(svqgtj9I(O?qnK|*%@q>k0O6i
z`fjQc8Lj_4W$a#PBUL(P_apmf%2#5{aAT#|HnVM|Fg^UWC)K~FEyfu8cNR;NC4Bu6
zI^h6}MquR-u`rRASq{Vehy8^$HkQHw+)S%`84JeaSlUiJVe=x5@SieYvzb_{G-eM=
zo+C7AT&I}L*39HQjk%85x5Z58ROAG>GI?f-Xvw%?`BE@GlNK^U%N65Eq8?bT`Ft)T
zHseObOr`Aozny<H9i}wP6+oQJBo~_ToL%y@(CoPP?`f6bXGvjlp&w){cA`CiMM_6y
z*C&>OHLgN1Y&iAZRwd}Xu|mugS*CQ3c&c<R7loGTf)R?2Xb2Dyw%vH7l|f>QG?!X1
znqG&=G)jtCrVD_{vn*KyKotu%ms&jVBrzL=y?D%pPI>aZ(szmC@eTwP)a8M?>_A61
z3JZq`NeAGo<lE@uXl5z|3-%qGE6p5s{&X>xs<d0~Vdn9+Tl6O-Q-DEq+#t}Uig<D@
zVyQ)xyLBhfPn`P1cGJ{t=M4vNVMOMJ+-<Kl_QCUqhZgW*4k4KOOn5?y7@<ALd?{1L
zao6O^k(?Dqu!tLBSR(J}ET~v?aoqEdH}*7tJ2}1Dpr38_+zqMX-S0&L_tb4@an~Z#
z!iY3CG#h}q;wfL??S_qeY?50l<XonPafD+s5y`oX;7zbpunn|I*ge-$6$Yu}T2+oP
zcH#D0ZV(zzW5(@eniqx{5jmh9L)d=wUCr%Z0MZV!LCr~QkA42!n<KH=?$1pK_X*Ov
zX0)@Iv~+>VN`>HMYIlu@3T>N}c(B|*GX%?mh&UX`rHq!;cD`mt<Uojo&qRW|*LG%H
z3&xF+i&VrcSM+A3vAmaY!4oFZI8)ND_%lcPf*S5}jy=#FF1b3`CkW}<hWoU-4T6bf
zDn>FW4ZFflklxsGmPAEMq>Wu3JPu5xbEPA(5-C1DIARCkO{SJz(83tolmmAl@}<x)
z61`3Kle8~b6bWPIMUt$U$^`Cxo>+1N<R+5eBr>XB2RzA^e7KeHw#Tm9*pt<dv&$Ml
zV}QDKH5OVG8T`vGhF=J`2b&k7`O4X{7&|UR%Psrvi&0&Og$4S7=i-5{cYn?VbX#Dz
zmpx}VBBLR9d(ImBIOf#28yD_mbx*s~HiUbk!a5~_-wRV&AEc&TBclo(2}fxHoGW<k
zEH4p)dx|B!NblA944#0Ei<xK}5;NdPh3$!t$1h+<VO&-YydyIjc5}}dO&&jKfs`>o
zt8Y*2yQS}CWUrPilj*{E7JnviS?q*GjMqO6xl|^1lE~wl$<zuI5!_yWE$k|a$GqW+
zei21qM#iVe*2IW5lIsPe@{H*7^lGA&ov6upBtmL!+_3LHOs7Ivmbg(eYQAJ=i!8%V
zFBDJTeV8&DZnqO1bO5k)r0qm?VHr|tXSppccwX{X(3P-6kQHXjY@-J4_{L4Nl^V1!
z8@AFj#Gui3JB&dG084vogBW;`gPhz*6~gu<RIzLDGLl%*znmU+oSleK!Kp=R2+kt4
zTB+3Xg7(pMTcAEk;NE#^Pn8yPp+y>rm?8Mtnyrc?msx_BrR{InT&vZVJ+g5Lz56gd
zjqiodrGY0pq!@sFf@(bMxWk?F?!y#7ZVdP&<tnW$;R*x1F^k1qrZ{hU<cNwDycjp^
zK_rR&U-+2kTFwf~lZO|)?-PT7NGyml_9_!|`6xEk3hzEltr+&Qon~38m+v$X_jcTA
zB~EUqX~AQr(qvr~>hO4ln+^7w1l<Fk(vYX~C$$&c_LH1FNK4$rC?{j$C@75EAuQ7;
zn6zx*3Ws@;lArE{*3wGAn=IQ7WL4DtiT&8BT~h&dSvmU7WOiMUWy6!|_Nc?=S;}v!
zWO)3JC-#BVlj&5cWOsTbipMkRE3-_gWJhAyL75xX^5-~iGbPUL@dM7iv3rYHd<&xS
z2}CiMO{Soz3FpghkiFPEa^ZQ~l^R=4+;(O@*bcNhPj7}2DZJJbY2ZSyEHJ)PV%@#x
zNg-Iqr8e%k@hnSZAn!Z*H<l5nBgj!xz>G*lglBN`={uX8Uw^Pd+)kHKBx8*t-;NiN
z1<ySE?ey?yl;l9kehwf|P15kBaogI;f(a^q^L6-=g(`6=n&1A*(P^5hB1LKQ1w3Lh
z;z7q3@`;xt77n`;uh@iX$rxnFIHCX-i(KfHOuZ7xG2iy&z~yV7FM?KXA}bBT9gM1S
zEw~e>J9a}MDA;KoVC(NCcS@=>7kbW{&fiqUFTIR16+e3ig{N<-;^%Ij8ZN{LSn0&}
zv}5@#1|Z#iY{gysRoD?uuh?tZ6FndlFi~CT313z!7H@k0p0-;&li!t7Z1F7fe-3-Y
z!`^Vvs-P&|P2YFX3iQ!yFFNdow1r6PPcyrQq|t9Jl_kM4&oeXb_dSvNEg4ye{zIJh
zeloF0<h|~tBJVGj)R_L~UsqhF{c{yrSrLtWeYxTbVfu+$sIF0o>Y4jR>rSj6l#b1~
z)n)Id?^|8Ky44MhVBG-yR@dX->ei6&vRkc+St86*soXZcD`vve=+(dc-qPu)H|P#t
zwZeVTBAL=6;ikBdV3CZ}syegQeVyk2-S*V~)BYoJ!sBCpBL{#d?f?772Zw{>y8Zw7
z;Nb7}|Nn~r_Sk!w2(}QZ<>8U100m5v^zZzs?_cpdF_($>-|YMo`}paWU7SyDd#yco
zyOf66FZO}*M(zd(w9)=4*lE3dl_kAatF_09Y@xa3mR1?hC0R6=BFR9i(}o&=%~LUv
znnDZGP%fP%?}}&kCU5Pz_ZQy4ROKvM@^m3sq-8Fx@PRl4kgR|r)50R})W?2q2?zGg
z!qMVSh1B$5q~gKNlLYeC9(xZ)SiZ^<Veh2l4jcAP?Emw2%OuC_)v$N+s@00ctXNp4
zdyjRy>>}l}L@@Y~C2Fxi)scXo<1w4_#0b~ev82L2x-(@g?GkY>5(9|VfzZShJWQe7
zEW$xo!WjER00>VND>EjrPryDJEdib>W?i#3xmbCRh}WXG=&`$dlPfJc40Mzo7W15E
zJYO<+a4j$M1|Pn8q8^wu01XV;78SeNHDts}=63W<Xjlzl@{aoofFhNqXp!pyuq)Dn
zxHTv4(uf=w8_qzv*fk>Kxc^NKdOgIy?Gc6vwBG<w0DNkB^9TrrplR)3D)dj9KK%tC
z=-&=5{h2vF4;N63*<V^MJ>yY*Lx3X8E}NROYtp`U-@&mv1tW;v3}70lN|7x_I<zs%
zbs_ALt85%#2Uu1lR+5Oc$Z_5650)AvzzdBHO$+{KS|rI0wjNu6#NM^xW7qcWBCs}%
z_Zo@&Cg3LsPX@%;WB(e9IWLmjw*K1wOTTAtkUq9)e+3o-k)HB=IcDwlcEFAs22K3k
zi6PnX8)fp{I)aNz*>S2gcC6D5%_|bjSXQF9`-mlSC3CW)2*wwna7tsZD{1Yu_Sj^O
zUstL~K{BK*4Of%>5@2;Yod9OSUNDgmu?eoeLW{Vy7mVE5GA!PS_Q}g}46X7!5#_+M
zHH$^U*Y>K|vp`m?NONf!XQA<uFXDyB8O@A3vRtl&VXDY`mSkr@j%%KaON)))#jj<W
zzhSpa!Hj)(Wh!D1L8CILM8%$QV<q$$k8-#-4uQ0HC-z~m6B+hKM?E$i_@9X}v>%TD
zxy9I@GSh&?tk5Rk9Ru5?q_NOW#bqxqvs5}qfCe;$jI*U&EbT?bbFn#v0NHR3qwRA5
z;Nw<{G~a$cR#YPA32*jipVDMqeXyLC{z{l7Y>HKp7d&CS$d^{ECYKMu{boA3zOXps
zktVdO1pJ)JKNW&a&Ns%sDohT-6}BM1EuJLqdKNK&q7G<2B15u<r&`U~(9&ddc=+5@
zIsj_L*LK7Klk@6C>FKs_oSl!1$811H7!*~)o%hoyf@264Cm1DCt4yV!!meFSXYR`@
z!_e&fr-CPPE=3Ied#x%^*n7wUkuzC%8G~vklz>1mFLDL<LeMC5)?|PF&lYNgWQr%O
z0c!Ac#Fi4dSY=9cy{1F`oP5=d64{r=6vFg}`)`jd3~8AgD@Y<i?I2DMbU9(M5+;3>
zJBy87(VJ5wr^U5vk+qjof!CK6B)L{a8u!>YB3ZfR;`6y6Ei;XgTb>0_>EVV4*CIzG
z_pX=MVaM(SQBK{y`1Z!rg>YzpvUl2pGy-nRHMoz+MXI!jd!A}u9ko*Tz}!YSD?o(-
z^ZQt*MAt0~JHKHodl*0sJ`-W%4PLIg2|SD!>;~X4cGzHD$BOI>IFI6;;O0@>^-tXH
z@LiW(#`p!`GcD$cTr9U8lM4Jyi!Qc)!3dTsewy;jVm3=e7aG<9mpfn+av^sCTgVq6
zOV{p7nB{3Ek*Ro^GG&J@cRgM(ATmrPkVxo!Axhap&ch*keu!S4n4TS?w-WhM#lMfV
zO8-AKtImO-y?h2;C-rtM2=mejeFLO#m<z7S6UZ;ap1UmXFGO^MQw4o7KJyFBEsra-
zRQRUS_D7!aoQsu8Z$#c}1)V<FK2zv&18k8QvmuQ#K~WeP0djH#P~J(T*Mc7^638hu
zDa8wXJS&eOHoR6zV%f_oZ16_|N^p?ulQnx-ij<y#6$eX0k;NPyE3J~`Q;~Zuv2iD_
z85a;^dMN7HMRF!PE1ZG1oRzedUXNM(PX%8?yhQkTwp)zld@*M2d(uwYU#wV!YW*>5
zPv#$0K1Hv)HnK#x3b9-Wu#VtA#;k3Yd~|p;j^e@FBffvIe{wX84^G7B<lyb>V6Z<Q
zL<hscY(AUqABm%bcyKV9502iBX2<)pxBJoC<M{1C{B{=GQ3@l@32e9&^SOO))*G9l
z*W&caQXy0EX`0K^;3wvpvvY7uzloM2F09}<!PgXjzIYT-QTiEmS*|jbsKxqQu^zKh
zRb&Zig*Lkjpd~{a*A1Dt#`Gg&E1pNoOYoE}e`J<-?(!_F?I5t;IWt+qB<*_}4pBu&
znK4UbT0Dl(a+P?!hy{q7()j6Hh68POz*O6Pl^ZLkiFv8MuZ|O|$XIzd5?OBgC8(~r
zm!Q_@1C%aL<8C>8zZIY|ZgtBCm0dhalN+ayu#|4!i8XGv;NfNM3(La(2R3(~L9<~u
zu>D{6qX6D)%-SCnt+e=$DVXbmA3iEvZt;59I|3hrH%@Z4QdFj;0w?Jx;l_k+ht)-K
z?apj7GzobL{QTpMGl+pqP`?-~(|)}(rOC3~EnQ3daca7mio5i!zXyMG@n=xj#HsOT
z*`ak>h8+33#4sMms5A@i$Ka9`kGbY&zWJE_@Z%;pUb~>UUKHqIgZ)qSV#l5$y_Z_0
zV3oY*T3SxjLAglpp8{e}=9K4429J;H^bP%bh0>1gk2{W@F=g`ZD$Tnw&pB-)=#Od~
zIPU#bn)ie6ZlE#S_T_e+i7`8epbn+i^i>NUTZz%Xi{)TiWqiTW9%nJWRi5PArhBiF
zV&!S`9sczceXzq-NSyD2pMtJ#&F6CALJHQZ0L3b}gRH~owQ7t-#x-9F5S_tGskKLb
z)xyisPJl!B{y{9a+FUMxN!Vj-wWfAmK4$IVX#b#H{dqQK|IxKSF_sIHvtjV>QSk45
zN0pKh@orSK|A9wPSr-)4Ri;DDeuD6v*QH-+k;X!U*qZRtih%9kw3_)HXOaX}sCdjb
zxf{G4GT>sMDYf((mD4Oc)hnf^T7hi?b>+tE^S*}QzLNSv1}Ds3xV#DkU#J}RZ2NNx
zlubq4ex70;=N3G^O>@Ra@adlPP?nueEBqNMwG8`5um5_<OI6vQef0b9`gQD<gz2~Z
zub!F4k;imaqpTRSgTY|1a)(!}fXzDiAmJB>U!}uvv;E<4bR}u7<(B$KH_@tcw!VJ$
z@9PStEwg2}d^Q5SRCR$zFH_!EaL@jDYHW)!8@LYFwT4V2;vTFInU?o55ex80_kYw4
zJ~tPamKFJB+tLW={3-K6zYMKKWA@4nUXdc>x=6u?3(zxJ^d)CTrjcL|f-U)dsSwHW
zH77*DLBc6RK7-{h;;A#hNl?LX7Rxy}_vCOK7&k0Y>4E}j*9hN5g6&b8doB|&fheRM
z+M9a8p?U>q+6hEFLpKB|Xo4sR1wU`2nI{!WW$+EoiDNKfT5w5=oEa6}iQGz2D`|}L
z=CZu)**BlQ{}^_`$Dd>=fvOr7EoEXCT}8qe-}l?e<z=-ilAhRxm5R{`U#lVqE)$;b
z4ikCQ>-9XCj~BOJPS39<AD@7QVy9u6KhR{F;as17|0G7Km4qx0XV_}RGv9YIJ^OO`
z>FnETXPGjYA=W*6OB)%3J#VG%?R*sNGtkFTyY5^I;lbYg@#f3br}NL37as8Uf~CU3
z&Pmz$z-C3xR&ue-L8Tae{g>af!`^U+53Lm&Js7twUfCh8FK#}4zCOEn)$`vcDRw?V
zgUBnxcw#w@HG4OG4<~MVaeejaV`UFk@UAY&nJSVP9km!wAbK~K_rl}hd-z|jFDF-%
z+b<ud*PqTRfE~6T_B)j?EjsTlJ{C2LB8h5--PyZ5u~X>;oS`n#Tza`{k40K`m7Vha
zus0g@22AO)bxa=)dxL;N^YXBE0{p9rRNubqFf4y~H+}D+oq};CmL}2ySRuV;94(zL
z2ntQL75hNOqdRUdoWMT+#uMxO^z6&0?=G&dC+8Qnf#_V<Y^j%4CStEo&o0dyd;f4f
zlR2o-?Za+fj=}p+-+#Qg-W*$?%w%tbh2|^rR)fpaun&{-mydLFar<F%{=$(y|H6?z
z(@0O;w!nyYBk(W%T6>+KFEluV@8y*X79j7c_X^s)VhH7l!}ZzqNR3Ecyoqai_RaOD
zPq&qyrnlFpbbeq8QR5UKyFk~hO_V2HbuaXTmboyEvw^lZ(DajUS<dU)kyoZn=@{7v
z+TK>md1Y8%<WV07>%}aV`Zt{KmIpEsJnhmm2|oLcQ-x+Igx}ak<t(oh`aOeK5)J_-
zWlkn^16IsbI6Z3WS%5$<2Cwuh6I@s`5%I#l$V(aiTy?kiV2YGBFUTRJGVr`1`l7(a
zK35v}6^TLr35HjCIOtj=i2ni9!<qGdyXX7wZ|C3N&S&0EQu~McFw}uFlWU%f#kz%m
z-_W1-s3H%2t-#^uGkk6_ro+GSM6dYc=hS04W+OXZB`Sh_hrU*Ixx3ZkcV@O$Q7Y?x
zO{d@9uy=p_boOxqUgnF^ZE25vRJr%{0~;`tX+%DBi9iX(_V?Zd;PMBIEgTnuYb6sL
z)?OE<KZDy-ITm~UmD}HXWS9N=2HrWrf!sA?Z7ak*d=Bk3H&ro2MA-8!44aAkL5LJg
z-9oqaTolKgexbk35>h<4*uTq>&xT{fVufn>B3G#G`lw=Y4d81g3{(yXa36ulq9Ox#
zOqolb$e#lb58NKF3|onu$2{jfr%n;yo)|lT2Mu)DSg|?*f8k<nStz?m=x5isGwf=)
zy|mMc(YjByTyecV#h~}_qk9A(KxK?M4~EXW(fjdF&c}>Ad<Wfz|Hu6Y9dnWLG=EVS
z^dtKPUC<Bj1>FiG^eH72ahXka9=F94IpZ@PC8~%wb_RYsv)|Z7b={shN;96u4>Hb|
zlsN+UA(iEFC4Uy|_G}7Q@#phtkjDu8KrCC^!WRhaq@dz~$CdJLLBLRuR%EJTvdUbX
z-?G;iTqjbPoSln|>%7pSwa0GdO1uFdxni+|_oH1^fnj2ZuE)9!K`NzIve)vTu5dne
zT5V2PrgP0PD9#?R*WfvlX+dufsO;@D-@Utjv(+Q`G|J_@y$9aCy9TmF$};wFa-7&?
zflM*E%50{q%Tbz)F%MdzQo%l+-X0wFKc3zm9WY9U(MoxKaP)X|K*=iV)4P6ub}||s
zb}3Xgw#$*4WQVQrja)2mBA$rJG~y9t`~qGE`7LBUn9T6o3etQj4GwqA*lw-TyQ~Km
zC)XCz2&B0WkkTS9qS7>DaxEjv`lNDYU(Ymd?fFgQ`iL~*nJK&@bi}n@Hzoe*wU)Jc
z)G1`gEU_+Ul9woNeSgYTx*V}EPR+EcacibN>PGu*8_6;xED_v@(g!{j4<u&%fyMOX
zqrYiXXwd2<f?KAP0){PvDq<E39(NcAzxlF3CZjv@283bG3E-Fw4~@eD*3Sww_dH=d
zr*Jd~WJ5r(Fo2o+m8Jmyy0#zA1&<S%iZQFgwH%u&a{o+gk!y+XGXUfXn{%0%5L~X;
z=mjxmBh$1P8C?V6f{^b1sWsW`wsl=xC|)TQ8<9eM#0SmuLguP4?DTrt2-64hjaggd
z%fY5k^Sckz)@+g0afGOC%8DjoWr>gY-%PA#A~v+XXJJ4F^upGyx+sS}`x}m38<Tc3
z7}wnzT_!EaJeF3cYMC+T%v}j1o=ja{xH2AkG7bH(DkIcD0$*jxYPmdUogv3pJ)Iam
zA~;;*M&$kmyO$dLZY^1WN7Oze9q~f<lKUu@dTJAPc71Moc5z5MHBES0zgF;?q+oKm
z?K9hI3txmbGc9tkuw%9ri6F}KD|qI@4M2y^9+!Jjh7D*1T6t5080z6En+NqM$8ej4
zzVs@dQMJXnCG4DH0s92Naz!|Yf{+2hcp>lMr1O}RErG|Cec>sXrPaz-d2udHr0#{@
zc-$Z^<m&b_XeXfsst?ncP0p^SY_9pj2V8co2o2uuSppg16tajucA)8&pJj7M%39<K
ztj7(z-}yc<A46aTRZvUf97w`nij;lzfWF%GrP1)}uJ*E@0icK(X+8GX*I732X{GY7
zICV0_fQc5<Z9)<sv^v4vu;B}qDeoyenNws}EDcO0z^=n&{>m`%n4uFe$P?HaY(s<^
zL7HXrxe1Y{s4$nUC=M}4^SoE|q=B6YKlw-A&HstH_>t^Bv^1%C_Id||jd&4UEzH2?
zp8Ji3vlx$A->gl4Zu+xq-m0JSOp9)C0jfC!?6MWlC@86i*N{x@DZ(UQdt@JF1q4ma
z3Ur=EK8RVKCXLoT^qO^P3a@xpN}81*fZDY9Bd|?rv6=}D_@wllrVwYqzy+Zm3i0)D
zbTB$O`HFjedBw9U{s=KpzjQ3yfcW0jWu4SKx^oe5pcs1+ktn~7{yH?=x~3}aR&hZT
z2%oLEjE+Xbg9F6nG+ozlc@7Kr@KuR|T#Vu|bMKyA5x8lSnWOvB;o<(#UpeWIr?)#0
zIpz7ULt-Hp%bES-`5|r7aL|7>(Ne6?w+NMBKcq#HbWm&+`p1n{70AP*{S#QECiKnD
zTg2Wl4tM+4<{5aw?sw@UoqL?U4_;^B_k|zc^nTIQ5u8H}W?nAbJW)J9ItUlf-soK;
zf3~|E{3DZu(ft$z3zw#SyqJ2Vj|n_aVig5hBKjij8=zL7bYy)o%jSIxw!gVTgWg~;
zI<!l);@SB+<trK8$e+cvy)?H|7#)<<obkm%3v?TUSvYHVs&bzw*C5j0@kGYnEyJ=J
zsY*qMCF-HWRw9NBn6z}Z2Z1^*M;KGHElB0-3?i7V)Z#^!MuZ>~+QQ%wD8<X$#{?r!
zNU9pM_MvGv42mq2y}srNUl^8axmbw$Sm1PREH1R8F_2ekiVTG7zZRQI7`(S&$E?kh
zq#Pg3lrB%A%WCZ`W4Us{1e2+|=jaM^d9(fZjaO@?RPx5LPh>EdOxcQ?KNUjrSOfwN
zroY(OPyiA4lj~Hu!f=R?hL}c{@>4sz56Jpv2}TT%1H7KW^8XeX@KYw|(H(njd5Jen
zIVi~*L->>yOxRAAhfLPsB2P@<YryjjlXK5%lHJ1R5|=qDM-rY}LN6(my<9<TGd`P^
z_mV+2F90@MXWST;ik#Bd)0+zzdmg;uBKEYiEic7_N9${($CD(4obP1@mD}m{r$77=
z6G;QxqD3O@a|X!=$n3>*k%%&++{dk1+Ec21y3wA(Gl!&<7330WDsPl{wB(YoCU)bB
zn0<G7`jN@_6<+bPY|aw3kP*=h$NORMV;DecFUPXmgUpw9EqS`83IQ@*G~oHej~2=M
zgs1NSG$2|L*{APWl&I*=<-*Ifnz;+Px_wwKqdO<j@uX+vk2BkKs?|)?bWe!@t6PE`
zr;n4zoNl0Pg`Jej-22#i8*pe7+6&#F_gZ`G`_t=>laC+9;AaII+K6lM|Fpoq{4SfL
zad`_em|Tt|zP}0=Hd&#hRvQ-s2%kl?0n6_>Sx~?I{O+O)JGgsx`tkJokJT*;J^)!J
zIGn2X1DAPsu5=e9Q`n7d@b?WZ@N9+_>x36+w1klTiXZ(RyHeWcP<8gixhl%Q+eoce
zGWW?8)SS(P-Ivqr*50#$qW!E$lKyBg9PPI(!ta&-wwQ@2o*kk>X!i@lh0Z=s>N(`o
zn9XEbde}g!SlhM~kRX~Dp}05}f_)8U(p^E@-!N`tS>&;LNPDGjmNHVvIa{mZl@_I)
zowk_YTt4>soWxl$f90UMzjt}=&pu9216IKZJd6R*Ojyv)vogjS56*xKxkEbiAcIpS
zcQ!J#Am)lK6f07+BsgZ$dpy)%!t(x#mK+oIL2mxcF1>;W%Tg~(iiJ!~k4=>^vYzgO
zb%Dci|K<;-8>Q0yIZt?+ip2d1QEW2m-V5@Lh0GT^M~6X&#g(c)r>B61Glqi7N2aBA
z2k456fvCDC)jL8%`Z$0tVrt{U`6VSvb1o##8Q4PSd9*~XwSoXf^4OjsN<GxDfWrvA
zI7JGo6<OwD163_Ou`_O@3F1~>nTEY;cSaAhM1U<7&5<JS*nzk)#Y*_Od5%KOD}?T`
zQ%IjjCX<L8(W&<VxR%q!<-_;C0{WKg1!kkAHoaiQ@ME}USNzVeN^bwH9#WyrQf6h!
z@~`086s6KK@xAyfF*ZuCNweg)c86(Ux%L#|BtV{a5$AQ1!72FqPb4dRnen@?!CGUs
zAH!0G_CJ>lhJu!2RzSx2jm__lqR&RRNBhKH7nZ*T<=vyb1LVD^-9|O3LM`aPD;$FI
z^5DMGBDV~RN}c4U=Iofod`&EayIgEXfZ}@3pmGFSJTW7aNHC|*D$CaahXQP}TD+Hu
z7_<I8*L_{2^`QS$_7b)5Gq|~v8GF!ZP^EWsgYu+l3jMB#@qDf)n1O_zE4{+}QzgGo
z+D%GeQ<z+>EIGGdW#El&`4D<8HV3QkGGIgjyh`U3Z&cZsJB~tc%2x0*nG$rB<p6yq
z(~`s#@e@Mk0rtr1@)+NV^2y4%&VvnJQh#0~^lY&QjyD><3-%|y<t0)@4!TZz%){I>
zLAV$#vkyRWw-V+ON!H~ta5tr3uk42MIl5kzol*F}sn|=>Z<q4<92}D8AppP(swvL9
z$egBt$7iX;je((Ll?Ch%4!Z_Ya(Ng%nPx@qsSkHICX0+aK{heCxKUM$VGdLu3{$mo
z6WF<UibhN@tz}wJVlqU_$Jjxi#%mr6Gr-g(=2>|l?R2=*hJnB9UWwz_j?t}Vlx^Oy
zcVg{WJ&Qt#y4zZLX&pCAl|o|!!ery|SU?1CiO4fY<^lXZ?T+-MEwKsI?G>AWg=}xF
zs~~JJUuFGWr(YZVnY*F1f6%HnBV{+69p+r>t9m$N^CfcQODJIWBo~$BG=cE^hJp%&
zn){TPjDoFQ_!FyzKd~VEX*lrFPd?36Nt2~|U~>QkdV>YmGkZHkDoIFTPJEP#qC$K8
zeB!dbCf&NzVb&9Q4NUuM%eIGxAI<``(?)KvW<4jNO0mB7O9RGKK<X*f(3Kq1%TV1u
zZ$gXIDl76*(FgK|8@IIwM|8=7eZUxKJfp7~CiaR_&QxDT%0UBCcS(D2Rj~qWk+CAh
zm$NJ#<!r)m@!zWV|91Y7`8>oSO|ST416czuzwW16W*x71@$Ip5k!cY*ue>?GS0FCW
zvU$(j=$zACkKL*;KaNZ>6>G~6ca5WMSg4yucX^j;m=gDMgK8^x0sD-5k(P@7Ny10~
za*V%i-(=+fA=9e4818=YXgT^h*xX5-o0t0PjctCovfEt8R?@#kxWQ7~a%uVRBw<UX
z?r5sO)1VH8LNV;BBB#TXWW!4&-x<iJIXMR9#<)qzYwtwo4exdbXirLE3Q`%ut)~lO
zW!g0cvPpr=9eOVNdFJHE8t>r};?rG6OpS24$LxV>Q#kU9XX8qIb0^4|L_f8Akc`u~
zJp=G?-*lJ}<as5MjQJR0kjo00#4c*u6thUJR@~)(t2wtK8xV+_phMvs$t26C^2UXe
zmZB1A4679bOjE*mJ8k=lSM#J3-D2T|S`M_z6*GJdS+D|R@m6v?j-xeuEgmD0<*uY8
zD(+P(-cYLSJ**Pp*9foxW&+|Pki*?8`A{qKfpt0(u>iHKmHK9hitaY1T6TT6c8lEs
zK@Ucu#BRYf?TzD{27FP64qmRrHMZ@UZ!@xhQ1oe;E|HeOvt<^A=5+{Hsu}$qR?1Gn
zUK|apHAzX@guL6ZT0C9TLuQE3r81D$4h^YvE2|fnUcmMQA+=5gLFvt^t7ZQ`{2j*M
zx*_d*_R__&l20SuN=3DkeJJxhX;sQ(^XQ&HA=4FYGrg`W!BYd-DtXR0gsF*~L3K%Z
zH97cdVC1ndxyyj$q@6r0Ux##R?FF`-n7y`rp+i>WEEbey|Ng*LPkTe>Ow`)wA~nR4
z(8WxOBD)>De@e&e<k1{Z$!8Rc+;SQSkT%qk-&>FzR3TK{R28`(dXzU(fhJa$7Rf?J
zcqDcM8in*+8;ue?TJE(LkD1UC+?l-nsALK~Of?7pKg%h3HD<{%68N4IxNu6r@vPbs
zph8WeU<oWlXX-06I)NKen*g<anm-F2W{rh<=sOf$c7sCdAS_byAd@)aIz|z6kJ1Q|
z+iI_cuPAXb=g|G!&9`QTSVAGyT+wktqLca+OfEt|uvP)tR`%R2HX-f*d-!~9zXmG+
z8C1(yE;N9l=XtqFDcO)eG-W-I)*dy!@*CPak8Uos*CI(*>~zKT9V|5NGglDMf`uL~
zcHoNZyGlMO0vM<fDs?cuYotsa=OHU;L@QQGKisz`rUIsE$cCz$ZZx-?4Nd%7in9D(
zo%`CT&u2M9Xw&!wZZ4Pl5sj)~C3I;iXKT9s$z!02Y1`RB(=)J`THxmV<~Q=tY@BM%
zS<`7ie+y^L-e%55LbTPADeQG}jZHQKF35$C+Bx^wMCh7Dpn3_H?z@;e(=mutLhQ+P
z%eRk7ZohfR<vxd4@+3g?BXF)j&WP+ALb5F*Ah8?{SjYFghDXg;%oz(dL@|tCi#se9
zRGkRgSr&Yud0He~J3Kqg8C&Mc@)}s=wM>6Qic^Py(|(X527U~DfkGedE{2XFD*xdz
z>9ne@-e_Se5iPd}6r@FCC&rT~1FtO@O5BTadwGK&WXdLl4>5C*T7^MJxdK?g9g4J!
zQ^*UQvi-pceid4S&>IV91i+%w_gJR~-|CbtA=Cl48sPa2*kr552Ira#g)}p*aurdi
zkLA%OZczyz(+fnJFZRX!!lu=(_0Si41hc$Mgp2H>QwI2R08pj`q`t=pjmvjo(jylJ
zUhV{V^Rc>>E49}N3O&231>}Gd?jWAVefwhhq(~WM{vtc8qXVh$tJTej%K$CH2A)$w
zWXyheMGbp1k@H?9Fzi)_`L7!vAZD(&P-+1R>D8+rHxA#%^$7keh)r;;dv>4n^2Ge`
zV-LGPVq{{|>44w(4|K^tG1#v&&iL1SwCrK~wH~hEux@>+TrPFDMe0lO)Z<fk&ZoX+
zoknisqD6t<2?ljX?4b;22zz?A_M_W<Zo5;xjoQ3>m@U=&(-S)xcPcPfl#G4FWlAac
zoq-L_feePIT_pBQbZ50Q!N9t1FIS)EsT3i7iMFJ%YyA!i(!w&=C|F1;y1;xA&<e?E
zkCx3F@}D{3gb==b7o2R$DC#nhIZuNvIoO_tw3!{aHU-FE^)w80z71oPf-N1W(!9<z
zRWTH#pc4zBhk|``dpq?vw#$>%IH2qDk>FrX+nq-Y#=F^V!0K@9`SFr~7?AyQD}46a
z=Vb_ljbU$e@Xv32m{$eV%SN9}pPpK+?H1tD2af4H3|a#rH%PKm1OAd^u?;Cqed^N6
zp#(jtMI;Cw!M#lJ9^p=OYla#d3j95tPU@U>s1$Iu>rbZ>D0p7_P5c%d_TSVa6HI-l
zhbAP||G39yBV=*TlVrxDI~G+cff<z)-Yn-0<B$0lO2CJH&8<EAEEQOb3=;BzWD!#y
zABw=MTQb?@G1CG~zhE#_kX!&&cA3!0y2oyWU~yPKkqT?&TqbZa5l*G4&yi;wI8Sbk
zVkpaN_0hNSOAzgE`g@Rgx{H%^8jL^O-oV`76U7`!MH=a~FXvw|9ciALj6;OB)3TPW
zpEzL`z7fMz_C0onvlJ547cw&<Vo+U3i$%dTNCNn%!MD16QVvUHrnHNJQS`q~&BQj#
zm4Rjt4Y1&5Vo4v&1D@Nm;78lz)ON8o<$RuYB>G-z@xk_FQx%V<D)!j{i21=kuPCuh
zb&Ah+ZX&lsV{(4&_vsFRA{lE`<(0e)=FP)s7nUe>S7caWYGoxpAaa<e06RKf&c8^w
zuZuJlpuluR4%9|4gZn~pl{f&*!~Wu;rNJ_gU<e?YT&@8j`^Zc@Isrvs`;0fQP3O^q
zr3Xv*j7l9ZxDm^eFi`QW6krgEJF!M*xC;5E<SkNqs1USZDCc$RVp@ZQ))iPG%8lsd
z<cbLz@bYBbi8U=uiE|CKPmC}pC7R2kPGB(OhC4~s!2kB<8{&uxzOO>}s`os%JUdhl
zqsf$xTWsdIl~hE+7>@pL7M6C*u_yQU2z}#4ydqbR*qelLn90=ME+MQQ<&YQmQWXYK
zu3+J84}6}3w<*uDs+q^(njn?wCfbK+zV_F}#*wbQP^3I4jL==;GhBp;cUfc@wQRqZ
z_jE0gophB34*CKQy3htxH2JqeWIVCg9NvFDP$&*SKB1Mtak9-WV>U2>wBP8{5!{<_
z(t30pwz_qI8T{8hgMZ}(k9fC&lWY&pizn_+?~_x1`MvOK%`QxrFY>5geOGs#WkC5|
zSNNA)S-;k#!;8;}{`On<7cH^B{hplr%kI=)Yo@iE*#+u;BY2W8&z1sw*fxwA<mPsd
z)pBi97ExOt9qQ7JIFMB<)28*z2M?Q^=LOg)Z{T0V+K$OLy+b2*0{esMfP=ez^81!a
z03RZB#2GOcZ|1^dEnTVpYR^v?hZ;8}DnWdz^r0kpHM&^HYR<xlXP1qSGQ<HZM68R8
zwk*TJzL0v~ZI=et`0m6|9ds%H@`N<}?TKNP#+wTuHd7*AB;4dOay^5TKd&!7PTtg0
z?=|Oj!NiS_h3z!vnSBji_Inq(ba6Ja!e@(-S^eT{L`}i+{GH@h*stWWxE7caYBDX0
zD+U0;x12v1YIgBxS%S&b)Nph2{5T=~zI~%93>pDkkS)P}Jon$~U=aUurSZsGl0>7^
z>BJd%VdFTy2|}3_rss7pc`6=~wfDEY_&CAzOY#;1l*_tb&dU<kw%H4{NO_*~Xi0GJ
z)waUOz_e>mccTv>V~eQb%;~uLvLHxqr{G7)6%6FDpRMT`qPP*BE`WiDMr8<7&KKUY
zQ=17H@G8jtxh++%8Y_Z91#x@awi~1qHb66eH{~nQ9=HErNCtqOA|n2m_J86mH;6l@
zAe_nR71N3WWt=M2mD4Osd*_gKhirpCS&77ZE>Oj1*q1IE^1%dko#=T%5}n47OVAsi
zKm~%Ma;gj}=M+N$^!-L8MBN)9ngS&GgX!}X|5>G7afg+J9B$nQF<UBiXD@!fx>h8A
z5Dng=MGH8kVwQ@WP0mfI(}`sS&YAcVwjpD=B2SPq_pvL*nTiLusrT4qWp5{*LV8~@
z#z)MnQGsC=JX)gjN*W39d*&$|Rw{1m?V*ID+lyuJf^+LIEEZX!)*=RpVyz1DNut0M
zm!rx}#I87ORKLCbcE)0_&VIZll!AO%40{cMCq8Vbk{=WYo17b@c3HBhLVq}AukU_;
z|K{)X|1IcmkN=YkaQgiX-0%}eh+S5s-U(^G`}#Pl*RX3jRi=H*>aSS&$=@5q12pGv
zblJgfU3`K|4+nmQ?rRyo5M-qYwU@mHP>!is+-;<r`~YU>s#DfNrs4%TTAyM%d#z=a
zVGa4q+p{UFxD8T4F$8fso%Fo^32yeKD4Wy$jcwg1Xt;WNa{RWjCOa^3bE(AxPm*5C
z{`sE%YD||$ZWS)gA9Qz-7LM#y_tOSSL2WXNSB>!Q_uV!}H3ci`xG&$e@L!kjHkeJ{
zVyh0<MUGO_WJa0Z)2>!3XQ?TP@6H86ViS`~<(XyjU1XG<#G41O;#%_rBB3c+j9^sB
z)M<XPhH5<kW%67N)egBw(-ZI9L0V-F`e28jVW052s096Lu_zL*fe~!&vDaF>arIWg
z89P89ccza6T=BF(!$wfc)z=HHR}6ioW+*~vqdgeQh7NjGEXAMdg+TeqXmoTK#m6V3
z{e#27;mKfhd_0=Zjz)(^vuMswM*G9r@$e)b9UYE%d@?)~vxDQe^JqVcP6nfswo^}4
zN`ZnZ>FElkXmV4jWtTv`R>t8+YLz9z@}EDc8CADJYFo}8S;{<5sQany{a&WhEbV?B
zo(z0}tmblNR1DWu+|4j~akaA9Gp2lE^=ptQKRUC!#LBK`zEW>!+y~<Pq-NgAPn$6u
zx3MfJWD0~-+jzI64Mjm;X6fCzEGP?+!AERUlyGG5wGJ8EtakWZH&^kn(l@Mm=m1p8
z%pwR&Xje}bDy`xA)UP?ZEFcw<Wl2ahdDEcKczzpH>k#6AyHp^=mTy`O)s|_{cg1`z
zG&AyNuS1KLkO;%g0P18x*li>v<g>&CUXUro_>2!_$ddQf7dfWu{8J$cfkOnf?E^nj
z2eNF4mo^OXZ}!I<`Lj0z;NJDA<Sbrk&gM{)GPtH8)pfKKJ?A_Ivp5*Mb=uKtiV%A*
zyBdAN4%_dr;|?1hcG&)~!;bblY&bgZu+iaRhaC=w9X1?{_B+&mG&nf!0O$@o8NRh&
zkM>XYJ8XY+e01D_9EFGFjF9GMJmV2;qPFc>PL1$iiCoLb)DjnL$Z*^3v@`p9V`-9g
zpP=>k=r*ChG5*FWyX=*y#ZsgY5?{3;^O-908g8KK#ea?)+(?j9anVL@KET6+)DC+G
zb3WMT9g_K#csVZE*>s%Q@8S`{<7q(pu{=}$hc1g#GyYQ{^!k5eh{NgW>1p^`t1S34
zkHWv~b_)KK(JK6EiC-E2kE#HTqX|+Y)F<wBPD_!j*xBWzK80@Ao(*Cq9EoXOzi<D!
zX*wM{iB2A69gA?sqS>*?{bxIX?XR1^Y+8xLqh;(MA8vKq$&`J{M0(|rS9-<s&=eee
zZ88&u(d?F$EMGDjf?-{I^6xdw8KE*{l;0j5KJV;SzOxQ(=gCT@Ncf{(g*5ndg*Q)G
z{;Bksxv8|MMZZtAvP_;RjHMD}0`GYkb@>=voLzH>&ZRlH*xa&f<y8&TGbI3@dA#wr
zS)ykB6_;sW;4x`x)s1xAr#simL6Ooz89UAwA`5*qy)|DYu4>wb(zd~&k;kwoHQM1C
zQIDE4WAh5{0H?{7k%0ZAW`L4|6lmodLAmy%*Ya>G%2N|*o>i_sZ=^=W=Wt*uy{`pK
z74n<Gc_<SnJcW$*-GVytU5cLEtRHW`efhEyIsZ~}VP7&8f3bYqm!K{^^6Gjaa+++4
z0TS*%EwY58NI7Qz>(9dqN!>l5f7zsvYS+Qk!prD`=5wBM7IU+lDXwD*Xec4<u?4lU
zx2yz(RM_0-XN8Lw*52~Q@U%C%CI&}~0Qc>!+>Mr8=cb=)A@CT{57cPS$XG;NLyEg{
zc$9hkpW~+vOoFs0fM0ws`t0559D%6EcU0Vd*xs`Jy%8mqk1SRed0+9B?7(=_QeKhN
zi?fx82<$?p+gipYdYNpKjpW{1#5{s`#8~zL%!x9^R|8T+p;Ts{6_?HuI5r5;hrZ(`
zHzWI#U9-vsy*cLR>q`btBYXYf;`U8Ya=g4+D|~}{8W~k#FA>0BHuIvFU#j@ve}zu|
z&5mDf?i)3+2fiM1Gh0x_u)-Q3x+P~|hipI7*dpC?SXR4~xNltSo0KjLmi<v3CVGor
zhh^ND2c^mTYQ~L>FnKyDXa1`ezz97_=jv~K0SL?50yN={5mdodPw}<LQ-bq6H6Z~}
zJ&gS?R{ZiR_n>$Xk8%-X9Mzb8g-%#``)e%H^;ftdz;sR-0MP4J<;zO(fLyLbhmtI$
z!a0%B3GW36*H*k~t)E)$ru8mYyn#UOKcq&(2jKHHj|6&_KGg!e0k$+avvOsZe4)xV
zLF-?%-(I-Wp4n?epB@my_Vm;4loRY!rcy$t{RCEy9k!p{J>zo6xiA0ob{-I7%dR;s
z@}<&L*KkW42u18}Y5BLgzwDHM->#tCX_!U{6*miQtvf!y<IlYA-`X~>3^-2QiS=*r
zqSUa!|9B=LRovg`g914B5Xou}hj`Vfa++FM$mv5V7f4NE<~c;CXUfA2o$c|#=-{C3
zQZ;f-h3@Pc5e&=WuRDyJFzG85Bi;)*P8^8R_yRL;K|{Vz_~L6`(wJ@%-&1yaf<(zf
zGA-s*j+)9}vB~uQh$&r3e1e72@KVt=@f$%*viqZ&#|~w8hqR(JDr!DaBVMF;sd`AM
zyf>4v+4MxQYxC9e)^{@djP1{$a_8jS<?P9X&^KG-3a6nVaw^I|#URARYg{pYgq-Oi
zT!~ZVOb9LpS|99NO59%F1l&J*!z+Ra?M?<536{HYXjrsmo(xJ%Ddp}~L^~L41206N
z3hGr>`&BSDj)>wa4rlj4Fkp~-gQOkue#{k#0(KZ$u?o%DB&Ur-;ASq{ZNw9w8ymjS
zALlT@*nfkT-aYH`rtVkZ&s2-CJTaT`7MOq(x<a;+kP6^`RVK$pm3pplS7HWJFlfrf
zGFf9euR?>L4`pknIosQkjDIF5Mv*DV+Usj!?*#&z3$(G4nJ=}AK}o1741{bfo`4-{
z5hDJ=tcNW6<b^=9&{A1iS}EG1$W`T4I4yG3^_I@CZ}}X2kA*$Zyr2uwsfF#8hEjHR
zipBgw9D>U0WKCXKJe_N*yK+!#X?urvo_E7QiwI)j;lbKb*-4@E%C$=Xu|B&(euhl8
zWujyciD#KsnU;1MWVnFL_r1E#q4LI2ZV$*&3ASmtE4P!hF?%6_f>&+qc@|1)1wg@6
z^o@P=aurZJNwzFlx3o$&!{SY*amc3`*t~1ccKP3STlj44!yznx85YIf3eBa?_NWV;
zQytv#2I}y&8`K5%2>&AnhBWVC1TY2?hl}@tde?UBJx^pT^K}`8B2%A$+fm><Y7`VJ
z9lSlPYz^`*@K#PgfEIxZ#A_`UT*ryMNYGR$wY?RjOGwLe@us8@<SwPu+Kw`i77>@R
z4d*14Ne5G4rC?z!G~_P-NzJ_QKwhFH;0gL=bzIggVP%1?S*jfR1s-G-!n?!gC&zOS
zvQibjve3RsXhdAeIF*Z~k1fIkb}@%scmj$m&Q+oFC0nU9Us7_%b(-@>NayH*?qWap
z#iRRy>w4c(vHO#nnf{)04(Z|u1l;{PX6*qRup#@W{sH?Zilee)|3KXHkNy`+9V-1i
zF{TjuTFgVHc!AZ%!>!$uDrj&g(|GL59RY~oD}@I0uB?9PR?ZT`ueftSr?kzxrtA}L
z_l*gVa+F4zaU+fnm`EdKFM{dCm3O@*wxxP4hweZS9H_BY^_{?b2b+xp1Og+%o#n!-
zCWVW~Tyu8*@dh=$r5!6A2vf1;uMFJLehWJtG59Q;rx@-W2<gE9lWD;8{^Btv*{K8K
z+#<An>^2#i%2QaTIH09-at)M)YEtu-@UB&ou)xxc5Hl5<+G7s*Bj2^+8E6|_qCE@D
zo|8{SK2@>V90Xx^VJ<-eUvP$^*u&B<YST07Y2T=20NgD-xky3W&T!yG;XM{M?xNQe
zeXP4s#RvPxCt^0--{(iOc)tI3emICvjt^#sZ)eA&`P;*I5c82ZKAFXb2Zyu$XmGec
z-;WNC-_8%;?$1VnvT?(S>Pa`MKpc4{9e6ky=kOFJ1h1aN(1Qaicp1o>*$50T^p#ig
zxE^CR48w>+Zyn!1OE?}?@3rIRtm4z!Ps|4spF<Ii8}GX`!JMP`^Tnfx3KzAG|8-fe
zGL@*s8bt5vg>HG}njsF1IyaQ}uxif(A*spG$JpJ8>GCXd@nvBQFz|GU0W%q7po>&$
zat$t9RgyT0xDGea{;X_Xy;RtWKi=Gl2TSepI<L&v{ZY*z)&ChYT)Qsz%zjP{&!w3|
zF559XS07dG7?5yxs93n1SetHX)b6kHK|^Q|>5!^e^!LEejaCE(us_t7s5*)=V+Q#S
z>X`pBue!f_PTTzI8a?aShLc?7%msBceC}alEa7puNbl>AUgp3?<LvClhVAkFXs~`h
zk3{qRM5XSVp*`u_xd|xn?Iaje6`xC^3s4QdE8+zt`^At0*Q?&3BKVRh+5pG5+Ih>A
ztfWP{AA5kNUl$)YOo3N24QjadGod4q=2UzQ-e(8|aU~)J8lauua!p7Fz5}#XEB^R7
z4T`E#N*3qzWhJ$*)iz`B6#MEVCYhdAzf_Q}6rSCRG-ZNb@mR2;9LWt)8-7^JX^?5D
zw0(9kV`UJ8yK&*VrjXdFAw@#qHzoAS<$hjh9toBSEma)AMP7`Z*WSjU=Lg$y3jN59
zxr%*dA0zw3>=TfS1>%dp-Ox{NUt+El%c;q9fkB&&FA9GvAFrn<xb6B0{Ck@{e0S<!
zI{H50>f1yOdtpNwFj!cuMCi`z4gG$GKf8I(%?A{ajt&p^N813G>}Df)(+nF62U(H&
zTB-cKuPaz#;&hRonvW{IhEnYH51)<D4!7Xv3eNa@#4~gol_KCkVy&`}-#NX!+%`uS
zHnQQmT1%dXeeo1Qta(rh9K&==H5m#5sK@NMTs~!GU8R}J{ne{%Q{QA`M088U)9TYS
znJ^Dt>8)Ico%&RC`@_-xK`2`&lUGeCK4&~n$=ekxEx@ZH)AD@`WBF;%A`}a=p7Vu}
zuUKqcd&I1LFgiG_Bw%?$Q;qb+3nVd>7wCDBxw^p<D9`$w;LMz(<egY&Txuw+hB5~}
zvQ;_Ut5?xm`S$XrREZY(Qlz=70Zi)ZYF3~?hv3W|(olKS5}P1OCs4=QE#QJ@nB0u^
z2>`;Y>9r9+i1NtPlmm_Gffv$xM<qpFP0_3@Cr-oel7_88AOZ-lr5K~i5GHDTupMsg
zK$n65PN$PMrH#Ik(`Z7>g}Ry0YEo0mhZs^4HRI3<-2&c&4FyXWrz-6R5NjpJD_fKj
zW;B#jA`@EGM;)F#dx|#Z_G@pkXE&8&B440&DiuQIT5VA{RiN*za@saPUE5TS;Sl#(
z0HOE|kM0ECp0svu*OmNMu!fWXc0h^0^mUab0#fF24fTY%DZA9v!&<PY&>BmQExC^I
zOy-IOu>YwS9>_8fBW$xJ<i4pU@yYSv?OrTRR2U;w`b7`-kB7%^M~4ST;Wk#9efai*
zo%5V$2~P$4ZiLptpaK$}AVdqQF;gXCb078UhD`hq+7ee<$So5KACz-R)%{hGH>?91
zRF^Jl(#1rVp+uP=XF}&C`daiBJ=WeIm^NJ%vE+%bPW6{y>~}o6Q}cOg`T)4OUN>Ar
z&4|bp3d~xjW6ot_x$e#J0c0ZrSNxIW3V;CNM`5j_8ASOI6JsdIf+}BQ?PNpMd$A4<
zXyEbfe4PpHD(Af+q=th5p=4oU2+^fTulQpXt?wNtlL_4=7=)eeNNBkjtvLkUaJ2Z^
zi%e4<%zL4oeHaRCVFnIYe#}0v7;OJqg(d1-wLeI01o`qI%e|XJd+6y}PU74S*+}7O
zz@WM3@9v}wS%(_{?t=}1{J+~VqMSsT<laSqtjds@nkFO-%05B<G0eZ~)Ls2BII0Br
zq`SF~ra1~Yfz7~|Dzc8iJ`ALOnZ6{rg}pY-_ut<_Ov@8|$j)&s-RgU@5#Q3Rn0f)k
z=13Q|bBxNiD3yv@e_fA6FEa&W#l0ZpNjzp)ky5d_OydAtedh$5Iow1+ltZ0Wd1=&4
zjaGUy#H75je_;$uZHUHL7WleQnQ8E4gx{MLLQgnsl)513PJ*6KGSL8v&icvQeMBeA
zw3;{J10SA6XhQ{9VuSz)rO=hI0Umd*eDDe{mC1L2`TR7G21lS{Ddf2F_<>%aOb8K3
zA)hDPGuc{}Am)imE1C&<OhG!5lspuLhoDYYWd!g^==fq3KEGWoGLgn2jb!NmGRY}Q
zf(l@B@6yH-EqJ^Jk%J281Rh7a^f*e~1GQEK`>6<s3kh>d#PC-3xpiv#SP$x6a_~Os
zgj4)H2^h;*r2?9L1^3n>TWB5&bmo581Xd=hv)m0idwiu|h$W-7>UInHwRsmhl}=I*
zh@j$Zc2<EK>SxI0UM^~f3@u6ds0Z?`MyFMohkAox7_7;1FJr+t=@ltvx=4K)%1yP0
zsY+=ERgaY$92g3%eu6Y(<I2yzRtXjW8XOD;weOWW%jM5q$`n@rop~1wI#Y%0BGQmr
z!Zb9Oxmaz$XD|kcnN~iHbl%W_LD1QlsIsL|0HxGaJOQP-5kZOgGpJNd?bN!wIck0f
z-9r9~P6xYd)O?z!Qj%)80e91!)%+6wD#aNJfp(=($?`X-MS~wmDNvzyxuQ;G5IB0&
zTs@kcJ$7>UC}fwQmzb4_arS$|ApW7|*)b3UA>y~g<D<j<gM;Bb7V&{Nj^f$i?a}Ob
zCXV?2ERJIlAM#Ng4+kg15g#4ThV$r1#BUF0CFEw`j_18Qwi2ptqUd=cqH3k^2G6ZV
znE>b$hUF&H@-84N#-eTJqTK<7R--5FMvNu$UZld9sa7-5EKRv4P&ict4^KF7=`&S+
z8}x>wf8HvowA|k0v3v#t-{!YLf%tZ+@9T8{P!Wytw-S5(ipF{sn8C=0@|9nVR~zm=
zbtfV>EF<{U$ek!F#%wqk3|5t&S7HSRcsLjxTm@eozRf_IVH_P?Nu2#$+as{`#&Ms2
zn=9wVSB)5nxBJ6=F*}a<{ODjd7#t1bw=o}x`7Gw~;oImaIyf56k0L%iJ{%n%oxD95
z&E_KJgX6bH(a~>k)p!d1s&|ct`YT>G9_C+t+teVv;JSIiQFDX*UvbvlR;XLC!jc4)
zd@@2~wXy8JRGiyCLT+{=4OigQk#2e?s(DqMLdreqkoZD}s6xKL8>*0hy(<)Pxu`Ap
z#ePsVD1Uc?`XA;5)#P_u;F+yv%44Nwe`jx10`zxR)xW!{?&fVr8|FDzyYlX;IlfUT
zoZsH_?WV@?)Nj}FvGKR-7VogYziT)c48vc^y({>6UiqzwATM*@dbSd2IghYb<WmW}
zcJm1PJoy`S2RjT+<YI0mFHrfgLc8kFzQSxtbttdx7$k4M%t43Z2pcVVy1*JRV7iub
zUwOQ80xYV584)=MqgH~MV%Bx(pg~=uxda{W*Z$Xy@}8It9rR}%CLVk2tE<u3UGc2{
zl~gW9eAdaBwfoKIE2#Wl-%j-DNekw7>sR&4@zvI`XllBU>EqVMd1AUef=eOHoDfwm
z3;b=V0)~~bE`yX{U9v@1Tqrh7f8YcZyiZ;^OI3nGNZmX!Ap=|)ckijeYl%bA*pG=F
zF~x00IlkR?cbjs>A1MhwrGHgLo)tO%My?7nXA6-VidrQe#x}U(k2msXaW%6y$rj)x
z7i|UqBI^?r0AMPx-a!L1W`_Z+n;gQ$aRx#+ZK1u5M$)hu`1V*f8?v@1axS8E<Pt3!
z=<wvGvq(La1g%fmZxglfJwy^;adTH=NOHLfSV&UZ2S3EZ<m9d${CY2REF;I=g3akt
zT4B2a`_-S@)UZANp?!Y+X*#_)Z+F@k*Vmt}+duy2D{32ybluz?(fN|8*g^>0g!(~u
zY8znsWCz*?RL#*XOXK<9YiLG%s20Hm=Im)4HOgvE3rjWrXeW_t$CC?-K&v8TQ1-CY
z?E|}0^_C6UWS->U+=Jds-iTRF!}gac<MtVbL??i8XcK}?S3Ij!46}zfQ46XlTu1X(
z7jWr=<;~gIw39ceHUt$TUb)JZbV?p1<lgX!Bru7KE308dGWUgWDX1CiC*+mXN;t-u
z!+j%b5}<j}yyo`V`s3-<WhI#`ks_}s`MYGP;z<(7>rF?D!7CCaMJ%xRg{gfMk57Co
zk9qsqa~}99IP}`NF!^9Gs$@*6!%WnoPkA!>c6Gb<hm7~BZw+*HmUKRQ-e02KVeU6b
z@yS>4Q*bn^ZNm>?2X}3RUY2z_hM(NUWe>i^i)@qqDgcJ5alQbnRsGN<{%cr;TDwy$
zXs5U8!wcShdwlrz?NNLXb&r?JMGfO87T11F<1uTG2BZD%aL^sRy&dh358sXt-*yMb
z<H4X!wI8m0MhquO_^M1n>GRiLBOQOWjOEw6dy^|IzP{<TT+3765Y4siNXHKTYjpR2
z!*0QmPO%3rbN9Sr{iswtl!L0YEDz>?M9#0*+Ni)~+Fv~uXV55!`azk8{Dk1PV3RDT
z{8~kViQUbe%vdV&ITo@h9ihv5E-D3PHB)hG&leQjrI=t@)yG|fGNo#~tvz3-gQqcg
zBC>C%*H|f-T`4Wpz0e)>Jfu;|{BX`(7>v@|tBu2b1+2iWDO3pCrMAtYC3-!ceY7%4
zUSz!%U9KP1nMzZjgCpFvrJJ{a$c(SXn-!TSQ%26r3=<N-c&-R?O?2Lx!rfgPUXZq<
z^`X8dZZfJ`mMP5LS5fz1dXzk<c!6XBp`SQ=r(~>IvLoLR<=Jbf3Ev(bg6o)bxeNSm
zAj=liOopWA+HONskwP6j__s`Bc`xIFC!|oALwc^$t4gY+sZxoBHdV2OM_fyLIOxIu
z^-t&ms13W~<_@{oziL!_?P95c(LrUHqhED)N443_<H2A&?hgkCwb>p0nzK79XEz)T
z!f}}0K*r|;B0fT<Y*i$=gzW`TgDT#(Atp-4T{TtlWNHVh%JOtqg<_1%?hk7Ee;Mn#
zq{F&wIOq*&(JS9p^+mEDRK66tHq6mZ!vOJzumC56Ed#whsw$yYbjD_dHaV^gTtsl@
zz)k|!noqjrYH_jC>BP(Sr-@Mvv&T^sLay#a%4P**ZH}luglk^8_eTR1z8&Dx=>!U3
zzOx7+&VOk}`A>z=QW&T=Y9J`|Nz@5Qbpj2j6Vh7DWs(4}4&6Luk)~2@C@I{HdKH=T
z)DH;y<opkMTL|!P(;INd^z-JK>{@iXFt^|#39G8vm*zoB*!2EH`O0u)HFM){hR{`M
z7x4rSQ&3;|6vUO&>7>OoX|Gd2w#2krFhRVVzVBj6bD4El-2ABv(nCvTSKRywfHhQ|
z-3#2uEz+q<ZSz8C9t(SsnATn(0PQt2@P+N{pqDbeyHpWR!jy=W5B63G3Ta7tA}>{R
zM;`r_YM>5)=tjqTw7Xr)1hw6Akl*0Fx^uNzT|v-BpkrqF9{c#>RTBC-z?;xiuMCZR
z?pmmIIeI~fv#`cAW<-gqd!luBQmOAmI<??g^Y!yA73`jY%DW}pz~c}yDPk|=9N_hF
zo|U1$wtd&#gHB9FecXCZ(6YtRe-ma$b<6;-Z-vO{%=v2B&feinEe}=CPdaGlT&z@j
zBl2GBPKd0mw(YEv&kX|}GS5P<0SDik5;!O&ip+cDz+f)MC|_z}mMQ@?2DQXdku@9+
z4%s6c8Ovv<CZW`XnCA>UaF_gEs=^!d>&`u|hogb9TmoOSe`fmw_Q>|ln-+5j+`93{
zb|{CPixBXUmEgMU@4gD2kgv3oRAAKF@Ppbu=c+%{7Q}YMYXepdvHd}7(?M!GYBgFm
z;<mpdYMZb&acjE#L8q2!^|%fza#(JRHep!Rv9-q_zn{-N%(Wnuc89fLJAxX3EXi&5
zy4>n-I;@>>olBl<{BA|oD6jr(FXNZVEv3#K{t1)n&b1Kz)}H+V(nMc}Wk(2QA`Di}
z{MmVSK(KrmZLpnO7S~%J1YjulrO&1Mio}WWa4<SNdgZM#_Caawg>kHDi~{JZAI9S!
z8=4=LjqRB4e4#fNZssF{n<k7E^M8IP)7XlOD6S`?k3ue%=h8%$FWIQpemP>PZ7@?B
z)4xK(LDJeGpRgHL0suadqgmPVmGSs`nD(YlAib4cZoBVk=VGl6_{FOi_6Me2ExGE-
zd$?q>Sb)FRN{(UnO;!AXmtfZd6$5PQdf1=cug<B=-`}^&DXgp<PnsZ1o&|L>eRi_4
zq;{!J5q2x!W4-6iHmEB})Z&vnObM7$)~Z0k%W^XI`vP<#*r><EVqEEF|6-)$9J8N{
zN-MK9L`@l$pymvf=qyn@ZY64Q1AksBzLg7E@kJu;!D|8>o^rP2W+~G}3%`U62%O3r
zs=o)<x&8NRUnPZIz47PChgHMMs5wKwh%&TGq&b9!?v-H2o}sWf+z9duFH<ykAMCEH
zxxE_^7>OP77LEfluF-AfcvYequzIA8Vu|4QE*1kA4p?`mNHe__o(PiiiRW$DjE%z_
z{eoeRUNQ_l@T84#FNi8~ihO<9=;g@Q7Q_ueZK{t<1)SeaK0v`^SGJi1w=~j%8#LvC
z><EoN+<fYPxc(IS8=~$3GEb=31eAU^`EYwS-8%BoOGZ9=$;d~wkp<X>Kk!^U@cM;n
z7=C37{ERjox{EC6n~$frD4)|ZfFa1P1<Ex5F320cVR#}>0MBEV=B)6APlc7axdw@s
z^pCK9rUnW0$d2jAwOlNO2DYO%52)~g<|%vsp$#4G@bH&g1TgU-qC-<xC6;Dfd-$os
zbZs!a=Gls8Bql!MjeUVV#!wRTpw+t1MK-SPgzx@vdHRvv7EpEc!l}Mre|LK^eFO2W
z3zva-CUXA9*Sl%$5lhr{dS3KqQ!MAn9iAzvV`iD0HM8JYEbJX-K;U=$R1O1g75q*a
zM!_0k?@POUuCQYOvDDa4rltd1lWg>?J?z2%F=qc~gznj{IXpTq7zTv&M)-sN=zvDB
z|7^EV;Z+U*V4y#{;^q!FG0(C@3RglXXj2<wba>cv|3Bm}U4en>WyoKho&~HGtgrp;
zO>L~lvHw5D*5ly+aNsDgYIxhqDL&PpYs(TD$vjzCigT2@Vz@Ur*eJ*VVL3NUJ3|>x
z<Br=Lu7(A1GfpA~o)Dm6@Ks=|=4srrZ&(@|e_^1R%RhHKP$FC0E@fIgdWOm5Ji2pt
zL<>^BCu=m5tl=)Q=we3j1SiQYUL7}GXj+>g;ku&LwiwU^BW_tBj8AnL2*6(m#|-9;
zc;$-TrOYx4xsy$$1}LSq(eh^sQcZBnq(oZe!mV+K$$4NJ3W$eBI137|-_Sx-uar*I
zCnhj<9B{+LJER(eeDC008&yOum=F~?=Ft+a5${yygVvO0vvq6F=>?IAE^^gHT){Q7
zOQ7ZnU-Upf^%2myMr=^i@ymAa(cgFP-*@kS@$Nl(YWI@IiYwktr7?T0Rhe2O6!OYI
z@XapI>Rg@hVdWz>;|WhAD=pYR-@#v^9Ip)f_R36BVY#0#4=&#ks~Ib*4N*qiww$|Q
zmuHf~T~PumlLXZCs61IHE%W8d$vr9g6JhqD5a*z+Jx(NUk%X0y;T^K&Xr9JuWfu-5
zI%wm2kLkO|VP)k38Xirw783lb=5-{%Y9UrC_W~a>eK4>|dEQ~M(H*v2&$LAB(B^Ev
zmD7$Q;e55rp<Om6|Fv8`d#`}E>AmFa59d<=becizOi+p)tux~?0OED5V37(VY_~TZ
zcTQga;e5*8P2U5cOsj?F&f9<vq22n0uhbA+2(gy;LccOhaGk7OPAUY%^W~ck92sHq
zu9(lQZ1UQUPU8Yu?bsC(sMIl-C?7*C2uU^)OaF)M%L#gl#zvn@lR=rJsH~&@KzS`D
zQ%7I0^G>E#nC6)&61N5b$eFb=ZXoL!QGYTeNl8;`uyFmMV=(;Kj^yzo5VtO7!yT+|
zPYm-vo<49b*f$WtLFTK{<9n|ZQyF@iIB~xQyMDGVkJ)8#%v+2l$D0KRE|0g|5wO)n
zdau?Dw1nRAdFkWlV6%pqrJU(<$paHl>4!|Ggvv>k3eaTMO^!PR-<2<!EB(MVx%8LG
z$efx5HJ9k!9UxvdFV!wy$j1Sui4~EVFMSp($|+@h?ViAOIxO<P>4xbn()E)VR?`O>
zjsto>LuYgk!kj6UBnn34w12wLo_rk{H|#+qNiP`FosTg)$A2}9J6p2{ti0k#RZhD{
z9_pABpgeAV_qc+VmSChR^e+Dx%1}YwsRby8Z>H}3`SDi$w9J1CC9}|f%Do0g&{%GN
zY#YGAdoNSbT~Jy!ssQ86*F0KEagPCF=tvgsm^v9?T<;_2q7y*(d-<+>Sc3BrH+&|#
z_+Shg&A2l|s8LLFEK<tXNMJXSqug*?j#JkU{ATMWWsu78i&it4c9=aD`4>9c9rsFt
z&r0ximOVCjjgQ@%N}4&l-%6Ilhk7)yH^daW=nxM9vQDl<TCT=sApM@tc;}gG=Z;v1
zXL_Z*6;$wp!JxB0IzBpXdq_7y0#&ftf@dbm`w?9UGnqQ&qr(*Thy`!IO|{CAAt^&-
zQQXgf-}ZQUjAix(uD35*0OJ&Y!Obq`5L&TBuWFGk#me&k_}F3#!(x&9oo`PC4R1%d
z#;I12AiATC2uyE2496La8j0trkH(iX+p`%oIl&O?&^Qo@9N_~snfBO6A&8;6s1HTw
zhc-YHGF4y!M~o`A(;}9X6e#4CZ=FfUSH&%ICevI6mk$^_g;Uj0US02*2!;zf@*T#L
z2fjwtYAS#Q-qrf&g4FsrPG8zPtG|bTb%RkMH>7E0q$l*hlM5}O;=~PXW@V5o%b#2k
zyUV?*2~0a)KqNnX<f-wB1ewdZ5rBmd!oG}={xX3IWuR1U_gW1jj$19CRjoOr8i_a?
zcDRZLcZW=BH8_n~)OO0CRs-a-r)^rF8*)@`O-WfMqpT*P+?cOVKsjnPC!Y+-*qnIs
z|E{Ey4Phy@5c}rTkhOK(h&F4A#oQ56Q-~da`$^3JEeFf)r{{pVK0btw+|Qp$Q`wZF
z5?``kB|YU1sVSS%Qc}K+UGqh55F<=S*>WDIXyx0i@YH2rzN|#fzm$FxUm$2h#o|k)
zeiYWlB{JL3{)-O1DgM`=hrwdLJpJXybQ)7%mMeuk2i7}=mjmLIfYSvP3%q|Qh%}s;
z{{0ZoGKEHX?<*J~*M-UL=Zi=1nyxZVZf;@vg&;}*JtZjdpR3O8xLceQ+?&W)-GXD0
z$*JnC=l5r!fn&C|lC|9|J@)#a5yqFfQf2N*)S8qZI;=~7%{WSIB-50?zIjP>fSTDY
zjg>mq?mC9(0Q@JVCB<+&x?sx^l32~Ll8m@ql~U@Z&<Z#}#SFa^Os_(s@&(?24hITb
z14Lr^NX?_>tj&|84O^w1s#LVWf5{85)Kk=e1B_q*m&|%maLv;^$T^2j49-+a?D@UW
z#-;f$fkIF`Z6iFCT?Q_}-6)maxui@OU1rv4)U^+AS7s*sEtz#!JTqO(<96>(OxJUq
z_|SgPe9lwOVs4f*#dX~9(A#-oE6c^n6}+}V2h^(2s|=?QhzA6%Gibr9M?m}bJa!?3
z*z|KP1io<e12x(st!#I$bhjM3RsOT_olo#GA|PLU>lO>I)xWrw-&u_9U2pH%jTAQZ
zXd07CMXD0#cGH4C!Ske^3cGG@mnoa`dqoE9d$sPBJ$fZ0zO{n&uAuB<c}W}RO7F*_
zNI2BWwLBcCWi3OAH}ERsIWV9&OQJrL_Ahj7L;r$mnMx$8WvQ_J#Qu0K7UFTt+7!YF
zAie+yV4_Qc(n+`gb&aPeYItg#Ew%yIt!hry(ABm{piR_bTn#}$m#ConjT3Ma4%Ql|
zA^;k)1zQPY>@<B9ay3U(C}^C#tJ**O?vLHyt-8O9+3#+9zY{<H@VorSAAXno_`~ng
zAK4GTTa16V_apn=eejx3dA>xApS#Ryj&@jk&cVLJ({-;>^S2+1`@YFzRZ!q6W)*Fh
zA~(2YSQ4RwC*$*6Xwr&s@Nx-4>v*1vRhC0|xUn<G%gBBvC-=a))?scJ;fg<AQ<8|O
z&}St?Q>o6m;*U-TV!mWTe+kBRCLl|Cm^zr%o57CRAXF(JrM|hn^@?aaPzn2sFULSs
z@I+(-_L?5NH#lB7h$~I)r`#}Rk(pczzQVy}jE|X*RHSGFH!Ac$ceWj{K?Z46fjtIQ
zL?%!L;`45JbdLu1blGueJvNX$@>rIoOo2-gF<Yt(s%LW@JGI<n*Q<iN;6R$jz>3-C
zFsG&9vCt(m=JIA-9ydwsv}Y;V8O-=`KL1#(ZV`oVRAw%Z(FbQjX*SqzjIsE&5WevE
zmba1Z-B7DH$fa1%qxe(~MS6AN%EQaS*XSL+?Y->|k4Go_2S;xYj=O_+a3~H=X7kzX
zBsw_WKNiu!AU-@k8OCpq2mJ7GAmY(%Mu}gaNPx&1GBO^Fj)n*P;6NM>PUgphc(Bh0
z2M5Q4cz!rP8jAgBK95JEgQL;G@sJN@VsLnH5Y30fqxmR09LzXEt!HEOin=oUpeJ2W
zoF~Z5jr6Tv>5sYQXTF=u#Z(6@YAeI_qFA|92LR(#FLv&|HD6;rS7S3E%a_3gzw$X1
zq2o97dyr9)9t4*Y+cI>kH1FES##<l&3grQ@E&8i8?^jy50mp3nw_AvOKL^FW@?}++
zFX>m|H{76FWqd(qLW}*a@=LLO`ax#OrmU1tb-Jn&tSJFyJy_wX5|!cks&1=Y>Qmx-
zdNwV!SfvJ*olYT<KmIkPng_=xzF%eN&8n8aC{<usdOwEQ7?Jn)0J=;UUEcM-wwjZN
zZA%^2m^iGSHq5gCK213tTQa!4FjIMRp7JM?d2OVutWbG}td(K=H%&Z0t7S!_9A}%m
z$<_DSR*BP@C{FcC>8Vzb$i&6RxV`i>6uVGaAyb(L*CcAjs$i;l;M$*4pl~YU_73zb
zv2Sh5wpmjIKGnOLWixmqeM~>ON&ll~ZeF(eD|X^Odf0aT`gTh~^;=CjWA`fgV)tB{
z*8`s`b}z{BdhkK|;NUPr?A}Ip*s#~(aD-`?>+yC^g?Md5+_B#>=5Bk`9s5ObcMXwu
zjXB6)5Pi2b{%$u68{lomxizOLe@PtPwn)6)kZgk25RJDb!6J<C*`S++E~vbkLO*`D
zZ_5;n0qw49jhRTqJ%yRddzpxZaMir%&rQ3)%>_DGZo9$YV)$BKT+q`9=;R}k{(tt~
zzrAf6*%#lx{VMP%-5a~tq$OGYxto2iqd2W^6UWDPx8HsC>`fpNlDMV_mZ0pYNzZHl
zK9~VOkOV2ocG9LBo#$+05*!SE4F-dm&!E@>$$d<oif#ezb*b=DfIX20Z*wA|Bw*x@
zktw}p;3jm-LUrq+*|eY_Bo*0m^xHz98WJh5nlOSacu9^Bid2x8CliGlu)rF$cL4ZI
zK`C>Mqbyx2bzw>RJ_Tm6A+C(YsI6EpR_i%Jj2XmgT&OxlZM$fSnhPe(VfyUi;_}V)
zo402dJ7*VfuP;x|uP#n5PtUJ63iJN?>Gj)_7q8FGE#f~h#59X?70_}=M)RD^qRBLe
z!>j%FZ_mh{-|J~(YHVk@G{E0i|G0X4d3yEc$IIdAQyT*8EI|T?vRuZV3X^8&`Nd1v
z0xwQ4U%xpob*II?BwS_xInSr^vzPKaNkWn`H+461cZp?{+m?=>%@Ye14~$z`<Z;QI
zJbv~4F5y{GK2$IE{BEf=<6@p{7rg1~Z#8YLFFehs{pk6{%R=|Dag6Ob0v-t($yizV
z!jmMAPD&4nLC<_K&!S{<Wngd5CJ8r>Pv5fu!Yhj#p%OrGc~h2$h|=8;m`|%%zo<0k
z!L)v>M99sd@MxMIm)c~S@g+6^-X%O_kHdW#Klz$vv&y|3@O5g;w-x4e1|oAulW<Ri
zewPYb*h%D^=VwXft?hJYlQ$TpXuIJdE6@;JbG42J-GT*O(5xasqsm!;H%p1`!h-%p
zNYFM8^oHz)qVwPmP?#e;rU1HOi;mF|i?W^5pXW6Gh@TV%Zq)?@{I__F_+`hWbIvu?
z_s0wHv9unXbDTnKv*+&v?%9@Q25tqZt`3z0rrO-vLEd9!Nt53Wt7kqmb6&38`RYE(
zE4-k0!bAYBxO%tq1pe^wv8;K6kT4P2qV+!xJ3#3&!McVw_X_fhbDlGGJIiO5Go&%i
zs(1zaSVo-v<+$r<&#_vQdi84_cT&{lo+*Dc-<0x5VMb}C-&m1?Bf007j^uA?627gw
z3!oo#K2>u=^}9)Q(wJspMOT<&L><t}YrDhP)S98mSIM{P&bIo9&MYgrv$!2v?(5QG
z_s$bi-gj`ZS_55Y#o-6j<_WWoFHD;^Op`y%Lp@?1*c;2-XtLXtgjs`ko^=J?IXc=O
zRPZ_Gq5v4c2oOLL(9jqw_<7#;{DU18puVH>f9^an#zqgxVnmrHyYa*o0AB&P>G{1q
z2)!%xclCJR-$1HTQ8`mIT~H#%`t|di=Tv31DDB2N%c2UnGjaR+%m0E8ojwlO3pi1y
zG_#U^?cFHN=v&e+%-w=)4vXZi>g<TUokY17xha@oJH75r9bL0rOK;C$e%?hP>*%fb
zjrs-+!H^>1q(XcTX2H4gjR|=GcQo1uYU4@mxA8=vvTIcAlDqK>49Lpn#;r!pd%zO3
zZ3;omXrfSEf5cR`a1$#xuAIekX3P^cn~JzqlW$k#Jk^geJ|m}@iK<jkmGa4$2D#XH
zVgf0_J|SYp(vxw{va=-0T|gAdE6oZY(aE)FGGT&j2J<XqNggk@5#d&LukE6}<!^}F
z05LYePrc+(jw^bR1k;Qs(JwVzG!X0xP#B}LST^R_j112&$ah13Llocsa462fPur$l
z=wa8duIhN(2I<G&P+3Tol4?h;3Nqz)b_9ch&F3^!v6GOrKrNi>S63c|P%i~2i`pcp
zh>;3?+ms?YUX(rtEt)}W(`Zp#10@s5xNJJlqDk>c`NCb4{IgXH<o=)&FW_G{hXT!a
zva07g;HR7);dx`)RW0p@Cw2l~9FHuzmH)nB3+){ki4uM!l|4C|@kD-}b25S8=A4ys
z0b|k8LZ>{2$%{*Q#>5oX15fm|sZI@@D6QCJ<w$sjl<<CsWx2w>$Sj=Af&&n6m5jsz
zwKQim5Ykw;+$U#ag<Pdz{=y>lwQlfep=FuD^fWcfMa)r?x9cTu<g>d-ux&z<A_7F#
z8wvBd+96GjS2v^fko+$AEv2AEUq4--JPB@T9EEZx3aup?(uJ_2<?QGxI=6;1B*T-U
zgZ{2)X}^?X((4}Wx$bFkVuPax8O@V0wklAtXi=ylSjV+F0|aAs%QApiX`I47f)J=p
z6GlNhWC*RM08SOw0c4+I9_FVAdS9p|B2^&bHY3}J`l3CTh9{Vl1n@)UMw7^W?Jn{1
zXvT1&KZnNF4~i<9Ue{OYoaQX?XezNnyG<ShZLQR<Gft9;o#-LsJg=vrK27p$aX;#I
z7VOfs1)<~$<RX9yF^c&!3hFB1m0(z^(&Do*nI}@dL3-(Jwd0BkgMi>3#j)DAa|9eW
zfE49C5>M>aRi+aOg;}9pc(sLECAgOB#lK__`s$zS(@i;wRcDhRAB|PVlfUPu-<_S4
z;pye|*~_!x$@M8bHD!F?FPA?(f6-j}@hGbBEdU{s1Ds|&=K+tk)ktpQ<|V|PLuX6j
z5PDM{sJ8$=SlcXda|D<k`H$Q8F#u-Be@m%y%W4S)ph)N422#CH%vi7wY7Jo^yr+RG
z5N9B(u(}FQNJ#yGpVyee$DMZ@syY=R)~V@02qh&u=sRehB1jP0w@elS_znjLedtX1
zavLA+cMp5;5Q*r%fFo5sZ0ZheB`CLeBA69`03n!&q5>mkluUgB(&!74xlYFZ&4Rpx
zdZyH=AOH(5QG~ku=}I+}#QctB=FJ_GYc?J!gp*E~@wC&__a4D&$foLxEqp3J+EDDB
zbEQIEswN$)kDQ35b-)$!`ufK*t~NrAs0dH_+TVD6{bSLcI=&l4vr0~h`lUex8(zNf
zH<S;lemJ~*VFcD4i{l>>ewU~NV#I_iN>@pKS=vJk^T?EUxiYgn2&;7DGo15!6IDuf
zV`#5FxaUD=Y;=$2#b^^Pc{BF?u7BY6JnRlehr9iQ@xl1$sK0--8}x(G;Ba?zbad1m
z^jLT}KI*e^aL9Utai8vucj@S8Z|`70_xBj>hk@JkkSxssy@rw8ZkF3tZn<CEzK*WG
zzORR(lh~S$b}ckk^}BQ4&^YOSy|7vD!e*6Zv<)+Ic~)9SPTI9I(yp41wwNbYHd^Nt
zsimm>#0hHGzmQzn53$^^6&w*uAFSkw*pQ#Ksb_`TH_;~D(z+#7*K-<NLagdTxFk<^
zW0r2<U`dYdN6gUO6hZwM*|{G%H+Ms3Ze;i2dAXhGg`3rl|3KH!2e0I+M_|#2lFMIf
zzt^46AHzfZYMxE3jC##;;cSfhY9z>rO#wu|1aO1!_(hgAjT<AljkSmXVO*o>X_O@8
zFbgqlWe;?7$Mf?%$`ID^#rYNX{f6qm1n?`tzenA)RrO|-u$hD$mTS|N1_mE2`T|NG
zo12}o5m+NWL5~!WWSiR6PTN)yPe}m_Ka>5j<y*kLCPrAVm*Mv(=ii-ruTPKry9Y;A
zC>eF;xPEoDb9MC!TcKjnZso+xIWXjtO*km&xb<kPz?3a6<eU^HCC`R^UsOHmsE)E!
zU}a>M`y*PEw;VZgh%?rpyfPjs+@MPOp$8)8AqcJ&dtI$F8V?Dut44u`CnI>P9=)iX
zmHOksQ5ewu@zMTKpY8Sz_PagG4o7<<8XkoGFxcw`ETrM?VGtaKgI+fr^#(z29PAw&
z^p4n|RyF-)o-w;(cu=i&KM1>n(eB=EzkApp(7o<xuuJJ)crYG~>3-Pj9rpLf`@tRy
z4%y&vZ#Sgf0qq}By1TdA+dtZ?S9>Q)mEMVJl|he=dn3yB_Kt$E8-_=;cesB*2P|Yq
zd*j}ijk^bIH)Oqo-BEvZ*x%nhWTWsPJnHrL_8F~rGL54V9nm1>^RQI6^}NQ!!66L>
zebyc9j*r;ELGPg7-|N!eX#eQwU^EKC!`;38(dcl@4(Q<Ea1b)eXm@bb?;ZqfbTq!#
z(Nw+`^YJ)(UpiJ6k&+n$>@1<Z!1c+$I)@RrLMhhzqhr!v@9?|wx!3I^R$8o|-%rfq
zui8DIbTjPl{kdT~-0S|i)zR1L?=RTZH{!}wV+XutO{4B{*8L)nxnIx;x6PpQ)s}Nl
zTTb2P_E`2mL+9QR%2h)Dv9Ze4j<}yO^`3Urbpu@2F)dX-c?9FqquZ4p%cS(xn)DxN
zP5MF%Nj;|_sdq0!Qm=owz9H#>Hl&h^xk)TEq1i|dXTW2XCcw5wd^ao-ICb`Bkd@Cx
z&UQj|Q<Se-s9oJeDL5wr36ax$E|ibwJS8+QP97?DS<)0YQ93-oxPsDG_<Sh8soDcd
zyqau%ZbtR%60^NBw>k@PiQJUYEFUq7+l7Aoy?$CG8Q$$`Vg~fJY-FjyzFJCivt(Hv
z{k25S2?5(qvI+uQqGym`dsS;yyYG3iBQ}A<0yzT^TMyc)2jCc#Sd8iZ8jqu$!yg<Z
zQyTKeh?A)hYzdWF9X+-}vj!pSk`8Of-mD$-QsFAA$7_%W#*tKNaK?q`wb>3IX;FF*
zhGcE~eq<C$LdrOj&Kcf<C0Rq0bm2+1sNJx8Ng)7!j5>jTy%S-_x_mKIrK<bXB}Aua
zV;gLRaFWIlg}RTwRJ{P}fGXUgg?+1%^3c8v!O)j;9<pm?WhvR^;i0w#K)6_ujLPVr
z03x6wG=MJ3MU@9YXwBpaGCX1c`f5HdYz-CqlA?{BJ3K$rj@K$llI>w9=nNnqstp2_
zD7PE<Kc&P4U>XT{f=5200t{@$Ip^dljL6f%+caZT@C5yek>fM*WBSy}6WTlsvOoNS
zEmb4xD@FIu6Lk}F!NZ>*(XfqSe#t=NfkbC=L@~i)#-P)5hRTty(N}jF@J$tQR13Oo
z3r}(z6if(KiN=WF0Mu1=qEw$E)ljPzk_G72-UcMLh?2;e*uumtMKq3n!F5yQ!f*6>
z!w9e>${&2MqjX761X+~k_U%rvHwX?`$mr-`9I`=3_Yc|L5e>rK-Vq)32Xx#Y^n=~8
z+X?P4JQxjn!62Z6y~F)(e{V3_4SGkc-|hFhgZ(}mA07=3jz**X-Q8Zef3V*T25i53
z6z=c!M*X8t=>(_y9r{mA&-R;uqPy>JV|UnF3={XZd>IOBT6!wqt!(0PnD;d)+q`dY
z3{`uw-Sc0fA=&W%)q=dH1$kBbpy}b&4TJiVHp5^`{l)sWAn?|+-Z@FUvd;u%JBI^=
z&q?CpKzxSmBZBdnA^MH&Rcd>)txi>&lVx%0cGs{t*>XzwO$cUgc(Jb_VX_}<NMBJx
zqBO_NO)da=lEG}5x0uTf+buOMUCtY4thlyCq^#F(Ui|p#v`QRgvs42N+?X2}%!Rgv
z&xYS$zIk(9d3bSsc``gTvu4D3E;s-5rCf3<GiS_$Qji}kM^y0TpXM9HB+uzA)%hgv
zvMA3@CO1on*g9aT&STQq$!Dn+eCC}W)*eB;ULk)q;vr<;6-4FZ59T80v*?!s5z*S<
zq)JFOQyoCfg<K5+l!&bY9TLVl&Da%`*QNzoy7UB?NTpuRo0-t>S7$<fu@Vy-X~xEJ
zG?~_PaeY|Hn1=-lAyc??!5mYt3|r00d7akdM5DC1Ua7IS+<>YIc@TDw_UZ0m_i(=#
z4h~uWaBwslba%(yV9@K1#-q{hKHDFJ-9dlc-9PG&4t7UJyTQ>xcr*x)Gzj-6Q^?K8
ztfr9{#UE88FUa0oB`-*<sgqYfe27wRXgQs3z6gh#DllEsd7?CNzQhAX(SYC2i2@D|
z0Q6C=BH_6QVZ&%(RA++X1W^9i%XnO+Frz~6(D(UV!G(KiOqFxfGAceeLK;(AncO@v
zwilhL#zn3;6=}RcRlzWez)|-k40$5nBnmgwK4g`SS6}LpteB&#pUKQO5AoJ0t?s5X
z(Tb<MGOha@^4uHMR|kzhu!BZ1+`n(vjNdNCr?#xtbjr|aqcEHuEEk@a^YPE%0-Z50
zpuv>A!&6nxA=3rEy~x;5zAI^lE2hyXxPD>0%He=<zmyu!7v|>X&cGC?Ouq^RhN;{`
zfXBr`GCaR985!|Vq4V~u8wCrwW=3xq5e61OuneE;13dbvM@%Rmd4s|R^i;f#b)jR_
zjTx2A)Er8d%Ghu3Q%N_EHO8cs@Uf!M`x{S)Z=-_yKg>t$@0b!0;#LwV0^!RjA@3lA
zrQS5&k$}dr*xq<TqFlCtB_TpI910Rgql{*<aVo(euIKL|1twxdrIGAWI-#<AF#&NA
zbp_xyAj?_N9Nh?w!kO1jC@Sx|WC;ME#&f(L&zRir;3^s}X5r!F#sJ<4**qHF(j;L1
z26mg)6E5sSP0`Z^df}EYRF7dwYqb6-lpmAi6UtT6!XtwlPh_W^oMgdtf1u1fc<2-)
zL|{3Cx<<q_N(nWcTI7Ly(!`HB>00PS<|K{l$ObO*Xc}1w!>u<PaFRT^I0Hz=tdhj}
z8q=&<LLJgn>h8_CPGku^tpnL!15^?Wd~xF*fZ`!L2rXl9J+D#pG{tRL_)_C34WUgK
zqs7#oW%=b4h&*(rz(9QRcf>yX8|m-u;W`ajkTEKlS(3VWa&86`SB0wF123csbjA~M
zrE_;`Xf>KKs6g_**X#ME+;1#Y%!^}L=pIhG7KGX=I-hgYC2Q_7*oAGH;m~40uiG*T
zpGq@2jwWs(s?{hot3f(pU6=?vNU}=$<l;=F#n%@vFbAUw8m1h5Er^xFnHoenK{dvj
zq98l&>;hj)D#&Q4;x7Rd%m9ZL4C@F?d!>xzuE(;15%?I*wq}MHM|kr{{f(zq3zth3
zFvl5%yoFDD_E#s$>8||YHW+;%CN>(A1)nR}s}Q2CG8S;<eq%^kA2)P+fdyq8`7}em
zv#V6VPL@}gTS_0D=^zZ%q9g}uB|_Nv**wmp6s+s$2a*_KvOi!;H)SMkxi*79_GR<b
zD|n1jOULs_@1XDZ4*mY#p5O15257Vtv{APvh$E>TS&(ttHdG+u)!FEd^Lz^1oNwy8
z2264Qqr;1eP5BY(Nn3J~@>!ItJg|WhlnN41OsSl{G|0FRW`_FYOz8o#__n#lkd<{1
z(YDjhq&bSHg@Iz%EYXZrB5~Df2B5d1yYtxUZVO<sc%(55twMBY;V>F;X-P5nAQyJz
zk|nurOI~74cFAh((C0EQTauytk!^2w;2?#E;ojh=JEr^Hql0k34)%7B#^Znm2i?6e
z?C*_t$45u~asOzqe;Dqw;OOXRaCAVs{b1DFJv!2ryKK(Otj>gJa49X46|~eSN@%u_
z^D0V$cpld9ik*GFjUoGLo5wuC;NL|@{1)zkGFHfG0x4loiv?UpH9RB|$<w^Z!o5vK
zETD728kD9;keopdQKi{pE>PJFt+W9`r>S%_k77g#^f$~y1CFjU*cQ7uxWP+uR{Bqc
zY^#|t^Qn3cB`SKUeD|s*xI9|+iyK&cs*jibz5Umb^~OHWmM9eA25u6iCN2vgaQ1My
z@wy{j2UxqVI2yBH5m=`Olc%*rPv86M;x-}e5Vp=Jm9OrbhRQuy?%}F-_pI`~e06TW
zD-YUwbjr=Pu0Txupd7Jx%|iy>3`GK>TBM<yy7Nls9yM8)KSU!;>yr?v=%GLS{Yt*Z
zvx)Tw0i%XGpCy=dTdwDf<ypjTS&@za#EgY0Zy!;LZA;A$k>jaTaqB=@t#^yfRVje8
zv1{8XG~S!JyN?(TPlXMxCMayz%Fw14SE>6dYpiL?yC=MRn(9fqKPb(0*G#X8r!s|J
zw?BBjN^ezf`b;OeZu<-|n?hCYHHa|7CKy95v?Ix>2xwgL!`9_oJ{|HGX6mlp{5*2<
z>eY(!v26$)Vp7F#lopoU$-zy<0+ugOor|L<Xv}4wm2)1l3!TS7ku&huU{6q&(#miG
z&bcPir-}9xL++=O%k#7I?~ZMA9WSf}C4U^vi(JNx22-PW0x}KKyP1!ehZ*ro`5Z)n
z1x<zJLtdD6C|nJpRh<&R;<S{63E6zoAM79Xw-8=N^MdEiDNRCUkcT0=xFpdmjiGKl
zHA99t-T8)Y*%V^h$KWyxQ`?k878nO=at*Mk4NVR4Y5~}zK#ah7sB}sJdXTV0+w%gR
zA#$v;tRhXrnZ^XqSO`(s$_%2|Q~0slDs_9T&a!t?2B7A)*Hp+vt_{sFXGSdM$;4zj
zMS^Mxl$)z3QKFbSCcEZ%=`h(;PG;o|%Y5{bXXLvdPD{xY@a$O_TL@f>`V-D4F@qqK
znA6Z3sp6jU{R4mbgvOl`@zWo!+KH>V;g48OD_5@cPI%?2B2~vR>H6@0J6%<q!!}fs
z1MEG1d5zNqj{|E71}BB%T1A@0`&Z<oU{&;g&>CONeCYpwCi6JnCL+(GWb&`Z!li2u
z3h5>E&<xQwuS=d7TX;}H8m@g}Vh~$r+N<ZL2ke9UmBuiWavD=z$tvwBV@Pb8h(as4
zr|0(v|9eZbU1QFU5_`;!Q?Tkmsm8O5_U>!^>{EB4t9#BaN*RwF7)vF9C8yq7z%1!d
z8jZBnv+(bmH~E56d5d>!@Ia~cl5J&Pf!>n)I!r}eSIHWz*JWkcp$e}?r$r^ME5xgj
zv|P*F&SmQnvK7!4_45G-?aCRu@r3<=D%9<Bn}^8qOOWNH9UddCJ|oL1mc2(-@E>XM
zAX&|a<Wapy+Cr%x!;|FEeMuU<NgmIiq`{+Pozw1;byT@=XcUXvM9hOJq55u$kXrl%
zJ|s2268t%UKU51#hh6(!-Pfc{s)>?0ct5b0Hb|qz(q*r#S_2wv0aZ(Y(+<#J1#md(
zTKRp-jMIvHZUao-{Zlfp=egVByW8TuYy0myhp6b5m5}oqhj}@I9$r*dF!ad!D0*aN
z96i$Dsa*9>UP}z$$3xlWqulDHOxpaEOY9SM)~$LdKe$azKFVb;<+4uV7J~K20C#La
zGbUyODrUQMUjjnfIFlO#9;{2o+L@(#aYg6(lqGqj0+PyMVpSIsizbQLga(Ua`1{26
zgi%+|WwQm;rOnNvZ2GYli~XAmdH$U-vKjfz-&O>-eCRK8V{6~gs%^c2UXi;EY9F3I
zQ!GYf<4r+kG?~*lUih{oh$cF(8^Qt1SQtTla@LzzA30_i>Vp<1>>x{{Yv2nmw&Cb@
z%Q8W?iWF)_aq{(54_qumLN`>QL<3D2WeuyLHvW`lo;H2yzD1ukc_hoDI7X!HHj<cJ
zkta;2#Ixqkl7VR;J7Vh%4B6CB7TCXA_DHGb!K6I3ZKOCSnVFTP+YdDzsp*vlR`Gro
z0}mYz0QI@*{Z)Ht$#;LVSS|mSP3XoRs#MTG-Z{SwnmbJ5NRSz$Nt8^+^H?Rlk{a}q
zCF=6GD0#)DwD6fJ{D=t59LyYsqqxyvVA1{*m{HZv->AC8_+){x#kL3yGoJikJ}Q!N
zPMMW!GAVLKm&n?#Rob8p-m^5<p14qHVLehQ4ppmo<%$;0A<7h!XLGh)@ewIFlAT#`
zIT1QbCX!QUw3+OS5zFrwOPUN3NoWj}L?6eB`R-dp&&HZPIE!tYq?5)O%<2s*1AWHR
z41}O^0UEKG-&yybHC!>Q4pK4WY{;h^?dS8Hd(KR)e&Ys&%YDk?*|D{XU={<}xm@eu
z?`!8^g{fJ|!D<N)oG`}?)TnE6HB74dN+A!LW-fa6#8VAmS*}vh9@iRB&QNRj%KyUT
zo%Qsz_(KxM(Anj=y>@2R4ZANIlBSkw&^j_ILUtt?D+B=9EZ?}~Qx;`}y-y?cUaDeS
zc3-_ojC<Bt_faHBM@@kaTv#Ph468w^tt4Z?JOdx@fAf*K2vV+yrS*jVUMfSi99Nz&
zPfU3ZUq+V0eOr29gznQs?I}?mc&pfpIny^te4cxJ?2V)(2qTea(P*xf0n0m2Ik{IP
zg|IHGBwZBqn;F|O-41@y@j~_==KL+qXet2KDW2i7H8*#d8d{STDix|IHusRltlXh?
z^U%FkV60=pd@|I@P>EP1Iekwi(Jd2X7KI7Mp6T%VOyqJ3Lbj1xmf7oc%;y;(KPUOr
zhs!FYwM_)GJ7GP`mkK+KStfSmtn&WNM`GuRwp4johus<K%`xe8Ntg7<w>ty!ZO3*_
z`R6HO8ve_ACI|5~F6uKO<}ABp<Fe<$B;#{=sJ52Bc5Kx}ZlWYS)(QcVDZN)dyVQ%S
z@4S-KA^6@-i|sO6_<1aRDfN9^de1BpWf@UxSq0W`WslU#{-|wZ?Fq)Qnje*zcq%!5
zs;9cz-*hqCACpwQI!VQ+)3AT~KF=@{59s2S3D{!n&R8<b8K{e`R#JJ9zzNVcVw5U5
zyRd!8?_bYZdZNjc?Irgg3>wa&<PpaL=&d{y4`RLU=lnq4k>KZHzI;G`#6}?D6&j&T
zAa3?9>d3dHPz?B3y>U3w38?_^OsT7ysHPMp<W0(w*9D~RjOH~jI7@eRSW(dbr*wUZ
z<h6J~<X=IGBZ|S+?Q6O2@CIybhV2WrQbU^5@YdGUYiVwe)uMrJk?ls^*c43K`;aym
zgi4G);$srBoJMis{Hn<RMcuY9$Wy84BqF+HPo?lv?%cX{;2t!&ycm*cByv8<=&Xup
zOW?44ELU6<Y^>6m79%V5;_imEq10iQOZ`~|UbeN+KNj+G!-Zk(7PSE^xy75pfx_&*
z^1TmfHy$&weYcgzoCQ*=A$1iTlqCh(`xJue<WW6J!jd9gM&P#M4ed!`!S!}J6|d(O
zJZG|5lb^-FxIv!Hh1|*@%+4*Ktzstxw7!pB9|U^s`kMfv@#hrlt8}$P#&1~!n!5Y3
zI($j>4W0hj-M)m2_O37QKdbb)y<2?F&TgvrGxc&)_3rMi>~ap9fr?Vv(64^dZ>rE~
zIu;vt>KYy6e?b2JT98c;_+(_z61H54{VU7`aOQ;`0_#*sZN!(7C#l1N$5K5S7>+=Y
zQ3(tt@JSy4C2VLz<!18E5PDZ~wXS~#whmd4h1$ULguKIY{*;USlJoo>NohXScMK3W
z9WUfC%K{3Kv+!j`Uv4^)=MaT2qs+Q<z<AWK1s0Rrc+A87gei1vERC_G$f4HG>#d-u
z+$b+b7CM@MZerWo@{?HMmiWrp&~$&aG|E&+XAC;05{6wx?2d9`vR;uPPKJ|t&T&9n
zVOg5oK$<-{oQ@ojszyIw*M&rX-7u>;&y{k}KEc!kf>{IF9gPJ)He*%H2f6t5$Q_fN
zY@V3FPbhlZuP!jL5J4UnVTvIWK^BcLH1bKm+db&}8(3%@y?4QwS19<nlFZV<D5p~J
z8p4{u2+Froy$rO0589}6Bm*Ffsr((8=TQtd>og$@p{?qfb}J1uPWxQnx`0FoS<V79
zD{8;dWCEFYSSdr0*mxp)f@dMp&=L<oWybT^c01LGA3q$5>w@U1qErG`aq>4$;Bv>x
zJ(|tsVM}A!$m+y&o`?J{*?3Z92K^Dfdy`zLcTK_+?6z#7yBc#VL`ev@z7RKI@=|Mi
z006$}`3I0{8&66%VN}_L0T0xm*}jXw56Ocne0{SiJ6;4du0gTA+qT2oVS!^goGM7n
z;u(Tp1qoRY38|BBV`!6!{ZMq|a7i*`p86Xgg3ft<DO&^?62SAPgE(;-C13}Nc?RpQ
zv#|kSL;U^XxSIZGvq&SbrER2K6agrhiJB+ohEG0*!G*9MZAqV}BF`9|>1clI9<RGy
zB^3#%L@v*n@?D4*WD`35dU!!DudcUj3SO^;1Qm-Um}WfTa}h6egwBWtH&R$6n7e@o
zH!Ob@B@>pJ98SHiohKLLY=o>NWC|wd-?Fk~qTZv>+_uq$6<{^Z7<u|nd7L@TGWc>l
z7cBhOQy){`UIL{{Rl^X@?5d1`HIYMK>05BppQRakui(dcL1J=~o5T(=&EOtwN)xiz
z>yzgTd3sa&*XfJ%tFGd98?WCX(7X^kFA_0SRl(Jl+QA&&q;lOUOb2<omQ$IeEF&-f
z>%}>`9Dv}V!PKy6CnI}J-=C!yEc;%0=^c~3u01752u^<r8Yl{52I&B?Ku*6((v00k
zIKVW>qg#6}D0d0CUsEs~G3Ph)6bA-9Ndg7dEGJAH-6EE47_*@vW4YTOldf3W`i$io
zP{ma>;$h3Wy*kGV>gEL-vn*p_!Nd!=ZxZN|*)72dDM#cyl4?vP_s3k|ya{PeQS0V%
zJcL2jlB)@*mDZ~K#28=mc_yc_1!JP!P{fpHQW9NXzuLBQ)5y&dFwfAUbAA0v`%!5G
zBcEIubSnK!^7{+RI5>FV47M=C6e<``)YQGcekBxh*3ERi0nnpSa-GM=q_nOfOc^@{
z_TosOI*S=^<d%b~2`YD1V!G7EX45y!F(2tjOP;7nin@V^1d7$GT*A@3<{K=YuB@4o
zH&-6IBC6DASR;SGz!<u&3rR{2eMLk}c^nEt6-1Z;p;4ktVY3P4B^2d^#ypw$<kCnJ
zitlrIz7bsZ0}iI_Fx^ioUw`2wm#{l>c43Eo8}>Ej*K&5p6eH$mqLh&wI7btlcJU*d
zQsV3=mk*vH)|#H$8Y`jzq)>-1I45dHl<SNpBBdEia&+afG?lC2^@Y(Puv)~p+7LmW
zRuw`ht#l-xoWHp~JtjjPnz~(jO+v2RC-j4i$u%MSJB5f;o*@{{l+RQWr}}BJ%o!};
zMasZ=pyCf{<#FE}v7ByglnYdwQu$mesZz!#6WF=k*%P0Ta}F*5G?$x&4ocY8`W%zv
zu0nZXxuS?2#T)?Nl&?E{u1vmF&pfE)`8?M+5wd?IOJ!yaDP>0xmM1;btANo|qm-VW
z;iN~(s<bMo7D-*(R(<w-J|2VR{g(nRYD$xY#k$YuY6s3(z@$vCaI7+D8N>s*z-dfo
z6eP;eb2evJ(Ju@=>+fHyeKlsemDsgQ##A6QW<W%rn()kkvi(<$8<%aWK11}Rl&vBx
z$ukA;HVJBpK|!q7rZzSTB4NNR<mKEm7UOw7r*XAg!3`8#?qrL^l-_7exniQ`3bITN
z^>{9iX0p6qlu~p_ZC4&SaqQvNCke7esv9LZDlao6trmQ#kfrba6lH8Or&%Z$_}Rr3
z3$|@oy(qCi#H9gHJFrnfD=jO}h1yWy_73(DJW#v4qv!;ql*32D*f3I-$%ZJK3Et)m
z`g`4?MmzhdR!k7J+Y0f9P;jY`qy7wEtHMT$-qSwwYNyB5dUbJji3u)*RE=D~B2WZu
zniK6dg#t~PO&de9Rz?7Xs#n4OgMzx^rmU5weHc5NXFNvZrfP@f5e06OwYy=W3%PI4
z>U3%sXfV9!$3<_Lg3mU7PZb%9bH|6a`KmVokjcKaY`e<@ev11axS<5*<e(J}JJv0Z
z!p(*%+lkQ_&*X@$0BWN4NR>?iPf4Xf0put6wQZ}Ub!f#?*(-}7Fw||dn@Gq(J1=;2
zT-a4niDoKN4$0zr1hBXAb(;L_%my(dP9QT<1v3lfV#?$(9dTh7JEOT+jQD%oqK_zM
zJ%4xK@7d35Niq7n-NW7fDBK-&M{Mti?gxVd7VZ!FM}zTEzz%xss5jc}9~|u+9QC`S
z{iFU7?FN({?(XgO23?!B8>Wo3LzNXhX?K@v_7i+py9=?ugTA+~JgWWM)WelNo=gMi
zVUb4TF~bFp8hWSnk?!V0f3N(a+RsNvgYMq`?!o@x;AsD_KiC_OkH)Ou+Z!K_!u}}i
zGJ15_Js7d0gT8z=?j4O;Z`AJ%4ti{_KPppi?&+2K+R<@(1EoR0=SglARc}u4MY%6=
zT{)P*qq)^>ZFO4`(<;_<+w35KcivVB$0c~_GkujqPV$_IoM#Xc7PDL)6;LxO$xlq$
z`U95vyH%vt^crt=5Se>cgDzX3XGd~VRVWMkj=(0O4p?fw=YqxK5-Hrqlrd;%-#mbV
z5DAr2mg}t;`~W1!eu>T}iebZFCEtert(td3{~B^t)QBy~!|@p8>UlZVrMhOGj+MyQ
z^LA7!Zph!Ee+_v&8s@qV+-;obrTmyJgzTWrmQ@2&^b^OA;;$4%>SBHgU<0a><^oWZ
zms$m^L0M%aQ%Vul)M<{6?@TBi5yICB)k8xhthbVLDsGCb3=De1(A?3Ld#Y(WPXx=o
ze9FA)8%W4a<>&U+@5Z8dK>rm;8h_+otb)Ul2GEe=UD;#1w5n_**H5J#l~Hu@x3YTF
zKkV-x_4oG<5BuH0VHk|NV;1iA$82!0zrP!VM~C~p-Glx?zt<fdhCRBsx8FNF?C+0{
zM&rFf|M1hPN0x{EC(@59#{%cTIZ~FYAxxs&_y&}{<z0jxplWG%&lPnoXYVzM@(RqM
zUAK(_W&D90w9E4j!r65I$VHuOiw$6<3YvSY=ES)+?PbcV9?FMrwu;i1x7*s>uclys
zHf^@L0!zGxG^g^offi9Wud>V)mT|0ylCj64N)*|$YUuWsH{EDij8`Kl(A@i7<XBON
zk^q-6Yth6|cD!-9WHkIKi*oiR30w^0=L(*0Eyk@cOL#|QJq^SHulge^AD>QztD&L&
zk-KqS9j=fU!;?n&5Kz}PslU2m3)uZCMNWRYDu++Z1uWCcs}rA`4hh^e@JU9~=|bOv
z7?l1JtsAzuMr71XP;byZ+V8Zmb2SI+d3i13vnpH?s866?{&>}?yyMw~Cebg-<kA81
z)iO8*6l{#LduTpN@nz**R3&MF5YN#<8%*A)bFco+e1A5Ej9gkRd2xP)cj9=t4HjkP
z>7j8NHkm*1$zSzl6#!fKe>KMDzxm=e*z~{MI{vHt+QYB^rlN+nwoT0y&d`{jF~Q?o
z29995DWe5AkwnRa%v0MH?Cb*X_B8YQLZgo3tO9d2NCD{~E^Y7luzT3sF6phlZM2td
zfifF<vdbbTIw{TnREFW@%Tu{EiCkwFvS5P7EDxsO3~oh{tMB2P7b+JJ9zqlwj&X*o
zC-m7UGLqxFki~2Qt_d`av_(xQmx}^91_CgzfX)TYr^=-i8oYz##SWD5<zMTuV8ATu
zwOcqKX&Og(g$pRsmSyk6+%8n6EYMrVv@C=F+rYZzF_+_w-G*Lm`h~g4+wF>tKYgh`
z<se+#>7Bp1KE3ku_xa=1(d~A-`-1`ex7+Pj|Jxtz?*6GaIOz6w`}+s`gFkh9gWf^^
zPo(>JEHwY-BB$A(x(}|a+PE*|_u+#_qA_AuZTjfj<C_$j`u=l^Y|5R{6o93(Reh?B
zrsk`yE%Gbw^8e8Jt;8JE-tjz+7bK&JifPm-IU&^{3V?HdSAo-qG>G6wWqb-RPfuR_
z1ED!1>)t@a_!l6^I`N;%&~NnE>nTerNj3wM#a}U1U}}O7S}Zu3(d>qWs`}ne4~d<P
zi$q>DK@<f+(ijo|LVjj_7#^NqkiTQ@O+-x(G{6e_=^^~sWFCdg-;iU(V!`SIHJy(}
zF|$Ug@*-m~T@=HiM?(*KrSv>1DE(S!XYR2p(wTnvK=LS$8S#fxn&m!Zjr;Xi)C|4{
z(hy^XPS5JWk7vGN1={v0DzvIdLRo{|lkPrjpRjB3u)@IEJ??lXa+-uv&0_U2d=P^L
zVS7BPV{y+a6d~;KjeqcYMlyzL;I>E#`{9HBOlOLfUv9kQ8KKF7jOQ5yMod|pZj;+c
zM7cS@$Rms8w9k^A+YcYereHIv*_Nqp`LF4}c_xXsm5CB4vopctldSd2-P70k)%O3l
zvhDJGny2w2)v;v%-#h45_y4`_{{Gkf|8x94eAxMRV+iJY%xa9W2mocN)+H@YiOR<^
zQ?3X8#<x34s)lSFC5&{`vV=k%;;FZ37A5(Zbp9;7KZ{ODUQ~p@N1gD7bpCgTbl!Hz
zM|tc?0<ymg|BPl=^YJ)(PdZ-5h;$`upfQ(_r5Sx0(Ip9^E941q65X;yo$j^?^C!m}
z@7}%JF!w?BZBI3KqCRKA-Og>#?{)p&hU?Bn-|^5<5VG-P3ROVt<U0*jp}Pqx?wG9z
z{(QHgPPq9zOUOGX8^@~t|D)@8*EkZY3Oy3vAa~^W8QJs=@8qL#!vH_8E!ov9gM^8j
zdhq@a3>|*IMLGpdxtW>}!upVR9B*NpsTV!|vw-r&I1oRl6T`J<4S4n6di0^&0E18C
zg_Q7hA&<FgYv4-Gz44<^v!Oa#B|06lDNn5A8}irE^S_b5I?4WRYXi=}#~a_0ccm}h
z9V?qj6UWS-kasmDyM`M4PEvN({qDHE$=g^(2V+k)xU8qkcHV6eE4{X{@IcgCr7iO1
zyCjO=NfEL^3cg#?p+A!g2R^V6stYq5iSlMaQyCL8%^|w>_!)_kki929=@zfbookip
z6=j^=WS8yRv%f+T)F($(6$Mnb7x-MEi<&s{in`ndmM$0#{s?a3!xPKXeB+$w?3kRy
zcXT0&?9EzLko$si*g7_P_BU^_lgbMxpuS-FJnax4YrdW`8&N#x<lQ%K-;o0ACNv3B
z?-*QSuo6UPNQP&aseOWxMeooGIy`x|A-mQ5c?HmfusZAvEY16t;nZ|&GzP1%uSu#t
z*S$_<gOxBePlc%#-YQdJKr6+94CbgF|2!6wfq-Rsx!es~ILgVVUim}^Q%X{WPt1`@
zbNUSO#D>GU$oXt2t0@ZGl*$J(`2<c47@|iyx4jPOV9$1le~G%iZ+wMI&9{zqc9YdI
zf_tluY_rrBs%2HPt7UK4qF#2z*0~RyK*7MB%B|5gCRLzQ@{vSIzGcz2d6_UdSF}NX
zc+#<IsBn{n_Q6~)&+?KI41)i2;**Y^i5*$hR`GW+**m2%D1=0_7#M<aB^p~`uYx2z
z!H`3c``cP4(M7fio29uzn3m-nVtPu2?k}UReUtDz*(Uj)LWm{|Uu?qvegv@B*F2Ql
z;bzXSAfFfU@c=A8@hjS2O%YV~6;?C}vXGl*+^YAX)u1lsWiJp=?e2iqI@+iS)fy@l
zBh%=&y2&2_4*Z3?dG*$5O{psyTKgdVzjpppvI<S)N)rIL&jp>`^FX-l{MX;#FQ5PV
z-QB&tujjwd@v}CLl5rPJyDbJ`H3xUT-S~mA6rf8Wx_XfWxLc@+WInA;rj2iRU}DoW
zQm4OTl8tEK(|JDSnY#A$Zw}#}`nI=Gg15coG2582oXUMcDj*8nRv**Mu4S5KxjunF
zw0)V3w9WZH=qx5a`ACuoV`c}WBtPMg*vfoE)3oBWoYE}!_}Fj*Kpw{%9-(RUUB>4r
zeCd&d<##;0iIRzG<whk%lPRL((Km=ZmXFj+%<ARA)fxQbj^@F%UQZZ_Kpw#sjnx=r
zgg6TBTMLAHSJ~G}fq*~NWibAsGND<O<0m{^kpnGa%LB}QI24e^=GR|W<WW|*BXXM0
zOZ7e>*IZ8$reUu!hyb%U=y*&$3$ay(HA_-kT*iG#a-Luuu(0jUHEsjWvrxm!Gz}eS
zUzH9+|I1R}&2@4cs~Zue+h(@L0!<@@w#gIG$U^`+mwpKQVx*ldEw(D-XX5ip2THY@
zVjwuqdMQ{65oE>mB~1C)<a7b#=1CsK^30$>Z}>bXQ+@}*A-6mVNoOLJRtuxb&@C{o
zfRc)$8(~oAtvrT?OlOqAZdD`8ekPrpL(wVejHrHz=a@@)<+-Rnt55&7F*2rb$H2g=
znA1=v-Hp<e^H^AKN0T&VOzIz&l(AmQ8LyD($}ebm%d$KYIFsuX>mR8t;4TUoOK$n1
zwM1R?=|XIhF(D>2XLoerdS4PKm1nULK>CG~k;nvmmpU?_vCbOpsJNMBE!FJ59j%YT
z44}G7m6jxigLcZpVpN-#+xqjy*$1x9b;xWbf?6vD39Dg<qF-1;)I8t_8U|Nl)?!2n
zzV%ygH`Jo1gr;7Y>(g~j1=s#llil~IsyrWyN|rCTdRfySEw7eN+xoX<3FGXC+MfDb
zYt4V0-^%B|Q3PN(_c;bGIsf&#d%eo}ueX0N_<H{P9KU;?|MaVJ7?8P_NAXV{bi8|x
zQ|^m7<?)!QtSwqjx3qYplCA~Lvz7KKk6}1EV&SV&Z=3QTJ}es#xC8x2exCDOnLaK2
z3Hf>5jQfaIrmw%>>#tq@hm_5DB3S+a>)#Uj-|KaE5B4hl9|s5f2Vdp?=lDIu{-+Fp
z#9;KPbTuH5M>M#(qgf~bi<9Qj2+@0$(GPtQ@Vg%vOJA@wV*$-sc#-iDgS%EhwehTq
zs`X4+LVEroxub$8m;lH<rt-2`RYhZhu3tmROvXs(Z_j%EVTWw$i}4QpsT-_3Fo!nl
zTlQ^h8|%-|iNbZ$;*oFUCUSw0f8gi>H=xJQ$Y#K4%tXKp6V8$ypxr@cHayQOZLl;=
zMX{H@faQC|^0qB>m3`oIZnQ=E@FKEd`R3~`WjEErW2u<rZc2lwB3RW8Tm|exc}D2C
zT^nA)v63b?g<t6=``OjG9a({gju#!WRlao{(<mmLvjj|H<-n+8NKi;2N41WL;0gKe
zhf^G;r>%@X)!E5;f+ZCPPc5h^xPBL!wwX#QyiFU$MhjV|PfjCn*VIT?1xJ*G(Rj=N
z60T@AFNz|&o+nsNTqE%eCj8S*^^Uaur$|{K=a49+J$GcPcTKUiX2m-5qQY@)A(a!8
zV<A_v^2&0`vuL(tRq0J#^@Ak>2yv{}hDltc|0(8jd2cZ9%gK(M&g52UxrzZ{uVbmN
z)_Vvl`}NmO!?&3IqlWNOnI4XT&3GKYnddk~FL)^IvQG$0AQAv#3S?0Q?hT7?MpHF5
z1rk8vh^*Z_bWsl?7Q}o8l2tp!pg$e?#=lm><3Fc@UC?|=IyDlYcXhU4#1S$=%x7gi
zep$2av8n`N`e_#3MlqW(*N2r2^RGRBx9fL1g+t(<L;ueqJTY$7G^MavMojoW%tuUZ
zOjU2}bv}p^o^6$fNQxnvrsO0|PqG=$o(efP;0iM5q%%*T{}L8<Fqb*HtwG>)B&>;V
zkql^pNi0Ilgh2&?@J39hag*>ng<7mCf&i0+3iZ&y<`%suG2B_HFm+t4Pt%mbJ3S))
zh~=~jtz_+6$E9Z7n_|pp;_1l6956bZbSq1ynrfmNEpZQ4AOnP_lDIrd<7k@33l9@U
zcm>9GOA8$fX0=Bp0iN>kq^b-RMI9Q@VQUR>X{&15tk%$W+=X2Vlw;)Ecfs}c!IitS
zUd=svQfmXwO28}nVjjonGiB9PeRI4954Gm0bIT8h!g$li{7&Z^K!Hj^o;)pJu=6P+
z9jZjf1qz#v_FMwjqY~+SIv3=Qp&$aNW2u*sDEF&{f5#HN@Q*_Ha%(D7ff4Fm)86~l
zsa2(C3Rm$79y06&%7Z53k(R}Y;Rm*k&=w!y+WpO>)d)|PMg{Nu0{*E*GZHal>B%@}
z8RT9n3HRBICRRQ+kL--1WM@Rh)OzLx_8(p$ezJ+Mzx`-o7~D-^-_GXjFC^sF3qpV&
zvfKTO^)%!b%wQbdvV;i%2X7l#fxRyle?tq9lZt@K7!9LGrRefEb@ZlNYFE0=Q;MM%
zM%lBSe3qK15PUqNX|r5~w9hBmq)o0?4i)Vi713EAYJD}$^YlAbLAsc7k(VcCdOI+R
zL=kV&>Gcl~b)iE#$H%>nYr@N4isAiJM&o??OZgR?E3CS(&;_0-%5yB3GPyFpzrHTx
zWywZ-&uD0^Vm%JHmOG;?V&f_tM-%R(Jj>5Bc0J9QnDRI*8||%*^s6Py9H)?J<qDIS
zG!rQmD^pO>oE9fN>#ee*K@tj6%ii)8r$h<Q8dL{m8*4S3mDpT)!BrF(d}ywb?T4NR
zLssFsx;nqkU)TI~EdRF2SehsIpN*}nrd&t+vQa1=jv3u7^1n{$uT$D$xI9rl(VVVS
za^FeqXc|jyZCwI8?1#gvx94wOoW4Cjd40N3>9Us@pOyO=jv?xf+y2>C5VyU`OZW(}
zc;uPPPk6}A>5SEw8J@j5`|<T#;OXS`>D9%_@H6nF?V`RheK#>SeD&ki_37p7)2r{_
z4&R)=Jo~Q7-7(p@rP)p#jf`ei<m}z4(f#ht>(ke-&R(BgFK?#y?|RwLT>bu7r8xC5
z3u&cP7~MvKXUF7e?`h+a|4=A5gYUU0Elx9Qetdp<d476*diD0|^z!d#!_&9lzqzV4
zqBOB9RM#?L)@fA5Mhj;bZ!TBm45+ToSzWz8O>Q4gyRO>clE~M0CRV998na*##IBty
zVWqEwDUFgSnY`xmh)M5+7bH=qBL29@ucRVbo?rEyt6}eg6OcR=R)w%fI$ltJ__6Xt
zby^yeP5)&SGvR;7a?$~ltHSM)EP}4<u_W@LuC3D1yx%Ri$t~wIc9rw=0nOYAlE|AU
zYD|3VAiT<aDYEKVrAkhmr4DJFMZNB7)5y|d95*@@>=~6!+-2s4<ZShgBxQx!Z^Q09
zWeK^cZU0!4{7$VtKd0G*<#mlfswofoKFxT}10Elf>)}Py@^W;FL%tNHR%&GZHfve4
zTEA#*NafD%{i1E0!RdYJ)gG2|UE}HgfD)dXE~|D)nY9#!uJ*%d<Z$&4d@TCS-M!i^
zK^<hOWnJkW#gc1vX@&TT9kukUhcv&@np(Fxu5=|SxzW#Su+Huik6^E&Wd8n5TFbWL
zkj7Om${$w`C=DjzUf)%)w(|s*g}lrb4Z}70v}q|<PejICk>kNi91{{|)vZ#_*ppYU
z+P7INJ^E`V1f4K#pngf?ctnGnYyOH)#G3>XK%4Jwc|4ynxN59BCm0W;74o(@7MPWs
z$+PnF;SX*l@m%oX0|}#SrP?Y$spZa-C%QLDyr`y7TP`$8;<s7)DpXT<E8skm%@chd
zflqeopRCX2`hEpZ$d8Hjrnn_BaeTly*-0}V?1+WfNmyPa1(j0FqLp*J^nzPng{E%x
zklhFJ%Mwwm;Y#Xqk$bX)Cl<o9ORUfI4a*W1KR(|`cM0p2LTdObqqp-d8D5@wZ%jHt
zs1z|XpI^L$U~Y5>(>|1yvA1=NQ95=w1|Tvh`?)xP=#IObCwVkuzMa9c6J!zZY&lho
zQ9AZ!G;NySvS-F(XOvcLVE5Q#kZ#6PI#Et`&m)ZWi+DogrCUz(TnQ-L@v>aamb9n@
z9O@dXd4h<bktBdvI1u)VG$37nIwoVCx;Ck1WK=oAEo#ErM^$b{BvfY$Xv)c@6L(e-
z-GMpuqViiiQ6BiO`OrbaJw2P{&8Ff*kd7_X(2L}@->EvRNcJx|&nx~z2zD~&842fU
zjQN1o5>TnX;jaP-yLN$#^cy#h1~wc@lVifGDzbU9l1Q)b3V9$8_EL(4%Q;LUU~kBi
z@rx*XtqZknOL-8s?n-$O>Wj*h=F^r|#L;NSD(>8mO3GgSFbmuW5tkoe!qaB<ia6_~
ztksLQ@U~ntHlth^23O>!Zc$vhzY6>QYbt&Q4Y6$mqtu&G@pCPMrOg$~gPnCoZMks^
zslBGDv%8YWYsw7KJhSB&FQb?_r}aAQLe6Z)R7#H#Ban?I=L9h9)s8>o;XG!d#(Nx%
zyz0AhXUgHNmuO&5lYO59nwb|D2=-OFQc9>|eyNyaA1~5wmwndjuOTN@CrSkiI?gRy
zNiZnUKDn*&vMPWNeN)VNdN+k<O(JWFEqOj-m}9;At!@SQ#n+~|oB3vH4_FkVN!qqb
zN0W37F{`A<Xp%mJHG9HTfU_%)^Vl*fO{w^SEh<Gw2U9+%G#T!xq|70CyrOi>W3hwZ
z+^d<o+I-fqx$oF-B!P@36IQ+jkot}+jptVvc{y{E3OrtIYB?vi-56O&|5dkm%ZXIg
z#g?hNMYT=eJjD9N-lsgv{cw@cSrn{b1RKZvF6NWgMYz*gXuZi@zs&i&WrTRJS8t_9
zX5|oxqFhCUs&a<zZ|5rb*dBnMHBwR&kK}3ML(lj3e*FsxIr;CBwdtS4yQ<kTROj^G
z_92T4`4{<L|BH+=MsLW+kIH$l*ZoVGQpgkbmlAc=)!}GDs@+{I@NZz#vp_h_2;Q<J
zzh0zFln%=BThbvN^6RgjC%=96;e#U5zH}bfWcJWA#b;O<j!Jajex^IJWs4QsTqGMU
zm(#U2lr5OpZ>g}7&9o{D%98DOB?F4ZV?6{M)~Y~Oor;E`n<xp-1nEQ=+gR|75$EbG
zaD@Y1wF`AT52wJh4<FjTvt!4aH>uSag4FUXL>=#qf-`q<1_iZVcEc8;&ZL{xV{$u^
z%Kj?chAdgMGwUX`8ndhD+8xikITW5OVkxuF+H~vIs=vB9xp``FbNcH4^LhM#R^1QV
zxAN7GCSSm5_mk@u_fw~;)~Ti8k59;@2Cg?ZLiknRzD?mOzgH5nEM7#(g#1t>JdgsT
z$bI+|<|<7DOL9mY3tKOC*p!R>sZbTbnH*~@&{lN{WWS<H*io0i1BJpVtcTxSzWMRu
z?d6*{?d!J1xUNY(KRbVWadQ2AJDnu*M^WN3A(f_QZ5Dhs7cPh1RX%jF;?(s7BA!J~
zAsIxxAaRu3u#kMmNt*FVMrULcfme4VNR-_28=SKUk4lq;MJZ${lPm@cIdkW^ax@@u
zbi;_4S~D-7(%i&QM?%P{%@fFBN+UbYI*de~abaZ<tFH+;qCOe&6cY|9b}@6FMG7+g
z;k_Bp7AnK&9W%fZDvw`~L?n&plPDpABctp+3rH#@gAfX(RuiR}70>P42Uh#Un3A2j
z$l&~I4(f0TELpEUwWHVca`x03d<I{@6>o1R5$Yz3c=%=Y?JUVj=bI0DR{vV6rbE85
zR*qe1Hghw!;)bJnXxMdXuWgfki(yi6^x%W<S68Egv(M&g1Oqw5$@<&58m)YSM^J!q
z^uF2P)_@-HJJ=*^BNHW2e)+lf9_JSQkbU*{x|#jQZ((MU)OHK=#=VuTwO1Khoh4h8
zDfo4p`npZ6&Sz<x0-=5d6X}f+>A&X<YemPp<x^$LKAXO-`in(l66KiTNqMBP(3eL}
za4$<)Hs;w(rF)~I$d8YHX2j*=W)il!y~$i2ZchkL;sv?m*^P2xb2`tt&#<F(?2W%}
z&((Xir`Yu$$s}Vb=~(WO1TLRO>9|8aepDmm<uD`U|63)Ww(ZsHT>5<iS=k`;9^%#d
z8GTyYcd+|-x~}T7y7Hx$-3<v3nViiv9}n|l#Cb0AjHWN6nAMf)I~wKQm}j2+z>{D6
z$1m8W>Tl4Xv0-YP9Ma%I`g8>(*s*|MJTo4CxYH?8$~TPHM>3*<ZEab-Tf^XC!IYEE
zPc+JvLTrW-;HKt@@B1ZHPQ&)}8c};b=@qwWp(oe77e<+TIW={g6ST8bPYpxwcQB`2
zf?AG|S77K_v&?OF#cQdPSFhe)U7uX9a3y6NHh*9X$IVpPVY+&=Ab&S((b}K*<0;Cr
z1~*8>_w$RFzaigJbl-#bpDxd?Pu~vD&j3&0?N8sIp1-|3J$dnu&(#Rfh&}CG>)lOR
z;=$&*T06ep9R9v;4!<5wzo5e@2oQ{)xyorBOy{>am$rpo{=uWh8od6S?se_vmO}j?
zTng=Wm`Ne!VUx1*@Gzov;;p_+XTZ;>ojc~KJi)x=*$+Au1KE^sHxp)MZFZ(~*diT~
zXHk%MwpJ_-@Kjq{q~#a|P8xu4@H@~sf7^4^`ZfY5l#547wv5UNtd3Aqpp}+oEw2dL
zXiTD11?VK>+!OSc5ich*noQv21@;;5lsx@^$D303@Xju-PoBRzz4E?4JHP%2k1j6X
z{D1%Oh9~DIm;cy$`WKy?wEV*Z+Dkr9LQ*G0ct&cp3~MBtW7_7YEzCZxqV^EN-bXp<
zRvwQdS0C(uQJv7t?ZbLOhib724Hihb)cP8CD>ro2akZ*`l<|D5rmQzER;~9Qkg`Q%
z%rjDmRoJ{SbzO-KQMYn9?HrF{=_sTfdD0^L9U+u8e6S}vO$?|f!}Bw|ic~q3X+q9y
z&vPO;xnl~D98(*>2@!%FLAOB-D8l<rJ3Q2cj$(Ciq|{aY4)!Xi<nQcgZt-%}w^7UL
z?q5mt`8>Y99>|({X6;kj@?+5B+9O+Umg{%RJ3P&If+X50E}2W~-?6+^v5Wx<p62x=
zzM~7h*3vBEFdi`#;#|iZR##oAREKQFk;ut67L-<n2<hN~2hI6G7J*xa9k^M}K6!rc
z<dpI!kB87(<)oL_{Dvi~P&MBdB(0JDE~5dvXasw0Em;thBY2L9lWX@;)%a=~m!J%@
zCf^jcq^+{}Ci)v$jLdk*wsm@~*<9pyFuIgP@hx7#zBs>vX-N3k5R=b=N*SmxOoX09
zDjDg^C=>ZlQ9k`1+h<QqDJU%YV?Hjpw&+<s>L}<ufR(e%jmPp-VSS^YJUA~$sUA6@
zuT<KwqL}^kaqG)@%(80280%qUZOs^>tDI&n><ASqRWZFZ6`l)ra&aanD9fA$Xc`H4
z>)+gpoM#N4YT~wyMlP9?IHIBu)K-|KqG?B3I+#|EDxr9aM3l;}H6=evg?*xqQka#p
zl(m6KroemtnEVs+k(tj`n6@vUwQv;j8I2P1>#rU1ueJece}FrRHTqA;OP&!irC>QI
z0br03%kLONRjh-rI^{@082cto&5jmfvov44h_Yky;a98fYYrLtzyXh$`qaK7$PQ6y
zGDU^7!@x9EG4Z8ydezRQLe8>z&1sN;_rfuGp?&4vWJ6HXt)Bb>?*G^5QaG55(lN2D
zn2pBG=H7LC4J_|Wmn5-JcN!yNR`9rmPFNNq1E&q1p<6Dg`T{ok{IzsM#W%3h1x-y~
zcf{%~a<7ew<#(m!Q85Fru{@v^%}%9JQU$7ORAHMLUBUHt8Jo?FmL*>^zfSC{)jC(f
z1>KY9l^}uI0D)R&t_vLqDn;<X!cr0NB$#IzOY(Su`UZ!rta9ozA($YW%%Av{y<@Aw
znG;i}g|$Y2A>C~+qnJ6w%Y9)yR{-&B9qmU!^t_++ETD^=sGd*AmD=U8Jve?!(La^n
zXwe8x<5D#xqXn6RpE^Z(X|2?Dh|uOf>a=agW%SU_qjgDBJZW2O>Pm~cEl{;}etvS#
zxaHnTD>bmuu}e;LXOfl&PTmIWKM+S!>nhHeI9>z}1ECbz>VZR_X+#V(PA+yQw7a%E
zAqmf=dOKw#hGZ%e@(as2nK7CO^l47!vk}WMW`yt{r!mP`nlZtWT-~9D9DJiqIz_7n
zg+=z7hwPYi2VL9X9OZ0Qu?2yjjT_`p4=D6%<!!k~Zw`e%xnsUc*`HK-Th9f{$Sj&n
zb8<%$xPYDuMy_97HR^9Gq9(RtCgR_AWAVwkJw6Q(iofkBIlY;dpU$d-VjTmC3!88i
zsK+$p|7JnXN~Y=Gws#!XY|k;+q_z~Dz?6;sU2QBZ9SB~MOtbfC90gGhF<&BQA(^s_
zZ4(hC0nU1s<ZzFn(>f!EHR2fdrT5O10UECwEEaC7BQnj&9iPV`X1ym=>-UnnR7FA4
z5H;d7C+wDG3qr#%l5O09&Ze<XUNL$r$4%A>FdTTuCNp}&1YtCoDvqHcRe!rD8fJ2y
z^O=c$Gn0ix3C5Bsivgj6P&jjtyD1k8Eq@W7eQ(&pUwtgCxoT`Wo@`alyntoZ4sIRV
znlvPZM9gF1->_=CwL}c~Y{nCm9zh(jBzF|HC<QgfS}2tZf2hNm14a6Lo`kUzO1@Nm
zK-a3>tCe?Ozj!5Uw9U|5Fw9MCXK2GQ?Px>LYnpb*ufMv-xQTEbk?=ty+*HjCThwb=
zyTg_!Xcp3~>sj;3!i{~~qKGts<u>+PlaA1+9=K{)r4JsA=(-Y~Yr7iI2Jl*xYe#ss
z$}P2aSC8`*K;h+Z!Yw21uohIvFXPII=(-HgwS}YNlO+tSo2<cGnipY-rOlCP!EJGK
z*HlSkuu5gM^av|j_#6x86C&HT;M)EXR6*4&r8Y=?p{g`JNMUH+Xw~IYy}(N9hQ7Kg
z75KD@!B=Hq1!Z6z1)xptt_VQ98vO8TJA}JReSfJ*oY#7J^|R?3$kT1O)9rR9{kHCc
zBfD3>y{_QeYT;{BsFzu77@IuK8*o^cBCcBh{L|N;hD~R)G^RNdIwBHNZH81#N1SG%
zP>WzjQ-48c@mh6syWQ^oU;zK^cDvR8_PhIgf9eemy8Ye${=xp>Pu+gMyLa#>(*0zu
zwtjPY&i_;Q!F5#|_l5i_g0dKJTRO@@-@uI~_+_ZPtT7+y#H<aIX6IY~--0I{O+z_o
zNa?bT1VIOtqU!jWu0hvl$bgJIenv7jVeeJQ#7P{J&gTE~zuno|^uOKu@BfC1zUd%w
z()s2?|5vEi^Sq4;MCwhHgvVs4Mev43MwJ54h{;OzAEh)-0<yoWd~mMj<8kz!bUc+m
z*FZ1g*N*-)C9K2FH~uAy85PVwH*bMlOh+tMd+E)g@MxMI+gaghn!@D<LPz=$-zlBc
zij!i!U`n&x<Kq%JH49v911DOLHZ)C_fwpTcq_H48CY@eKJ5+#Oti5<CMt!5UR}=<r
z7a5u)JXg+E=Dqz8Xjl)9H%gn&GMdZwp@EZUR|OBJYW<<-bbU7e`YS9KHC2l=%eZ(x
zlAQlvfr%f!?wfz`U;F-_@tCc@-&cQ2_W!-!!G3xF@9iJ#?S9?=KgZ8u{lKWzl817d
zv2h$trg<qDbaijdMl=Ag3Z6y3pi{-oA?!J3*S+L1b8NV!%UrX2mG{)9t+MVjypm*Z
zmZ&9pYH!5L_fiNII^OUIO{4EJK2PCGk90a4l{gWP7=>DF5OT}1k$OG>qnQWSUht1Q
zng`PjTmEj`d(@V=%&X9+BA|1UF(IUqmhm`dS<NI?FQLrCW{}Kz^U-IEs@pP1S0>Dw
zJeCxUFLhQGow0mM{RT5?LUVRU7bh2IwW(yi`h0UpRl0NzEoJUMb@F`1xdYB;!*bMu
z>)q#@J?LDgcCBSoXgP~t=g=pgL!(Km_JNC-CiN?x>if?(m(*3BtlCRu-AgCbYP^;v
z)$eWCe{1dc>u>q_ZxkhAluRCQ3|w;l+aDZM?Z4gKUhnJq?{oZqgY(~WoKSz{V<3;2
z!sOGUv!!=72(dPZw!RSa(Z5-cE9r_Km4l-<oOh9Hgk7)F*`I&gezb!q&RX(GrtKg9
z9Qt_Ex_Wm1ea-AI<V5@lMeu*Xx%lxWbG5UI$=o=V?>~`$p91<pXY)@ukN;y%=#Mv>
zon7`HIHe!ORPYI>_V3YP@OZPZxplvzsrXwT-X7uCe*Rbe_P{IPCFlR$?x1@AdoUOb
zzMlU-$M3<yG|l*o<x@7Vd5l?ZWmX|IrCzHP|JFB7H!Zcco5kSo)k^S*y|zTk0$GuY
z*E_p7Cg+GeiJrGZ{d|KEQG&3lGnVp9pS)CtC6;GVfS&vEWl5G=W0_i5`f0{<9`N{>
zTn{hcNlvo~%P-*j;-d|xW4!|up^RX#jHUOB8e^`QB3aA58c^k;>KLU^(d>0p<I1TR
zy9#VJcFor3S}3(;V6hqT9T8+yPBR3pb`*HzF=|vwzT{>0dz{%{9sd5aek<vJ6!qr&
zs)0-Nzg|uM>-W07um1m^<@bpX(@S<MePnaG;D3_Cn+pu32|w0S4e#MK{&+s!PQ2x%
zEI-(P{Hy%`5BRMl|7Ys3_G#q*?*3j~{_lVF|Nbn$PjUWV>(pO0kE*#AB@;j38RNna
z_-v=TaVSD-pLUjV=8Do<B}i-aIIEHzZ)OCE+cJ7B8D8GunydLeZ*r?~{os90pYh7)
zw;9cY=__l5T}L`ITdwNg!eqg}y*7P>C1J{=L>~?D2xuP)qa<h9Esa;4!Mb?${(H(3
zo~Z^EvE>Ry!>(_QamW}<(<qskaj+h(Vn2JxEI_6&>paw6+=G)3F4WGIBw8_w^#i_h
zESJ%K{1IJN<L4OHWjuWH(KUadHKbVUo?hvzo3a1RN3V)NS^d|FE7p8$jqm5u!<+QK
zfO;c9=y*urzxplF|GN8wn*Zls_pAQ*S$+=v&k1tld>LT$K49rL2HLNMTyv$7Ylb#*
zO}l-d0k&qftK4-^bs&A?3!2jo>4fkf1l4KBwmDWA1Z7XR_F_e5eV*fY%lgL)_lJl7
zF17#dc6Y1szk7rIuj~JF{LEQlgQ(P|HcIe&nEdfiJiCcG4eLj|rW`R_&JsnE7`XuG
zJm*ee!X=-`U6hBUGiC9tv$f@7oR)AO6%>=yU=~fFZu6*qv|Swr&he_Tb=5Kr%_)lt
zkR_Ez0n75O4Ntp7ee;$aKdYtq3aBqwK2JNuZx_=j?;0d6qH+#Tt|~~3tH@YQ4N<(x
z^!y=%>#WiKfF%La#Ku<2{lFHaRPL*B@^OBR^8dkFU-4^||GmLMe}7Pw|NHx2{eM2o
z&(i-kOVV>|l?b2@n0AT0P?oY=D2(U45e;tcXch_*@L5Xp2+}hybnYd@c*5_Vr{mW&
zeSsKxSJ5x*lI9VY;;id;-KE9PbC%H%fT22L8VlBO6&%JqxVgyqXj#E)%<kP%=<MR;
zHN02blb3QH*NeSLSw?f7oum<Lg(qPM*~~gI4`@8)B0oOr?+)DD=GQ^`n!cCi_xgkW
z;i0?KNwQF-`uqLfU{I98!8wy!WRx#n)9eQ71}}}G)HtJ)8B6l(j0QJRGI5nr_5I+;
zRqpI1`pZ0HKMHn{MKhW$6!d8u<wG$9e8>N~xPk^Zmv}zU1k~EA&xRN0SHRyXwEQ}w
ziAZV25&$%<a;hh6b-qqnLVEroxuXIys6_y`9<ns%3l`c_HX0MbX16RG%1NCu()ru7
zo`2XOo7!63fj{-SQOTi(_7d1q$;Vb$0<Z$Q{k^6y%rYo-bFHAY3|b1p40lfOnmH^=
zZwFQU%%!W~8R_);2Y%P@`aNqASfHog8l?VteBAq2os4baaV@Q9q}$L(dRe(kI2Xb*
z(n)2n7PDK{zkH@0-Fv1Tm1o+~`ZMiO8`A6EyCuDDxheARRok-jEjec_6e>%Cl`JBR
z1Ww8k!&DAY4jk&a$`i=vaEtn{Ab)#yD;GW;@muB>c>!A&T1E7&*i-%c_f)^qQ~lL@
z%1*Q;C3GG1woQ7M8{4wNnkJPV4wtxTm)x~|W5sSB+`pR#m2MuaH6eevxHLD0W1b-|
z31cA(<uv8DEX$&h5k|8(Vws+T`Wrz6%W)oJTU=F=NPyd{NLdh#qoP%-jYiwV{U%E3
zOzxMP0jDt&ffaq5(wRS#gJSO#Tg6s9DyuGa3Zr!F2fBnqDpzS03QiL(Rl*^^Em~-?
zgYV?%NOC#9f`^9Ojiax&?3p6Z?o~>iza~-qH;wD=s_Pl)lsa0o<f^XR&MKw0K`k)~
zI()(!>L`}tR$Hl*W^&=Q7m^$Xd3zaHysag0Hkv*pV;aSz<1DKaU0Z@)u9ln=D%XD$
zq7)#Tves<^l(&n$U^8TC#sZqNaBG{WCRU#Ej9{}$&$nb90Z;NMnKQrRxS44do%N}U
z5_n!K+d#vf$&hmI)pPffFmH{Gi3^=IT~R?YK@tt8G)kgmV$|b=Czec*6CO}mZ=xhT
z6QmO*(7}Z$gwz)nk*$)FQLW)w<9DQ39?E%sjf$_~%5GWJoe4`=76sld%cl);&%GD)
z4?L-k3~5S1@<vSfasev4nXmrqlD+n^#++Ch%HYA~8R>Ux%-svPxSAAib^BcPy1SO=
z?+Lk{GNO`uSM#w7G8eeb;Wv<fj*kg7AB<srVWPn&kQ9(km`|>!kstw02#X+7>4=du
z<F}FAG{K4>UnwiJp~W+Nmrs$}l*Os6%}zPT)v1BpO`~8+@J}Xy9%Ls}dB#f#w)_pE
zE5V$14nKf$u72zr^^M2V{Fprb(6RFQb&g4A=ay!W#MR0IxMP>uCisbFx}yUteto)8
zO$qVPx(bpC=KzN`5_XP4qB2{HBAuggQ;|Kr;PXs(p-;}>fgE!r_UekHFwr2{84>f0
zL4h%kV}1uD^LfrQDTJehO!GVy$2-dM=*LlVvs2EOX#I6eK6>a=<Kcfx?lYtzW2Gap
zVY${)ez2yc;)~nhxW9XFWG59U<?8rQPs@M{N%x(_fUKqbWm_(Ux=+_iDID`mj#20Z
z6cUUclc(hgqJnC7>iM>wViXHoto)&W!xs2ez_NVx&rD@*pNFbw3V4#_84Yf}8=h&$
z7`!;pFT6?Ml^ku%r3maOG-ofA<m$9ib-QD<@bj9!Z((Uh-#>&cn|M2C<(x!D^MfS9
zYCjoHS#YDE>(y%&_^*y7ULZ@9v-3BQY2rr80&R(uhi;CEmI<6B(AiFqDZe8T7K#|A
ze-u-i!2upKts7^%Cy?}5kP#?<xm4n(C{7mm9b}sIVV}Y*DoC#rWMN0HoQ{&69UrK9
z>J2;-HWyJs3SUk_1sPtx5M(o$i=594@|`@n!8wyBTS$?}x&?y`ZN$jWbCyMFBRf_F
z2v834m`qr%+7^YHAI+efC%t#6QrnofG7^e(k=2rnSj_KyojuwZJ4S3Q_s^ccPsBV;
zd6t7kBwk>iNF=MMjc9PglF%nVn)LP=pUHx9YmY;g>HO@5yqIDNO{FelZfZr&sz454
zz-Lmimt)B1IlNVEU3kS*@nEVzW47^%`U#|$!@-Z>08kp#CK_cNCROOflmT@S)`B50
zWi-o2jOJb*%^08OtFBnRhns4?*Oac2P}z&mRCo`WRjbM^yGViTf!ol7>e57->Vh@;
zpc*6vH+8pwGhdR9xQWu?`NdUE^SQXnX_n8^Va#ZvM4f!^1xe}&DB%e#;svryIr+I^
zr;#T4_1BI|{91SYMr2~24KH7SpQhHRU*Kz%#F<V&XU0XVKarxRB%{?323csLZ(BAe
zJu`+=sg-<}(STjBEaFC~H}fxm65d1>@lq_K63D_cqMm`wNwo1br2@r|5-n0hY0jbK
zlnR2RLlWgiqAkc>6vqT}>=trD5jR`H!Y420nNFi?^RW$2?4q(NAVTAe(QrXVa`#Yz
zfQ4Wl;c&>nZ6r$UB+g_?ZyBM$Yk)E^=koB7vp5pDscoJHd<N1-R}1-vnQ3-O3^_V=
z)#cDUa_epW7)Q`Chd6F3=NVz|@t@$Z&cXuJ6@|SL@TRHkmd10PE>lH6*pgMnEVStZ
zcvR47%CmW5DoIGlM)L`(2iS3#-VjYYIoB@EP^_$($S3Bwx?EsjMV(ugjksW14U!K%
z^{gxlkiL4=wCoc`HY3~Xh|xHoUhpj6B1eY@M|uRV7|y2a;RU#f!_iniK&K`AjG%xb
zCl_bxkgP1fki?q9qG6~u$j_C4$8Y5f1X}8E51rBN1{J(DwWd0a)H3<reArp9Jw-#H
zjJ6m!nb-G^jqKN$S+x}@kE395nv8jdmPNVqcWeU(GOZN2be<QPw(<0evM6J66eKOe
z3SuyIQ3feP&o-g)9bE_zJ_);J87hkU@EP*J#BN4>hb24Ugp=>+9IZQ8%TAQ!8Q*z=
ze|c7&o~{#TzlSBTyJCLFtQa6y+t=&3;n|DJ*HTni-KJOyqA>G7j1&sjzj>694(U`_
zC{b|;3&}={=Y7R0WlIzl^I$IfBE0O=1`DMQV=nh?v>@x{G*;>*nv3M)Qfb_-V2{YB
zEXs<i-ltr!&@ap=c=RB~h>Uw^r)U9YNA+kJW*xN)!Pm-VPsfWWgGa|Q_{mb|Z>~>q
zp9J9ueDRbeMN@b}PF}rIyWHKBWu`4D58+6JHaIEq=P~l`<nEYsj$46WI(7S)RY-S{
z8mQOmPvBi06-KPMn9T}%y*_D}`!pm4WaMt_lg<B)kKT?sx6F>#!)>BE^6iLbvWTJ%
zM2a_Xa#NfhJM1@2?ID)^ra7{txpM-80t+x{ugiUPLcr$a36|0fv=>l9_?Q&mkqJPu
zg9uf#w$cy6H)0Jg3~8({OZk{|XdHJyE~y&;I6~`Fp^wH3Rh0)-d8>6(Tgz7IHP_bK
zjuiBSz#br*537-YiNY+=P3BL0(m6WXA9S|-%1cbt%raa^BUVhpXbdY1_t=QVp}Blz
zpyYk1M^4-y@drhz{M@saVtwa(C>~5_X<ygQKlc{BN}Opzs|wsV#&W-k$X!Vsg7RJ$
zhvwXva#W=vQI?9jfVYZxbaj~3>uP^CYiRk|t$YH#d@;-z8qlnxY!-TfdfZ0RHXFAf
zwJwL*cAyob^L_2u!D;xM#_}+gb+$?l@b)V|KJb;LiFAOq&eoQWi?yth+W2qqrm9wc
zN2?SS`MEMXdyj_ux_tdK_odxBje}hXO{<Mc%`=5iYix%USKoXui<a50)M$i_f`(c`
zRelTC@)zohR^qz9#UcsT#Xy(eRBU7ws*eb-u1UuuuZSu4(u|Fx_iR~Tt0%9XpO{ZC
z)R*LAq5V25R03O8TsKhGYLZK4q?U|jtknGi26IVD1(tfX7&%wxAhc%@Fz49N>YpjT
zi$D;(99!c9cR%1*tvs|1Y_xW@RmHm0?;`*lqS9U}8Z?}yQEACnUpB9$HthBKB65*@
zIHvn51}J+cAcdRB>N^59z+MAhd~mGa)?ayuv{$lBRce3|jf=EOkH!<8Mfr5rO4F2D
z9>)#Z2Kqgcvy0mSq3H1wB@?(#R}*F%j<3b-u~gA*gC=~7Hc$NCw?uJzJ19?c+hyCf
zk(GJbe*iE0&AjYadD(BX*A<2yMw6?Y=FHMLDG@A-_*{@kh&dxX2<Dj}AsUL6Zl^5!
z+l3AvCAU;WxB707%;-Yu`^t|D%<?%W8JqE2Xc<XaCg60CE1wmbGkJW_Jpj6<JP?c+
z$r#=~qAi=;B>XOB;e_E)mI8q^i?}gDWb<U32#&Xxl9h}FOmdg7J92iRJCO-8Pr=;!
z1nQt!uFPmOmS1PlWWq8*prbsEot=(7<Q9x+)*E=bitY(tJx|BgzPF9HP)3_?pI^Mh
z9@1)lBy_j_1wOunjup_evha+i#g!s~)b9(CvzbqROnIUkyA9u#XPxP5?F2-GluCA|
zZIda#W48>C7&KWBo=mtLnSdt=3-EGS&44fx**ulAc$7tKjBY?r$SWfR<aZ$pBE03)
z2gQsDmctlY^x;dpj@yXhgavOQRih<eLUdvbqw$z!da7ypN5?tK%(zzv(+qRlfL1Ku
zK@yP;-eXIJ*O)$k6mk~bO*y%X1XvQ##dx94Ui>a0>iT<lepYe+l7ojXnu1{iu&5U#
z5oqpkPYWz=;}y(ZB+MyH_6fgb*<BXpcokNn4$Ur;s~Cfm$S+#7szGyP2gP(sJG1Q9
zK)&-JB%%zVUy7xv%6a9-$bN2!y-^<R%PMn!+`j8B@tqu{V?PI#zjC~i_2Y|bJ5~AB
z8mYqP8X9O-Q2)l=uByCIVn(5Z!J?T=GA4Bul4t)vd++|;wyi9T?w|8l;40axaaSnI
zj$>#0+^lsS+im?daeQod@9(?k?3)9Tkc65dSOB!6rv2aV!ixk*@FmNN(}-)eu}EMr
z00x7>U>;De(TO<9i=|U&cQFGox<#?M&>O_$ZtwyO<|xA1d?3w!2Xpud&$IbJnU2ix
zbcWOohOGKR|H+sEUR+fgUceAa08VoBNXFAlu2}shFxX<9cHbUoUFN7LVj1S49H<2%
zk0S)8V(Dl*J-$eB2xGwU9OdRSy0*5T;dp|z84kLYifu7y2!=Dcnctzv;$D&u%8DP7
zcmdF4BHkPS1TR|5?5Adg#Q>`jtr?Bpb^_Ljd2IxmhHVnVDFYGWh|Y0>wDRft_(Fe?
zzhB5LH&@F~Fl8K&vEbnn$_t=8i%bLds2YzXX?P5^BK6_NP-0(4S3k(E$y=4mJ}--T
z{0`0Cp7t|Q^d)BkJRc25!On2>Z+Y`gIE;bXxxpOG30(-x#qbEiiWFQWKjGh{xz8lO
zEj+${0TPk~=I`^PYkB(AH)}>p5S<oWWDe6n0}L4c9R(7fYOg)rso`M>YV*Gw4M$(w
zShV!$-rLBGF#ZlrVYs*?8OO=Aw4;dcK`aXdRF$aAQ3XcR43+Kr^?ileBoZKm8sius
z?_d?nR>mIk1ByTzXHzU!7ey>30J1<$zX`+Qz#}FmOCm($g)JT4V!lwKCnIL-L1GRB
z;z0LGUSdV^1aL>_%?mkSG2#GoFcD&|5aWQpJyrvfR~1;c3|YI7E=DpT5qb}$UzHvZ
z@kY|e9Dd3j#T3!%jSeK)e2l0dKa_APzM4CGQCSe0p)(s;WfrZryP3+0N-*Oy7h%zk
zc-tFkZNVez3Y;~{HmC~9R_pbLbfqwNyxJVMGz;&L2h*60VH|wl33cmepvWsX!-OFv
zjJb#G7l5TP=3u<AV)*kg73fLo9)b@E0x865e<u@ltjd@|fFX0?C+1fw8Y~19!NNqX
z69L2kkiZ1r^1;}*VHDfj*~Bd^PHJ-!NiRjY9uspySEf{-c<HE~Z@An<B_NYd$F?Cj
zVgQO|EiEo6O5=q(a4T^wuRuwfYC|x&BngZH-w98OM2y36jM+?E*_07b21-Tue-MmB
z9-@@rrj$p;=~j1gXSgd3u9WlV3&9rVIKgxLd)^bQ&-vCcX&+EA`ypals&(m(hicJq
z0(MmBk)a`Chk_;1daJ5k!!FynG^$I%g$k2J392sJsulCGH^@sXE`fPV_JWH#@d^n=
z@Nu!diU~$JqjSKzCrk&CK^w*hPiJME#k&<?E#Zs>t9DQ?LH8hE;N(NUq$3!o6JzkB
zSmnU(i?;V!f>#^1rq-sCYvwQo&r?M6k6XG^ZZp*`+4%M7Ry_7}DIPD=9RV*M8`aJW
zS8*eiH_|&`;mB=8Q`IgR+<JBAR6EDziD(AJnvBPR@tq5_$sA5ATcQU>lLhAmMV58F
z-ZAoVk%veIQbYsAeL)O4O2UOc7f}>tp;RVweTtS&y(m%sf>|0&D3Rs_Qhc@=G7?H@
z^Ou7w&U?1moi-Vjjsxn9p7UA_SXo<Z7^W6Z7>98z+xri*2WqvLw2nau!}9RPN!~BH
z83=JQLNs?xFzQbw!xg)PZ6Kz?6mUx9hzMNrtzvIj{QXiAlL;Dtr-^aV;1(=VWQ>#v
zvmjlPO=m(3wa$_yOwJ~@aV=*3_iCeuHIfJVgqiHTrL7e^ZQtEo89-Hb^ksMR+(y>g
z(OY+OGdg;Btzpz56!h@GJWPYy?8S5yyFB1TLfaYciMN7cs2*O-Rl8D=KoTUqOe{fw
zd87bkr-#g?OQ6qz%)=auQtyR4C>V-X!cVgpQnBRZ6_30I;o(e8iV8FlBXGvVNl}n=
z2q_TLN|e2T5rw!oQ&E8DVin0-#3#U%53KTmEa5X@(uL2&_e(TIp9&=9g{wXq=RT%V
zdqPo+ZehZe@?@OhSjt%t%n_SO@mdvUwiR*ZzSqDsH{W%ta_tx}5C>qRCQtBh83Jb~
z75v`o2nCrcVM+6n)`Wy_kP{@UZ=|#;AyJ+mJCc}pU%k3dcX8ykl^)`#q8e8he<4g+
z7F(`)(k7eC=UHM@g+`Z{<o3-MgsB6xlJ<>vTacU2<u7hO#W2a^s%+)&rzk<UsB&q3
zQ;JYy8P}UK`h={lhx33f2^6e(u$BJ>EZ12XTjF_2al$8HaA`p>p(XSJS9R5hTgbdo
zitVkc<)X$$TXC4SZTltdu_FqilHr%ua^&$LZrFH1!UQin20Tj=6pJy?e=Rizs;(M?
z3QC<vLSyg*Xn2;b(LfS~e+=xNdB9qf?T$fJePo=h^x%Y0`lm06rC*_;>f|O-Dw=#5
zjvXG_E#FORqATSI{Y(SpT!B`(Zh*DudQRRdvGr0Z#`MVLwnQY*Vr`%`XC;Q-0A^s@
z^p{$HfBlPUXwEaIAL2u|4xsW%X<2hXhI>#JlgM17N)?xJd~%j&siiE9AV;UiyGIdB
zIim0I9P@u-cyw{5T2}=E6z&F46$xTdCb-4WvGb`vL5g<Z9n;YVPCtoL|Jj8}!*a(0
zs=fqBehP5vH6`^!J=IoxXo5eTpxC-=Qm~B+i7XIAc?n+&0LX5pI3MhiNhKblaQEoq
zEO%rq*$d);m+vgpbmD6`W#A9M$tAq|UyLMWVkmWtW#a_#vlI3Mj>Uehh*!Q0aKwU%
zd|hd%T+MF_)I6pNhQQa;w&-4S<5tB#z!J^N^GXt;G6Lp(BMP3%orWO)vy9C&bYmZg
zDK5JK*Oaeot=hyjG<iTYcrOv@at$<8!%#dS@*a$(<iVim5o36opvVMEI6Kj6Qj`cp
zi2&*%LGD_L-P8(=(CV((^9F)c1)d7D1&vbP)kL=HIFvCS!!ZnFl0^?WqHWfP2hz$Q
zm*5o-WZ>O_a<`DuuJ}>)<`csBEoM6OUV(Ug5L68&bUQ7B(|(<$4e|2pEFA<%>FAHo
z&-6W3ep0>4FA$_7pccdfkf<!h@^8W0!vve3lNbs?!ThviWSMsYq*TqB;rfX%nJ(B|
zSjb^hIsqZlOUoRMav`Wyy4o;L)xgEB8A(p}b4YJW3%(NaxaKlZ#-j5SH?is(+SBKL
z4@34&sUE+4R&7WB3lbflom@&m6q)NmMdlyn^`hjM6BtTej#A<zgliMP-!d$NocwEs
zEi!qb%W1WYy53X~BlSVmy5uY<$nqG|VzFhkDdSb^g(pz09faaIX_=k|^E_m#Z?-OO
z_pF$zURMGEWQ?Z)57Qb5Z_j?bKE9}{z297WzpZv#2lo9P=y8)?wBRwys%hS>*UdP~
zLbS#}tJIjkZrv_oJe%^80Vj%N0>iH><5z$c=TLN|0_s!+y$YL<rus$gGqYAqgacK;
zMkZfQB{`uMl3(z0+#*s@@5o6qV!iWw`lJ#mm6)>2?LJCEx{%61uQtFkpSMc#MT)=x
zrwoN9{wZFSCZYo0HKX!+gjlsC$l;u13BQ0&Vz*L}8?^XAa4RL8idR7qSIm!58TOxl
zZZ{QlS||r*>(*k2wtTHrBDB@wSg>_HFY<dqp3Os1s%`bLrp;wr^R`pzWl2|BMi&fj
z(BfY*s0j7Yp`466^|`s*1(<U3!=9smgBF+CN6VNLmZ^gp_peA7=xUMJsj(*XORT$g
zUEg7frWvG>JEr;T9_zb#%yNkGL?K;&et>Z-4Vt_y2YI<*q6^j`(*%3jIWAxpP8&ZX
zl)@O_YG?(jMUmjflxauS2e@@kYm<rQ4G8(_H2>)?)}*ZQtgp9(f0_kM1wIy{Yt2c`
zlnhkKsxGz}n7gm|!N~|B9bk%L-2lqF=zyX*;Yi7`ML4|<4aw@4vi3QN%!vV`hWJK$
zygu<jMP#m93!>EjzP^%We6(K}p*{C%Cbo+AmI~B*Yu#Mv5ZwM#=a!`~iiNNr6cH<N
zDy>XdK(kmL&u!_y*j&3*b(}3_`Ezn?N}uV%m!fP<IG7q~(6n<2lZecJ$l}->^a~8+
zr(hz!m0Zv&b$dEC8VK)5c%x(cm0OpN9d-c0a_d&zda{!GkO)&0a_c<ij;knhB8v!O
zl|nUZkAwvVW0*vDIO4PSGH|Tpp_!jKN@cuEA}<uE5VY=Et_9&cevQX1mB(Y+!N;=H
ziy5BIu0klzZXpb3epV+61x%C*a4L&AnAF1P>k=En_!6lpy^xwGcSl!eZ>me=L7g1u
z(+Y@=iaBwxK9{$Y`U+5LBQ)LK?gi=w)7T+b*>Y|D<~H~1+uZNcroVoN!7eAeD$Ap{
zdx0qu7-JQu@k+L=CiPOKuvfWM)2K(mQXa_!^1b~}`+GksCv7hgn=;0Y-04jnfM(*c
zkAO46_z#$(I~d2_m;RMS7!M}8guAGGReS9N5t5k>a&_A~9V|(|&x6xL&S5wM<8&f5
zZ9@W{<9QlObuUwPp(H{V#Q2>$ILk3mei&M3fRpK#3>+w1@rOJ!D0IEh6urO960v8T
z$f_rZD@!G3G^r{QDDXjK3V9U^D(0}Z$e~4A4W;YxCfxAs933)?C=~sT>1ckx2V<N>
z&OJkJy-<vruN@Wb@AtPjiDU{ejiP@*i-Z{!T~hH$E1e_PWKw)qBV!7-tdUyqf_(DO
z2_KSNII$X%%OYU`Nwj!UG+L?MeakDakD1oq4@$x%`mIA6nEFCa0vCIkS4<NO0v$%O
z$><dfj6Lhw1zSUBa_d=Kio0W>aqliAn&qsaKT>$COpZaI7nzqUgMl<-(-fXJ6v(%-
zxhdlHwU%pANk3X7Q0y{~X)gsQBTy(d>F>1%$dc%&@l$-t4zO>Qh6-mY1MADFXqyQO
zlAqgsZZV$oHSEMT!Kv3Ct$PpOSus#@+w)G%cIvhZ-aiO7waL9Dr6k`CeXWQ>7kL@)
z2}GW_G@QUk%oU)bh6XBrUrL+K9%NJ>C#R73t#C7p!z6++Ni^OO<S>QY1YeEEaz|+=
zUK=PF%!{zD##y1P=y9-^`vbUkZ7vU(<F?r$+D?~HJFTsUA&QaF<vIvhUm9?*O5FpE
zh|v?wQpm%Zi$%m}5a}=VSXkBXfrK{UyCx}#$+UDBHHLs(f2~KR1g1&oZA5Mkr!l$(
z1F0jq!oQb^QhpA&!VdrLQmFbm%<DF?&YFg2kj<`8Su)h^ijM(9DDpLHYIb7SOxfTc
z8BZa1)aAFpxDh#xl`D2K8DqDhx@VQlNo^}mi?^Y^uvLuClLE#EqNnO(_Z;Er>;$ur
z+#<RdG>~YiXjxu2x{_V(0T-EqE`gSyv`9GsK$;4XfuadTY}PYsf2B1Irc>yC10+o;
znUq4qidRm*+(OPKCO<hxEVmM@8giLR6_G^MNV^*q7hzDVy(r?TR=QJD%|X$v?(JX+
zjJKyHFqJNsVD#vFOr}>d{DY8NRAVuj1}Y?k6oE>-(=Og=4aa2qK|2WL;AJK_7py7s
z2jHZ^{L#PeZeBAm(3VDL7q@%bV9A{BU$a1eRC=tGL{){|&1*KSg18SF`;BPqcR^#n
z6B>msM%gE-#4lyRTH7wFG!3#%W1A(|lv7iuaxmWywXNX`of_eV6=<8i5Hl(@P20d^
zOdLw*a_K%km+24n<Yo*32z30$|JEM68t8uy26Y|L=roRjYw@9~>pKPi>uwgF&Lx<)
zdS|R|UbAz=?+Cro%I~@lUd#mbB&w80w_XdP6Wz#oWF}<4YLy}wS<%bN!OKW8`2ol1
zeT@Z*15m7xnl_6VXhsjJLW&%M+nwRgOYI~o)AZ=H)NZvy6$DXQoH}hj0YC<4%exTV
z%}^4^EIXCn%n0KG+6kskheofoEw6+dW5z3Ll9DxxfF{~FPOy&b);g4>;(ii(Zikb1
zhhWQjukR|&XkMc@wi26gl1F)xU{(A&SQ8)bp~g_z-pV{atZc_1y|&DkQbw=@2V(E2
zSVW0BF_}s`r_SV_CC*R@;Q6Zx^rCPh{AH2>=dI_q$XtG^E;*;B|FWSw9!48jiie~o
zMr#m#k&rxf8&R>f<0@RaCJenF%FKfDeUL)#9vVw^TKVkr3a7TzGB_!stZ#wmMq62H
z2EA4DUD+U%<Gt%m!&V<v0wTo>l}xL3o*`5Gg>qkX!a`XI9Axe?ZR9RPxFx6)3bkh7
z6_vX)TJ?&tGEKPkT7wjsYIi7(e@@6<Qkbb!lTTFg!x}3t6vx4hsO?zDlof+rs#M3P
zxU#Am;<%iTmTheoT?`o5A_-@dB=~pq^J^w*n|na(i`wv|gM@ROt=8>%oK@1pQ5Iod
z&4~oX>#7Q^RHuW>h`u2+nK6!1e1+&OlGk9$m_Y0phyU1pxi=`Caa6ePB4veT-R%X}
z?VvNu#^V^3^MPpJm7nBCFulAuHcq6LTY;+T(!2}J*{Gg^U(V0|H;Bj_;smJ6G3k7w
zTakT}@jz837r=>VOo23JSQT!lTU4KY46%9~QB}Y|hRyuX3}v=r>M3}eO(uu}hJP<&
z7tExejg74gFs<S|o6wIc4CgQpIZ;kE^CFLvGPas1B2qYMk~GZU1bVWdH5Rg=Kz^z!
z&CC=yo$Ga6bH+!F#xYD`h<V|BWnP#O(mmot<-3(*lW;R6Wz<#aAk;u=@pl{VCdKIb
zCT~)Su#M+ikzq*BXDP+d;lb!&G}s#Exvn&I_RcM&`)x9TDKMpcGbNO*R5N-0C{WEG
zWiZY?e}>=+A@E<Le@i-rw-Cp$oI=XUSvSRemW_uYnd{u?+X|EIaZJYBbI3TN+b1N<
z<|t7%(Ax&qJgW5V(34E6X)*x#{CQa8fubRk6eTwJX1E_xl$h!2Ln;(SFyz*E%W&H%
zlH+e@el>n|devxPg0!XE7M5W)bbr)G?VTOfxs$qWipeUsr9SDPO=9`ULcd(TlZmPq
zAcd3zoPbG8?yAj;!a+u3S=KkKR?EYT#{Vf{mUwwHDj7o*;ABGDuwaOaVy##(M9&1c
zdIxe(tr>z5qO4b8Wh`uZd8uYo9C2j73`7|+IwEqR%dk5-K(#u@c{-{qDof^umC}My
zk#()nFrfp`2qlY7z3kOJ0kvoE3Pieeu4k8T;N%9jlI+j2)X~KmxIt};M?w^`*bQo0
zJF?girdVvOo$N^(yCe206Ewu^r1F(K_6KwLNyQGHkG*@TEIJfL-@{Kr9(X@?*K-Zb
zF${0A)XREZm~U0V_T{OoF|nP5?tb9Gp-$R!p@^bo$*&3y#nBwHn=ar`9KDC^rZ%aJ
z3tBEuu{7F2%c9bx(SUx@2wJR-ZjeRE2EZK&Y^VcKdnZP$hnP%FHd8%0+xoSBYksof
z0?y+;=2N-Ysic1`sO19ZQ37BTVX<ssY|?|Y93OIFZf|#QZ?I*FW2%Vv-boLLgGD=C
z^O$)D&18G$v2~`-zw(#`A=1=-2)1t_-H!3tNMk%^Mj}(a8-|p-wF_U!_R2SCQEEEI
zLK+XD1i>0%<Ygret|r0TS8pVnMjA{hnjm_X-tIeK)oY!3s5U@Oi*nB#6K`<(OCq%$
z$1<ns*$FdRD|67i!D*1GGC`=)rQ*m-BR*(L8xQKyGd?swAQT}gJ!y(HP<s|IPAE!C
z#;hc{N_nRBv@(>j1Pr7<&rsUeF>T4NJzZ1*kHb$rhP^}X)PzUFDV!hX8Ono{khtQd
zB#V6h44#R<Iy*|hxlYb~P9pS+jP7)q=R*>oo$w?&{1cTKc{(QfuWh0wOh5Wfcg5}Y
zmS@zQykE9AVu_PVT=JBt2JQtRarF{d!Px#DIF*L}Iy$G83~_q9Gu+vGVX|x~g$Kkj
zgA)WGC0P>5A_w66Z4g*Z$=G!RiD|DkU&ve1E;ZynC@3C5V_@Q(G3{|y7vCN)m5$BS
zi3rs;gz!<-)-*OGgphXajYS>%_oj~hC8%Tn3s6V7&35Y8Uy?fZ`%%aKGSsoZ1a<6p
zppMcOS+JUU7ISPd8Z`#b#0v%v->7{hf3MDR^6LxmjHM_PW&B9Oj1!sO7^#>-7bH5n
zxR7wIX?_Mdr=^z4^r{*fh{ZGT)O`bBnu-qU-+4I9d_}Xvzq0{&p3B1$pkku(v)TB2
zfGws;g68Ck%h<ja=((O27kX{ng`$`HeS5jz+{^tXd%54<%l&S>)bvy|rhey*{hhrL
z4anD~2mdk9IBjit7N;kkSW2P*r;?U!$E_Cw(_9Y`A*W(<mwR+^CSyas%_!q?u_;?E
z84FU14KT&QSbS|*xb@IFGWI55|9NrcMe4V5g6UQ$9izdeSco;UmY$RpOHoOM$aH;~
z?ZO=$=VUaWCZ|Zb5_NQ-+%K{{a;5`U3&h$IN=bp*|J{Y`4ffk~jCI-p1BybD2vU{u
z;<d{1X~HGCk&f~fohpIO3|bR@(dkuVV;ybf9DsB9Nf}O^>RA0ge9H+QYSHsS>u@uB
z%TelHyNfqYJK{y1ZC7=QMCrn|PlFaO{Si<#@M`eWR$5RE2{vpuQjsTQ1LbHK9f1o*
zYy+?8xFqnoQfKuC9=fnYALy{Z2Y*PTe?iPmyaXi_(I~ism^)DxI-I;pu==>?{`{Jm
zpte^r4qd~Do7b$cA7OFX>#PPsAEN_h7^^SVrQhE<oEI0-$J+D^<w<8%oJ$$)zKGg5
z)HXxLxkLHuR$}Gfyw2l0=S}r+71x$^Fpin;U5x<&7vg*<FBS;7QTjTad{!o5ODUOB
zIJYxQn+&l6s%vBAX|1C%_byBlk|oNavJTgGyTB>t_$4@BN?r+m;FUN&4G76V&~7lR
za+`q)7VQMI>ITjiP^dFfmncDZCkRF{HV$eP%%~_6M7mHrW-iQoqQ~h%dt}rh$LYd$
z{pbv@2C>hT7zPEzltf4MlvYrakXf53suqrelMhf$SU3;JB0OAoCNQ2ByX^Cd0j~IJ
zkQv%uqGuOd4JA``U@qi+tps@c<AuzuqZ@ny#u*0*aTh7LLll`JLvSHy(L_Qe3Cd0F
z-N_#G>}-cFD(uJ8G@p<l9+&-No9Zt&4NXJpLCNb|;jP;kw!^A<tXv*0Vwm`SmPPy8
zFCs`qDJwp-_{LC35odD8(k>7#ZcYojbRJGY<$m$SacRS$Jwi)5=ULU;%!VsU*xqXO
zu|RF|XDG}l<_pm=^ob8sif?g@a%0Yvl5ir99NRO(__p}jB_q7dBSs0~man7u>5gYQ
z8H$(v1Qm4;qQXyH7A@%OkxC=#{m_)|xJ?VxZey6dU8In)_Dc`+DUET6dA!IoUW@7g
zN8gFfTl_6U;*KS}$|zV(wO(KN#YZK7)k~0CLs1qYyN5i_Wz1`t<r;FFOi$foizTe`
zqEKBbhk9`R=z)bit#RTMpIp=2kk_8gTKXR)OdS}1Nd&X}kX+3&9+A7mO5-FxfRpnp
z6Zc)-TLF@QDTN`LWHDg6(h~rpgqh=NCTj*H3Cwqab$-`X*K$`aNs<r_xiLo8iW2=Y
zw_&b}@$)*rn=NZ`ZeFuv`6XAY41be$7shbZm<0c93R;?-+`T{puj;Kl;ANqv2Hxrd
z75i>`%gPl`49T!|*HEUFbEJa2jMC{B#kTYnK`t5`%aH^!OP(L{d-zEifeR!=*;?S>
z4bYk3tQifeijjH%+M7wdb#4*4{9LCw+WubJ{mL}Ws-$Sm9UjbVCTG?Vp`e0;wj$QI
zDW5A|1^!Wznp*WdSH2>(7wCQfTNVWMv=5h-^BCeiM$0!58WZi{r+gwSurUiVx%VsE
zkuKr7^9Hg+`&e9%NXIT7QX~^6s&?`MQm)crko}6fMxds~6%vS6Ro1yU)7Ic%)Yvn@
z)ualc;d(GHquKj4g$YX`MTzYf@iZsQJX7WraRyR~LKLASM2g!gWrW@ucmb;FOJUj_
zdYko}#;gGO&51Y+=aQR*>>4M)!bN)&B{FNj<7ULVcET{llk+RtiPMgKNZgy+79*B?
zh;(EzoJ<kbdM|T)%F)#h6R|Ahja=FUt{vA3lqg}B=vNeSlQrx(-}pG0{3f<u@gJ3C
z@&sf-SW5_gfUStN(DO;cj>+64%^bK0>NysFhDD(!I(5M<F>FRsdk;UIr5A|)L>M>u
zEN#TJ3^|9N<aHOKD&SmM&DRdMKZ-bt(Q%$<^+zFB**X`4qbL>>`B(!ffcaD}9RT-7
zat=S8pb4TBMFq$c6r=ot$KWZ3Fw#YBd?QuZk7^_MC9uWGHIGYp;UwTZu4!LY=-*OG
z(J>5XC3;FJ3aUYItCf~%k9=BKDGu`n1yia-=<rlqvPr`v-iwKf;lkH^&U6$B#HE0$
zEdc8f>u`{fe&*+dUm_SSq#X1!GR{=;TaXa0T*#Fm6qL=&y%6dHP0taV1u)~Y!r8<P
zF+D>G*GXah+QkAwjiXr!$ZtMhGaHOd%24Dz!-#c+tSc7&uwJ(|yQy-rx(>HUr8fO3
z?JB1{x6(Z08H|T4#pTp<1!}5H#RbSyL|Gt9E1}Y&@i$wJZexR#D5-=sS}^DUQ1wGr
zy7IbLdXU!awC^3B9{~-lRwU^-6UzMAm~wkZMiueegLjAQ7g0O4H?Ut1JGQP37KXXv
z^v^$s>^3}nJ$k(}DD%!546N<XCn7dAUsQFjaVta@iG8gv(TPg!M8{G*nFx_QV?0of
z#hsgwl}?m1axEKG+s3EKBuKKkY6nHZjHE2U$+SW%D7htz;it*uJeyyu!atFey*p64
zq%&2e6s@bi3DmoV)7l1n3)2Pat~Sq6)PNG3Cq=(yh;b$b(Si~@VCV4Dr7nDdXdye*
zLAC`l%_jn;knuye#4%mI0e2~*>M>{lD~joXXaM>IfIKRQtmnxlso;5b*s4ld6pYDq
znC78C6wsJVJs|Uv{S^7ihE%4V9~6U!qGO$aUJE7GOb8)ae{_}n1*oA9QXOJX!RaSX
zp^mJhRQF6e_asvQ=@@eg=|ap`im1%e;$&9T^@dNLg0~BhW=i>hIe=W263uA8zGD;i
z=mo(1I|g9P2uMx7drknkMU>(Q0rUwo38!dvSeYP!wE~&nRC4lv;5_yg`2!?45h4rN
z^-YcbI|u@wy406~&i5_M(Sa%cC!*@Kdb{)F1}D*BF#u2Ih{FhSc=!YWb!K$3*y*>{
z^_$LHJ<KoKL?Z@*YW5KPA&@tL=^F6+1L&dHD-FfpHqXi)<Fke4X$(1H+xhj=Em>@<
znV7>=I_53g#%MGe?eFc$e@CNH`QOq0?#|zK_6|n7FL(D3_V@la+8vEXul@!`tL>`)
z$ry+9Z=-v+RqotZ@_5*YyZJbmEh$Bl7*A)s$Sx&Vli)|aS&2<(+7GlNLs3Gij8o_0
ztgp(7@R-(%!`#5!uwRSW?p2QG3Rm&sIZtEoeE0*75gYy(lQ9@b$H$tLvOOk*GfrWu
zJ2m{3kz}wnJYt&154Xx}{tGg<=Jg*zG$#o|`~lbh?#t26US<97?rzrqI-Unv|1eG2
zcFqJ&BoSR9-ogYP(dq{vhGP`#YB#T00MoRBEf5`*k@aYTxDaB<b_yvE$i$SbDdp|F
zcT8A{!b5pE8KaOBsxXq_HQre$)+1RnSjt)Tic`qZRI5GRciti66wg~m&ae`VsWs(t
zEXs4@P3$Q!q$G|%Wc-3exf7Upo&uDxj3SVV52BEc^k*2b?nZG<twUyFvhCS&=7LYp
zP<X?#xubVd{zl;0@LKn0_!cr1F=EgpBn`IYK(QIzeYMZBxqF^0`fGVTSwmniHZ=@w
zW?xQqhUT~8xI9lGMPTrM?+jm#hNFSyJQWT99?3VVC>S1FF^7gfXJe#S@lgM}HGB_$
zCA3!soDjO@PTCdXVjX~^G(DnoLce3;)Fd`iaikh#i5$fQMS~%@o*{56#y}m(Ftez}
z0vW;tj1icV2v0DI0AwI0$yA0BV&Enrci?V@!<lJFrpI3>`;R=%l?4wcId;Q>cu2w_
zP7oc!G==h;nUUcbaadZ|Henn(-D;bB&nwTe)dsl^n=2}Kc-!m7c4CKxG;z8b_GCVF
zW^vuQX7ea0=6BBlFwE846rRH=y2#@AN*Rw9aLQi}d*D!+0&Ugv^J@lf)dB)BxkD82
z8BBm$z#t;YcO0-RmFjvvLtp?ksa`1J9;i5SFTnTPWzc+<F>r?z;mZhw(!Cn<VY%=l
z<{$#SXCJ}g8;}Wkv`P?HE}!%aQ1cx4$*c@DuTo;m_acFu$K;e0G_5sBe(oKK+2X{P
zL0Ky)Uix;SoQyB3A<(U=!!$2q*AB^i4wI<pcmTFDMz_Z}araqi`Gjb(`stL}wZ02N
z6+(t)rslTVSiL8y@0_Z^7%~*#2#mff?}gGbEx)8i<7{fBL@t|qh|gefi|ClhtZAi+
z`h%(n1`@picn(+^V=kTc-JFkB9kAulu|zs1(;!B-C<dIu5V@!u6Qu{le-e|sm7p(+
zdeE=0fs+aOu4&`T%TEZML+)2$>u-PlS()`F#dxU!`JrAzUIyN6gO<wNBRXx`no2@+
z^A-(&TtHcRLCF{$TBegT&eI<eKXj}qWguYJgWC%K@&}L?4|D+rJG%$N(Qq`}8Gymz
z;m*LvA;hBtcIoV$?x*q<vl;?bv@qr<9v04!U~4~JUtd@sCJ@INMb|Tm*o?%H2c|s+
z!*Y4I8D%<jReMY0fN~1Ea99?Gh%pPR9qTJjFvl>KHXeCfukr#hzC{UQ?5{g%ZNu!0
z!1CkVfi~Qhnu&uu_muXGQ3NCWZBLmy1P?lArKXmhG?d)hqJ$Efetv!R@%+Qd>BsY<
z_oo&Zd8GV-lDRvRQf|IPlf#l#dP$+}ew39i<dn(qCJBkqIh>;kGRJ4{&VG6SQQ~y;
z{`BhN=y(k{8LdlU<x#g!-n?d4%D?+3!nnIn>f!w5?dj$D>GkQ=$E(xJf1Vwme*Edf
z)pfZOWseXWYA+Q?6-JrF8!)^0aM=~Js@Y&8W_5f0X>z-|t-huqid0@cXBFlzZ6axI
zerMEe3T$m~YHS<lh|f^wNh_hwO4R}uT*1Lub)~8Uf{w>+^&&qIT~yN1m9f$GYsOl?
z7OAwtCQVN2hk~C{!bwQtLvVe3(J0^59VKgo+HM*_fq;3hGCP&vmIZZz$UB^5pLFs#
zm-p0AW*HY3M0sDTIUDcn`U;jt2{_TwUF2XCErqQOQ5ETm@m?p40f;C`%S=1~NAKR1
zC&R6pJ7tpOJz`9p)Abqs2N=g=7~WiycVx;wB&U>;;%t3O;%u%GiPbJQWmIP`x4FqN
zby#x{uT~NJ_XnA?Ub?~6GzBTg6Bzbu%vY&s&LL#Cwfqjbb5rdte6Bhh!;BL-!ahc4
zFdC<mU=Gu|j<W^Zp0Mq4I;j+(B!yEQtwU^{*W}o6!#2+CMo+i)C;>;btO&!0uV8_N
z|A+@=QDAQ6BJ&QNC}e)QWz0C1`{--W9)Y6Sx;pn#r_0g#r?qJAtx@-KY-8c2wR~>r
zvNf2uM$!C!gCbG885&-36yL#xA;FYlB6(j7nGA&B)gU^h2H?5$ntxW=_DZ0@K&LpB
zKA9oK9EUIu5((tiB4w_lFcialUiLq7Kbv-{jz{7V>raxzl~d`O+@Pcb(7bv9(c-q2
zH&OjLsj++kRtOl{&D7y4UJ}V&$BX*;D-Q~u;$5}c(8)F}N7SU4?m_xpTN4y<rSGnb
z!uH#TXq6L_ncbQX>t$`5_40b9X|>l@RQCQ&cBVP7Eeog<|G;)7l9m!fnk6RVqqF}G
z>@)EqMTg)7Q#po<4^)Lu^&(T<QSXON4sTh6N;`F)Xw*ih$w<sRPeDRBI+Pb;vD7F`
z!S9F?Fh?+9>gqVj=3_(wW&kIEgdE0zqLd<LvJ)Melq~tZnAL)o``=4<)6w2&WPQUN
z%}au40Hg<&_u`@?1*+k0F8LH(6L5o2suBT%G2(X!C5F#4unn?wN@0{+J9rLotujlG
zR%9r)aXJB(Y*Q=p)DxLs{%NKl@6zur@ifUh_4ta?=Br<>F<-A2X-S4sy|N)x%Xs_N
zh0j^?ON~^~DmiTIs=w){+5Xd{Z@iE7XRH19?r3l1+JEjG>>V6z>_6A>+}r+hC3-@y
z@wk@nS7|k>!rMHrTG?4>X_|kpa%omO+RfOs)}F7mCBvnyf|zWxkiygsf>$n3xg@%u
zDzn+2zKiv3FLT?K*xuII%yct1!$c=y*_O@8(aWuGwb$C&#UVIXsiM`ker(=XEOhJe
z&NbonI`9?GWI;|Pb+pQju2kSI78{x1n|V6z|4^w=mK6h9_WzyH{(i~-V`sGga<l)h
z<5}7M@7K1etQ&1xysqTg>6g$E_LT-&)P>fzwv4+;x1F+WudJL1E1=u4U#_XmN%61!
zbmIRyulxh?|J{R^75=}oyW#(9c^<*}Z;A6!+2K$VC{CuskWfUJOiy3lW;CGQ2g;84
z<+W_lyk`5ck2ouKBCK;}sKq;WTxojm4(=}6*4WpwpZ4j;y?54oJ9*}$cU6TTDNp?l
znj|6<`ca=wQ_s0jo|C-^rCLS{d%~hAm3u;{?qYF8sxJxbR(sD6MUt#>Qdr_!ue!Jc
z-=9WQ2QI6aR6Z<$k2<{<<PjL+=qIPu?f-6q?)yamX^a2ys&f7tz1-c~?EmX{Jo|rh
za`)y^`W90i`|{`?zAd{`jF8#{_T}~rjPv|XuTNwmC;j{(_(QHX@$wxJYqJLy9Lb~z
zdKG^K5sd2Aze&>vQyhdbWb6Ug|K7_{dHwJ1Y~=s7JSAf!J?%#qXZeD+vl=*_yGIvi
zdNs4*PmqCut~^YX(UXwIZ(d7L^>$}lr*qVXWhI4BQ%%h#?E1A5e4(&cX?tQsm91H!
z-8Y0?l&~@t6@Pu{d0E#}xBhjY%6qT<zjayv<^6x>K)l+l|1~_N^{=P>IA0tN8?cvb
z!&21|OIwy|#SpUEwmC)nkAu3rqEPo}j9H-TDgw6dO^YR7<rRlkteAWO`1r(^p0(9I
zZR>v(79cI_|K+QlmzDTmJDd1_Yk4}a|Nd4QwsUL+tf8x<m%#2S&MJ%5F^_2NnL(jm
z|JAi>M>SbHynZ3fdVy=Qzc8GzVw^DJJhf~RUXN-_2@(>aiZ5L~UO17SSTes;;oNCA
zYFk3=?Y&%0v%W?P^UT)jJh$8IPFe&;Z*{UxxgBaEF2C-GK@B(`t+gZtYM_}oCL!eL
zoz<2ZGG>B-G#2XEnMN4(9qTtrCc~=xZi(SGfIhoXn7u5~WJmM~KM%qbmtu7`CtV5C
z`?^?OHfAz(R{(TA1*AD2P7lFg=O4R6>%W1^92H;s$3On@kH@Lh>G9Obe}c8*1oKsd
zfNhrlc6N3~2W9zh?_i_<S<6#er)JvAm#yVUuD)omwb!cBD^NgPKEi8`*MkLlwXfA|
zgjaMwTY&6**;j{A{op*hpss#2R~*FBYizv<oBB0{P0h*s9x+qPu}te1boWKwYhiaH
z{7u}_P2AElO{_F@X%k?}9sePtmlj9)>f-1TzBKPiZ3NTi7^ZIhnlPpS#CU?jMHr)M
z2pOMXMA0px{1T}<-;5$b2r;U}U`r{w;?>|U=u@$Di>DGywRi%MFqGH<RPAp;pzJ{2
zl!Jkp&ob0O%{T9B8NhW6+00)l^uGSX^Hvj+oje0^lRG0nUZfN;PST-hQHM^?Q)7(E
zW9r!kN-^M?7KATcSHFl^H5fbvSJy|E*S}nRygI%-ySN5e?wNpv6sH`}ECD1@Ioor8
z?;$uR5psa!-%^}R%{CoojFUP39YtcJmAkqEEB5>RhjMSfB{wK?KxRyU(ggGZFaof|
zhbdr4`aFNf%w>)=15v>-3S&kI!+~m56hcERYH>nh_J2LGi9)decW9jH)X~|>#M6ar
zbP!J;*_2~5)f0p_tXfTAwN^se?La8?sIWRt4VnXltpu%QqfNCgwz|kVb%Cnt<88Gq
z!-fOnn!=sr4c;T-Nss6w_3f`C_K6H-aCYK^wW$ktvy#9=g;di&_E2djFMG=PR32vC
z^$J>4P{3;A78Rsi4PDfOF8r|~N>OY!p(DPrr&a&E0vFJh`~RJt-B)G*pI0wO8~yJ(
z9*_NRg&}t4ob4qa&>ysc{jSO-)T@PFQbpZSz1_f+m-Y=^VQZV+;46RX_&-U7yh!Nw
z#~F%KMA?w1%Nl^S*?*0y_Fp>(I~)GLjz_H82u*NOh~j4Ihha>zXpkF#Ka;<~;TtfR
zq6ASK4jkj~+$#z@Mx$B>sw%$$19-=ZdM4S8sSJP5C~B@QN;Ck7@fePwEZz*qDrkXA
zqH=%BpPn=gnN&5N;3;DAykHHU^+gO}o}kCAI?R|UR5+2!5X)OuQi)ut{r~)(75dT=
zBt1t8+7=k}nJgRGb>Ir`m<P|!#IbgC1tMJ#ZXw3C<89&NL*FKT8#m7q*#7>>CE^)P
zOoDyWlv2q*kvBB0E5%EbC8YCo`=)4qqf_6}N*y^fRYq3ULX=tG5Y#N++KLqhkb@}D
z4*t&m&JM-@YCAwtN*LyZE)2Fc1z9$k;7@g5Ih;1nr2Y4o-ikKQ7kFCbKOOpvl6Yw+
zfEN3&mk0Z0`>&myolX45wLG5lf6hbN&i@6s^q%VJ7=}Zb@fo4`cX`UJcnazGd6y(^
z2=i!~@tHp5C_JQHSc{<u&0?esNmKkIC0VMiL<fT>rOTv1Carz~z%8O<{bq`|{5Qr-
z{c#6*I5T^qo97V>BFw~`7z^X$%aZ{pc2L^@s#?-2_}n|+Su%$SoTBK0ME??4AUf1R
zpuzJ5c?1++4HN6Z#KZps;Dqn*ZGjQk0$MHq6mX&x;!vvV;{}LNj5q@S6%va65Ci`2
zC}AqeHzR=0AP0~ll?)LlQvqO%)Xn5mps@hs1voa=JAnrI#IK_${pl)x@(wDSlXDWG
zYlsuhswEiW;<LW_xZ;p!3_Q=}gBfHenYwxLZ1yJR#*fEmder0qbt0vNsIcD_EqQ3@
z!MfN5%{sxZ(xfJe>)gmkUY2wD(dulqL!EKe;2GjTfBPlLt=W_~4M<{gZ5C~AGYR5}
z!yl|6Ps<}+8I%aKP{^YT&Hbt~nMYoUaaf+x8urkELgX4t5uFe^2k+j3vkT+4fk`3*
zxxfAKLe|xMJ@2c7fU+O8`r5T=nN?qu72pvCAxRPxa(s*VBKP)@>R09=&w59+23K|C
zN5qtUTkWK+Xi)hK0Zw7UVl}2@0w6d(zfjyt+eI<(Ki5P8{U1>mb5_i^Gx{zm^w}it
zJ8XK?LKAM^nRLxWyU}{?kyj;h^+_9=q$I{6)_qoAw48Z|BUCMv55-fUk^;!hBakW%
z$WbIlok=0)SpGGkWDYKLeKj4@itszGrh<Lf+T&0RU#M+oCGSv0lx2_NE7Hyul^VB(
zst>L89lBz%wvV7^VLt`G6y0eaOjUVU>X#m{{{3*NU%eA3b7@!U;&@#wwkf1zI7OhC
z7cu-S3ui?$WrDr;m^a|X7D+gxB*DL<?zk;IXr9g9PrS{XqN7+MS}Q~nbMfO$hZ3{I
zR$K196x4mf*OI+%+Li7>eR0ln&4*jEP)42h>+v*A5u)A?FuFyQV}|C)CFk)p6{r`L
zmYp^)1Fm!$rWk$VC{dwU>ZA;1NoZb5wH%hmqgwpBvaXf3pAU*Dna8g)qZ<<#jkQ}Q
zPE$f+HniuxG<7(c8a`N8Omj{>UroSTintU}SIVM|_98}==`U*We4BvV%9i#AZ*e3g
z2`w%(mo#gt`Kw%UHAPxb7vx0~7z?Du^!rN{+}itD$i6W}kxVeu*r6`NBY9Kpm&SR(
z5uM8A<41EBCJD)sP!dri4k?MM3!pzw^eiZEBTb8@m3)_xz#Flz!7y*cVrDBD67N2w
zIPz2Q1EFPg6`)y?;A9GL0)9FIa}uH9lc!If>a7zrlmis~mSL(~uRzA6N7tps^BoCq
z<niqtf)S$N)QG81^UPiIEao_kkp-G@(HAy+@>KeXr4&sNr6>Y-a3P>aL@HHgm`Uq(
zB3pfjAVbV)7&3q&afsnWf0k;Q7%}$bsq|wYiIg2D=nhdp#=oMF=jP^`X4Gth0gPh}
zWH9th5+O9wcFDE7inQcu-@^2+((09NyS<k2sYE=gVxs|S!NLwuwCuUQPotVbozsf`
zXih9rc`Aq-80rRR7ent3T(4~LA0aEK*9LW~c0m^{Mk;@$e(;!4l5zcM#(8S}oYFM3
zeoD$lNr<Kt8nG;Y=Q~q&pNyq@WFOW{$Lx1SkDQWu$LzQHSaeg@v{-2Mx&ImCBock@
zdkxfP|2f((+yCtDz1+lqUCZ-m?tk7Y;`)lOfk=!l(L@wCY@=Zeo&Zq20;}sW%hWb{
z_#^;cL)i}IvBlwjDf8Hkb?0C6Y32VBWV11WG-6A~0&n5}ySo+p|K0ta-3|X=$5VHY
zR!qAs<4IE}6%^v|4KV(hF&P^N&3fwD{$A!b&abOg>fUE5<g*tF=CKN&EkWx>Op`en
z>G5^=22eCbpDs}v!w?<CF&I4m|AyahZ#^G=zxCh$EgO0^P{6_9+2`Fq2aN%{T0)SQ
zn*RfEnk6CFf2p13u9OYdAQ<@g>9eM>_2mqC)+P2~DHBAO5H!{X+BN=#rjEugNURFy
zfNq85$Qawj_8Rg#80-vmTst&RdFOgtTV-dwiVK6fL~Dd+OBU6FJ$ybow{ma)j}B<w
z$Kk`Qlj;ij^G~@1HTf4_+-gDo0XX?zj3o628DE+yenU_D{*Tg_EaqtW^p7q3|L(!g
zt4jWlgO?lskF`8?`+q~SEfeoe$Aru2qtnrC$@p&%f50o{|8+LY`);FMH)a#p=_$BE
z2t*`gfF$y)ho}>L$fKCW36NpI(wph_&1<%;gEE<ahf^W}PY4BbLJ^1%hd7qk`V^%x
z4xt;k)iTynU)7McMy+ca$NG_c3Q)o_iVCf`)?bnYFq}+dZ4!3#ni(ZBdjZA^9pQwM
zI2QlvN|JQu@RMcY^=4-@`nwpU5HchiBojaqWI8W3Ac<6aOH(Bk+b05-NGms(j-WSG
zmH7<OJIoM(iD`9?r!x+why%v6@CHPg3|qx#C>QNYIK9#+k@;BbxfSYsrcjiD@;E*+
zAuLQ>HgqfH<bpLzQ<PlmU)(I1sUu4L&cx=N$cu<v?h*Zdj(+nPcjmRlhJD2;PNrKz
z2HTS5tG1v{pg|Qad2p#FM%kK}pbX3jMo8@<hKlC!(^W>N$WM}`rW^=EQ?(Fq+)+OS
zf)wN@75v%3(Xfb^wXz~#v_*E$IE$ZG5OmRNaY^F%L&h&i<OE{Lmz}h;6@|dv3?(2x
z>1*0%d5t3Gx?aS2(Lfsfv25<d_fURG;Mwq6cV_q&GISviW)%=p!qDM-*bMHz+Gp9^
z7x>E)#->S;=}9{2q_y-F^e3NmV!O2@;P*kT=GOOt@+A9j=(V3ZR~%%s99^-Q%{OhC
z-M7uYXWG^Q`AY>~tnK9&iuxC{%z1s>zp_u@(6>UGBK?)T-u#jNDlztgGO9rnZnj5Y
zPMmb=1U(EiD+?k_-)!@FsyW=Yem#e&Q#wN9Z2IQe^W(F3XTQAvcyjvommjw}kg^Qr
zb3~_2q+B1($;(KbD0*fpe|~-S@%+Qd>BsY<_osIBE`iSvl+4{wWHOScz5=nIlFrTj
zC@WpajGtm<N!vql8mJ(n2T9^|^#1hf;^=q{IGJ6y(A3o-CTFi5p*&UL&uHPn>jo_j
zfuxJl2WN39Af*x{6|5e{PV_DB#%OzeI~$?+fZ_a-#0WTBo$2e*zpg$W9Uq@wU48ud
z^#6Q3J8AE*GRF7!*69?yW4^&?YO<l*HpW+{$Cszq7L@g1-PCMH%uh~#IQr$?^~cN8
zAJ0CVuLtegHXCrR7swiY;e8bL?(FT++oO-i?>_u;@^G|fVdEW#PFQrA#5zEVI37cn
zDwy1Bo^M_=eL4LTVca*vKmYRf^z!`l`c$lt%YU97pML!5!&PM{oE^RdwbzlL3ZqE>
z(~8-}hs&;*UDU|-9oB{u*rKf*%f>3|D<;X=iFXbCzrS3be!TkStqQt&_Tk*KdYoRg
zLGIcIjuM#gCakVc&yUWpyW!)5))f<Dk0lK;>e0D8z54LW<?-pqA1^=ra?t^&TDTs>
z+@_A-ot=7nexF4zaPqG9nkKy{t)3TkLaWqluj8#RnDbHx+j^aeM{8i8*iAYhcU+4~
zR`>J6QYBegt&YG6cPqoKE?2dhG_7V7Vtk7d#MlKTV<!~)jPvwIREjz*FmjVwrMG+e
zFco2G20Ob4!_jaw+!=tu;o;7}AI3e;`9DK2=Cj}3Pb%Be?#n%w7{eJ7BmUF%wY_eo
zR|$+yPz)E^1^p20kL)2q6w6bx`nF?#<9Lop#`BLa^KTTv2>)dVs9}6wbs8Q3CJ@IN
zMb|Tm*o?%HUDF@#Iq)570?|<mtPFUo&SEVmYBfh6l6c`i0p*7r9yUs#;(G^VZXw-{
z@p#)R-We6kV^?CsSnR$q0S)TVGak+zP^%Vgz^yIGN>!-J#yZcx)aiQg6(y?UW1(vc
zQ?=0gVr|O<8K0qqW99iioM$|P@sOq1FLN2ZWq|-rQNja8!W+bE(T_0g)S3i#C1KsS
zf69Eyzby(8S-`IbUJoog(IUxU&79;v>+lqX%rCc$nE?fYk`zwW^_Hi-;;Y?kU7e+f
zbUaO)W_mnLd#rcOfX35~oTr~iQx`J-9<q(UHE;3*Z|Z|)#iARUzZVJ(Ne>!Q9^4b1
z<&quL1-JJp*KGdnYS+Y<;=E`n*q(y3BoAUEib*%H7sgd=o-q!_2*_9^G7}Ob@vZXR
zKRLgWWDLk82PWQ2DEbmhe~1!h`l_wYf54RSe_=lRN%ha_RXLVnVXbDM6zE%keFCbd
zMrC4joFN0|DAv9|U{x6eEOEImgMc<H@Fo%HnG2x7+8*2|7eHYL<Ie?9V>DCAfguS_
zdmFx}crMD@U`cd>e8)(Nl2Inur)5cygOZjRQ0Ixe!*LA47_yl{2ElNq%q2{AxYqm|
z_eq11_nDKF#ALd-N(FB|CJE!z3N|EJL0yqU&sO^^%)d+9=K@S1ZCMrib}73Dx>LSQ
zQVg+GO&P9M6Nu<5*lG?DuN97Z+Ae89>qTw14Y$X%e4*?p7Fj%ec9c?1jXbgyjFc0s
zwl30vm?)WBuR(F5>2N&CFO%$fufHkkbP#fpmD`9$jd4O%9;yOYRzkM+@YEAkpg9Xi
zhZ2ui9>1sHcSH%8BbYGdtej-?F`_E}6(AvpF`y`=h@pgQp)w+JjpgYBtroOh)_W46
zLonJK*~eha(cD>2fl^`l&wJ*8F2~e2=*t}W+^M*E&CIT@YzwqCn{g7S+5+tkCfs;%
zU%$KZO;GtvsD9g>Rd3Gi`KdWge%V>_-cxjAP#sROO=sAdK4saXmi9T&D(kZ!aEw0C
zW8<=3i|sN8zNX_|Gy3MM|5#_fUN2JQ>yr(kTBi5xc#m&whqnfPQ&j1QKranK2mL|g
z*snyHpyuI3hB_g1(S^WT52fucBbzi)U)|H{|B;d?!i;8;&yKTbih4VOwE6$<jdm*j
zpPT$o>v@{YX3PHnwvpjUP7`kxO_aSvLo!cEg7j&r0|ZbCA0R_@EDA@Hi)xjP$H{%2
zJdH7H;WL=e+t4+eSNNAr>BWe8y6FXnlcN$a>rE}F2XQ#rY)R&6<^T5y{I8!j|Np&F
z$^U=n;MHiu|JU;L;s0&%U%Ce&u9nc}%A6|?*&+%1lsD&_vbSP~C^X&D4+I(s>j+%h
zT6!YuXobJP{<GT52F0lOBe7XwOq*g<J$VR%^aL#Pd}=1arh*Sod%E>j+H1vfLv$XZ
z`_fGK3qGCp|78Qe>8EA?e>vK%<o_9M;=iru+3f#{2X_uX_brM6%SE<p3Tamv#UjL=
zylC+Uxw~JOyWWBBzC~H2`#SiRM3M(s0OjG^#CY61U*Kt#{}g@RO9Rv*|BViI_sa2~
zM!WkP`EMOho%2gco!{iF<_)Q+q8!w3BgRAM5ozbuo#}@Z{+6LUxLwJQO5M=vXg-5M
zX;8u#Bk8a92N>_~p(J#9u*dnS3p_QHUYPg4W$m#3<sNe%2GDl@xBF_hn*V>Z{@3y>
zcmG%QjO!mtM^LIG=#&}B=5lXE;pDVk^V!8AI46nVx{B2uoA*yFcSd8rGDn=^P#Jn@
z2eW_dD}S%5Pa%hNinNQO;{oa3-t`}pjY#^yPgnjA)fr={ZJ>?+zkFHI|Gj#($^X5U
zXO$|BLRPE`HsgykqxmR!_7NPukqLU+ogXZ&JwP{X2<Py3lE6DQ49Q%otOH1`%!Z}*
zG*@W~30^vUd*gyX&@tR+GTdn>?h}>z0YXK4pm*xVa;<F)4wrhm^8dLO-X4JezuY+(
zmHGevXv6>4@_bqO-)6m<!f-MjhJ+%bczKy2Yaq)U4!UFL%gWFtDZ^^T_h$ZFkA3V!
zx$MnE-HoS1dtcWU)U!kP-i*v4?12Jj=cIa7g`a26)jo=KB%EhxRp&o-+OyApSZ9Ln
zyN*n~@;%&)B!ueT7k)cB!inARGP6gKTmU#J!ed&mx*Y0PLPV+?msMmcAC^E#owo}_
zomEsE4UmONaJPgI+}+(FKyY_=C%Eh27A!b{Ai>=|Fu1$B1oyz;GQIo{yF1T4eWv@I
z?y0K#)xA&11}F3t-vslX89##=aoRGB189XJ>(z+&4}4lnl%VqTKl{A}c0Jz@Q>S(_
zUvE`xXs1Gei_NjPmzMaFe)?-$R$~|k5U^(*rj}~{o>pv?QYOcS#l4uW3}-C)vgM0&
z&7Z{EBqKT1yu{lw@9#N6;`)Oa$QJVa!|C!mgr;~&`jVfTCR$fk((MPVGc(7i6$tG{
z143-yQJOjKmZKd1r1|4dS$2T?`ttKvvWza+y;qg%XyiBJMm75M`mLT+TOw8Q?|T2C
z>+R{=V^3zLjXxKa>>k&!g<YNzs%ry!!&)jq^isKea{WIooA|;$?^-w-Ny$jvVR0KY
z%0Xx&bxH`P@MAP)qxJE3k={_k;C$a6+nDgmlVKQ2WO3|mI5vz=I0k9XM4^Ik8h`P`
zI54dClv09Q;G|91zWT#B_c|9Ia78|g=L9~YQRCob{a}jk#<w-TLE1*@;Y-Ujp07R0
z{0a{4nXuO?{p>Ry8#kwqzd4WYU@dPor$wCSXLU!aJokaz<!^IqEbn*FF>I_O_I?Jv
zT(x+m*6edHaXgls<H+wi$<*6SaTx-1yE*zTugLtA%>jN`4$?nSNN}wR4SQ%7NaisV
z$13Nxtt6Ix3ujw7o4Zj;`{S!|0z`eVg4C+)6}Mwmq8r{r-Mp<NIaRtU<^@T8DA;CF
zvLPU86O?0oC2S;Frue!HsvrfJv0mL^6IzRkvgzmh&5Kg_DOVaS)CN%lQu>F6)^zWC
z9L2U9o5KVreaD6RM{h2FJL)w%!}LDyA=BNmt7+vL$W~GynZrG}AhiB<>!RW{4hmvU
zkOqu}VHXXzK2m=t+}>CAttvh=?hAI}mv?#oqrY{mnGyA=K%+eyfspdb>B{yHz?O7N
zdW-B1;)MXeLepzT9|7s-=d2g7y-)iQK#&B;t+v{6+^{^P%VD+snK=k$dzf5uD++t=
z3LG(;yfdK~wPX2a>Hcl<d}aE+{ZD+;v6vst9V4ypSx$M~E>e?G(9+_mK(pcCza8~2
zdV6}v;5CBxUS(t@#te^zoVE5NBJ>ECtx3VND47J58E`*y`g>-Tq||exX7_R{Z{!32
zSs&Pp%Im&YNzSO3QACE?*9s4g@Ss>*{Bx=Z%Cb>A!Lp`{AL+(;Y|$`**pW=hZLh4}
zK5(N^XEmW&V72d#%HmCGlw-%3G(KQ<n}w;>ayB4#@aSW}9I5ww7}ZHNLL>|Ob6st-
z_P95(c0Eczo7h$)5-?#tuskAzqUV;hNK;il^=>r@zEQ$)R?6x~UKM^77ym5ez@{vZ
zCs)aGf0oHbkENs`Pq*H1wO<e+8e!vl|7IjZJxg-eh&)9fa&R-6Jr`nbnPX?n^FzT9
zC2{rF?1aw@Sks9i@uvkDBl#AB0fB1>mleG2fPD?D(U?R2S1QonF&1s|*6%Pw6?e40
z&+kKnH>_T@8116B@=I?^Th_aTkHB9ky%L~(nO+;tTse5!?P71TKy?t=v>Vxv<mHDB
z-JEh!;03d!sNTk;FVzGv-@p-v4}BB<yr)@GETX0i)fYlYM(on%wb!~o3l>#6^w*{|
zdbTw-5zfGVlf*1JfQ=#v{M=^AxD_R6Y_#qYv|uUCSoy~)YINKZt;Z)8|NAGHLH0IS
zH=&}$0x?1tCQ0&l(il1zQq|Ey!XG7s<X5l^rm%uyE!{rj7;yDjCstUfb8w=-dd;Sx
z4#w`)Qn^PYt7Hb-a{nGLD3()3>I~J`H^@I~L1V{|;c$QcurmUuYE^VuH*WGJ(E9rQ
zdRg_U3z_U6I^QDQtj55GwqZhhG(lPizkg_UX+LXt!hiCS*HD1;&bf;aTHN1r%QNav
z<XJICk<z2hgfr?sgbx-A{7Nalmx=aJ_Bc<MkMIapK`AuDi^T>@(6Qf)b@L3*(ua>~
zp>Tc2yUo-%DT+N<r}Ht&bjQ(otRl!VLv0o|UE6h^ZOe@RJxTL9-B&9$*1n0qDGd(;
z{AgitE`C(M62ZXAgTSb$jQEV1GHAgrEsp@QZ2<)F&oy5F=^CC#(#7kWdVsOZ#u(k*
zKd?tnLDKd5(au4Vq<aKByPLX_4>#b;&CNqYzkyg$lR8r0%w)VOV5!(l5qAJDOJF1N
z*Mca}pO@&gwT_L58!5SQe>K0WlwDKj`D@ts6!i=H)-Z3jn{@5g#p9LBf~XCH$VT&J
zh`^ryk^^gr#6<uclkJb6*iHiYi)H1c;dk>$goN;Rtner8XZG5^>(BEAUd?{4#f|P|
z`K;cG-Ydgw8~~5yCxDN0?Fi76X8rMr^b*^%4Q?imY&53W&oT;H?yeMYi;r1Q@cvg5
zB`COY7PH9O&%)1M5CDT<9<%`9)fJlXD|Chix~7+dcncWIa@`gukC*qBJ?lQyqjjBL
zOm~qtN>iLKChz}T%SM7eDH8*{1O;N1Jl-`oPUqL4N2u4K$u0mcE*T}97zau+9w-!c
z-0HpxDJLe3VT2vw(orv(R1ClPBp*hvz0Z+!oz<v!9BXZyDgCr-C~)3Njeq5iP}W5+
zBP%PaNdRB9i~F&EB&=->3sv?6wL9R6z9_2B%nRwdb~AE&T&HeiRW9Glv;raSM4iGt
zLm%UjiJ7oh>51cM!Akg;@5l#djyo=JGg6uhYH4_`O>o#A57^JuljTnPeS63J0&-_7
z-vj*lSKrc&#waz}!vpeBR!}jvf{-E&A{_Ck=@g2QgivYKucEDO*Ave>w*j96Yewuh
zsFR2>R1@MTr0B8#9iN8INrO~gvVtFyB+6i0czfIjsOAu$jZ=(hG|izec)7xu>81nC
zkuo1Z`B`N=GyQ%LGwAM2!}al@TTcIp2*lVBh^d+Qk53->>mU68dfaQK*xD1QNxu$w
z^AOso1U!U7Vl0-e;1D*;FpKHF%zmYnOlcsGJ>WwY=g3W#yug6{xNX?g-0Y0bG$n1U
z%hst^WTVud;M$N2kr^-Ygl{#)P?EBW_?+8Gt2$HoKL1NgJ_)DA$C`b3V_%VH5#lAF
zGfAwm64<bV4sE1&WIg2C`&7o=wVe<Bi>Cb9{a_rn*$*eRAZdIjForMC&exGtSg%>}
zv)+zqAJy$+utWgjN79e1ro;L(E&OMe9!tU=(G<QzDR=M|)u@RZ)M_oFV$H?zf)d0F
z+mn`mNVsIYB=Sz=*p4;fC0H@P0Ak06bM`_OG!aT|$a1y<cAS1fX>ioWGgr^wMPKg$
z=$G!b8*qo9V9_hE4;=)og{O>70VgCPXjAk%Ml{lk^Ct%JD8ECOwvH9_66mb5G!(>2
zJ8cC8w{$$0j{{y_JdeO4#0Cmx*fcJ+!0By5e<71n$7ew>$qVT;NkU^H9w#+H(8au+
z(5iOJ6e9}#f;liHWKI-|O@{p5;{69BR<Za+)NPxHZ=I9%7}eZ_(@Dh<n2qQ2p9vSq
zKu*u%z+zzyJiVMbk@&s%v}jwgjZ<>h&v@<xugyw<1|t^~{-1U=u*INTl1HnWHN8)(
z7&eP-`z-qkzND<{f$k=D9%Oxip;zfH<>#CGtoX4T$SxEydy4LNm$zOOi%Tsdb1m;Q
z;+C8SesIC8eJ+><S~4jNy|%^TgE(QRQR9%}8p>E7lwm@|0xOME7)U;w(M?6sKjy^X
z-RMU+nKBh)&f3zramV0rY@#b!Wb$jg3!C3V|5dE{jo9IUj0U3U28IZ%TJqG4jiAeI
z3i$<k26_f~-dyZnbr@GyE3=9kfgT=j{44Z~*}BPkZxl)TWdB@r{I%R84vul97y3O{
z++=+DX`lEuiMA>m?$;-t1UlLT$tn20ZroT3=kNJM5P)CA&+BgN*&ly0VKWz+5EMl(
z+s_oNFH@Hn!JM3_Aswg|^vlzp@M?Su*mJLiC;PgMHxrIwL92%@i}O3>wA(jlk`H~%
z#!se6ndaKb^*decu9{}5(Sn6<DmzRY6H5(Ra5H0iPZ}KCg0CBh9d<g8(Ht63LUH;o
z#>^cR7lS6uPT&x2Aeli0ei$k2Ju!_@l&^WOHHTW#T<rnkV{CV#H5&q78#Or>GUI7F
zo_c85=T@>ARJKXJZX5>@i5raX@CvPSCYzs>ZlYGl)Y-K$saII`pg|8l|7vn)dT~F3
z`Oz}GE%unRY8kwJw0#AwJc6I9_+F&M2&^8ui1PP-28c#XBZf!h<)V{|3i3n!*dT~F
z&dt_+&Q**4SH9_gdlgkN(vl=DKeaS|%Jl9$?(Di5Q&i#>h!JMKz`Ohuii#!o!cOrK
zRweucym_`*J3chLkk$IzXs^~Zjc^nNad;-%Al=UFd+MOfk0Pr6dm0)EAy^2wL<PK?
z4-;$TL~k3JD)6ll3_@0^0=zaeTKj`2+0YLLmMKXJ<pcXx?w&3kh$bIY`!n=l%~ARY
zU8LG5Zz9SRQ8_=q{0qlO(5L8)B}c&NkJNt4-Bb>{LKT06FbCnj*@t|xt2i`M|CAK=
zO>c1TO^1zKPh~Y9=aU<!v*xmLvdS(wbN2JIzBl0`h>sAA>|n)&UiJQg)>u!0o}4|H
zo7)oJcDjHxW8w@SD_7R#yQh0BL(@T7tRx>4OXx`uMLf>cQr0hlku5OGL6kbt;t*WZ
zpwcI1-{Vt@Q*n0!1^FMElJ@Q0S%HZMRN?{sHhs@ZH3`b`HCq8f?R<>i(IQR$xvG?z
zcz98BL~xK`9a^Jqf5LI-cc1^ZhF9qS35)R>i_ZdGOb(frJQ}m-_G+Nqb_R#?Evf#`
zg><wc@i8mJMzGHgX@P|O(VpVk$)dt)<s^Tge26LTzK3ZL_XA7s^3Lzav1fDhqeg~T
z|5tG{(T~40pG+Iw<+2+!Y^QS8BJY@;z7XjSOe(F5^R{rj_ZCw#n&m!;S_-c$z4Wfq
zS-Hk(S)coCAzBdbB+_kyAxfM~^@UveM>CH}XiNr-DDp#j%JJ8#`EA%0)2mjW=5`&w
ztka>N$HVx)nWk~qRC;3yHn|$t>fJqpgyHg6(Z&Pp6W4H7CA2_<`otOWSrxev>T(Bf
z*zDl^CVtdzZ`Q?ZfwD82TS=aYoNU@b5>+grbjcLLLr~0y!NlG2jXk`&4zB<oL%{8z
ze@p*<@*L!};S_*e9c^@A4oNRrlTM0u0nYW!rd&Rj@9~H9R0*R(WpC$Q0&ng%j)!uM
zjRS;)McW>nJp*5_PBvDqR@oNTw-1_3q(%?86Qyc45dKUh>9!p}ME;Z<gcY1t|5I^E
zfJhGY1bFu}_w`5#+Q{BYkJSxsb_(P=YPBNk>#X^G!>nZdNRZeyL;~?3t|!@#KFG)9
z{I#5j_j7*@g^}aN=HrtUreqiUgD-}pQ<?yRPw-1xJ+Giv5}{K*|BHKCX|24Ir<BP2
ze(e(3yz|40UA)DH=l0-!%TM*Fjs8!3Klp^#vz5BGk1bY^pIz%+#!gCqBs)1$JL&$)
zSZ@r`V&zz?3c&r_AU%5IjXYCp$TiwIRvA(wzuhzgO6jeM+ZKS^DMrgSbnH=+3rtlD
zvfq24c0=`T72B3gMG`AG4L^2{vf(FIpdO&2n^j12;J9{4Vw?vS%6--4>@KxDz<L*)
z5ye#g4?Oa}@gE`i`sb-kO6vy<q>yPEjMnZ==Ilkzh!psaWmIfMGQ*(YpW*ND_p;g&
zC0-lU5SRP)jzwra5*??1qm=r<_@|rQX7w0*xg5Q1Zb)seS~+;TGu>;xHZekfUgPSg
zR7mj3VkMX{^SC9)&?EgU@plP1CVzOzv#SIjK&#*KxfD}<?O5d2Cr34@I?3T?kJJfv
zu^`^$<}rCl<5&~t<VBQHz4TJy+~D5Y_d?=jd9c3?-l>Jr%}M@J{m?mW1eX{pm^6Tm
zWIBiyM1!h{Axyo0+FSzT8dP|Q5KHlS$5J1IJ2rBgIHYCpuR1{*JqoOwcPPFXTehvg
zCGV*JJ^eOZ><>9~cuSQzZ`DMUZe&`VMjX0#7BC^m@z||d*b%NvXqnoCx->&$4pKCG
z`X0P?*~`sU<$>Utp8dwP*yU^Ca6t!O5}77H6G)E6yAOQ(=^p3?x;f{F%2`^wtF7@L
z?1*;_f{c8o?0Ci<`KQyARu9f&XhHhY*SgxhO+R}m-V9sZT~gKH3e1z(l*m0ld~Et^
z@S>oz_R^v7)xxPLS2Rm$x#;Y|=2sr2rmkzbrURXDX@%`>qrC^WTlP}4p)m2U0(%d<
z34+jgT$cnUZ$|1!YV{qDf&3JbfkAO&O74N7Bf6#uq+MzDh;c<%TRIIvX1&aMA)ByN
zMnY6LB}*AIL#rrtt2urp%|z4e)f9@vq#q0zJ)q#=2gmYL$`O@6_T6+8v#8foqKMmD
ziV_C*e<3s?)3Bn%y8ym4ZfD&M>ic;-;MPQA61Z_~1djkMY0{Oo);~ErwUhnJedczu
z^tzVD=hMI!t`cC;cNH=68X@x&QdL$uPlDqz*p2k8T1(wu7MZtbf>fkieTv17O{k@(
z`kiM?CRs3g_+|UQB(bWcM9w8o8b4N@UR%X0;>8_b)5I=h>0lgxaPipCcQ|w7Z~Bxo
z|D!du`7or7cF}`(bV9ha@$|I2e$)QVen7ZG%SFTfLcOeQ>h?3e{^Il~TtWQvTOkV5
zG633GV;ut42s>B%LB?Z{$DP06MX4e^7H(&2=lu=O5w0F?zj3SGs<`$0$C||Rd()Nk
z0zZLkplCASz;*{<y*Ki`2EIK2dO1@8f5D!pFdZ?;O4d@(NXy17vCTPb6AahXpD(~)
z+_#KZTT)^Osv9a~o219MZC}}*qXpucM*kups`?|Vt_tkJ>%C0vS})IHKcS;d%7%qe
zZ5>>i7R=LNW!6VWI7kh>T(G~l#OlIT-%R&<gGf!$lCfqYkCealq~E*y_M{o#9~q+$
zOV3R-e77T=Vo5v8d$$NI+vk0j3RK*&2$5Jb9)2!E{EeQMKD5;T;~M5R@Fds?_Q>hE
zJwNxQB-G>X1FSv-e3o_#bRZ&Ty=>Y0_~rtnbng`S2LpATxgKTzw5cv7mi5!_c{J2N
zpjdWp5_hx=-=n*34qe^s0&YnrN=J5&Kt<@U>qlV!XrBhS)XSN8y(G8*<vw^#*fDpG
zZ=PCO9S@Az_T9?$kGSLG#2^tySaca~a&zbHH?fSF{0fBu;eWqWI>~Zu&y0_WCRjJ4
zMU=VRDF2>RQoLWIilNgU%BcRXiQyuBgn4d6rdtn1Ta$|FbH&z|<mn7+*3KH_FM4hj
zH3@?)Y({}S1W1-02cKn;7Wxb`RvE``90<dou`#~7YW^*ZN-^m?aV2jylhdkUt+3I2
zBd85PoU!vx7<Dn3E%)233h<6(LDEv#Jg)X7@%s)2YPmBb3`bHWG7rDu3M7z4IpkEY
zf)*ty82Pxpgn+9IS>;N8h3yYB4*T?#+3kADp;dRHh|fikt%}ZxM<?N_)pJmz6Who;
z5oxeT6^FFH6a`x?o$8}ks<Jf4Pz1}4Rh(4HE;0uBrK9_)_kbu1gp`uTe2_yD@*wN^
z>PX4xdv6rClo_n)pj&khsWvbA^GP@dv{|m6LWa^bL`!HVGx|;~_NiOvP7--+;1Z^v
zD(otjZN?-;^*rq5kyD0V=>ZN6N-`k@!6pnkgj6nhzu*q?_4>Q~&JWq>tO93OyUIdq
zeyMgiz&N}BmS2H;J5b{Y@F#6(cY8769yF1?A@{G*^xUCxgP19+g)oHu>XbM8;nXK>
z4-nw%vwHwGOGg1O>Hmn%l7XI;v@^i<Y%7kf-V}&C+aj*?i@rlhQEuKkBRmaw`--ob
zcJEuW<YlDw0F1r<hubvF0F92gQqYZWxWvuKUbSZqz50PR^>m3bW+k2eFbG?imXX&j
zu(zwmEsk9gXFNngF29Q;k?rq=KZKS5Desz;xS$75`w(mR;Wkni_eVZqHGUt(5=5T^
z{f*?lzF#<Y42klh<C8I--}anWgVwAVp?EnW&!W^LH5Pwfue3QZ;C4S>Hzt2H8H0j>
z6U`OidB5l2r6otY68y%e&T4uCsj-n}*N9~Ii_K{*7`k2qmX+lp_LULlL9f`$qz?O5
zAyZ6ja!;)S0_m}WRI*5I@iaOc)ZK2OKS3oAg2{d%)*Z`syayF)c)r?=t#`@Yci-o}
z-%hX7ADW@TRLdH6JnP%~{?f4}cI;8d>2y;#At+2Qrg~Rw->qb@BRfNunEksS#d%4X
zGr3$Z_j?&NVX|Q-4Uj|&n=BrvQfN9`rtqOLSaVXbr|=X$xH|FsFQ=2jj9~S9w;>Bf
zAHjObk5crWCc${)^w!(2a;k%|A=BS~R=KKuDc{FW-|`XH%A)z;oGLOJ%Xl^u&hxIh
zF0v}si5ozPCA*bEn1*nUUEg?o3+<7laeGSLhC?$#JK;0K{5OE^2wdoUke1(T;if^4
zCd#YR2|uZpX#8P*&~Kr89a^gPuX$Iki-(S29Z%8f=fzxQ3S6wFlE&nm@mzdW@sOLq
zfHmH*zcrf6h$&&oQay*B9>iU3b5O?SQU*#N#o_98;DHg*J5L1iJ#HbKrH{K@4Mmh<
zynTjWO|0g`(`(1u@_yqe=@b}4U2Ev+zTQI<UtnCaXSCY?MSf!4Cok_Qp<ngpA9ZJb
zzW}o!>^J38`8YBYM)?G*#Fmvm%!s|1@+#0sD4z}7f*E6hW_^C(^0IR^8(6yX|Mdit
zO9H+QhE6)vIY<0f2uEwUL>^3x<UI8h>pA!5RN)sCtsV;&nfc-G8{`@JXI)V~!6{t>
zF_quNb1sp}REl1%_iGMC;&h$D*(2j;<HK@H+15^~MsYXI&&@+qC8Q_1A;A6LSJ0^$
z@Mu><0GJm5Zzx+T1T?kb6kSpioGZ$eetY&V^mELi1kYLywksze9KESfH}Wo9yzwxp
zu0Ro+I5&%;loHD}%3W)U@eQmX&Amv}+BayH)%mX+>IYG37qD2K!<}fs8@~MrI$Rih
zlLDr+Cjq}BP4~RAS>&L2Q#v<IoET90H#=|0PktVWbgBzSrW;LS<kc3Ep96zj@Wl_(
za`p3aRKoZ+32SQCQpp#}4$du6@m0!pBo~OY{>{B?GSde*!%G)j%5(TZOmQS=kr-C0
ziqwq!-lr&95X!|=cVS)z*aAfJ2GzjtQ%TPNJ}tIV@kW1;*6Y^h7k;3x;#VBhiFwKj
zxNHQ#nm5pin0HiCtF6mt>F5&oa4_<&C)_Gbgg}h=Bt|Y=HzCkqJU{iM-@yX8Vm^zK
z{|8#+#dEHJI)N(zzouu`WZ>;wEt7yYvGqeBQHgbmX##<hW*xj=^Aj66A}@9X>C15s
zU`>~EkNQ%W%L4`MTE>BUspqVROM9O#IVdZgOJWD6@G}y|mPRF5g3lt#`WWUdQZ=}r
zxxKN-218XahF&yO2=B)!5jl#2s%v-&a!mXHYOqX*x#sI*KsE&whHppTr1YPlNK!^>
zO@F1LQso+0e2+1ea9FtMUxqOI2Feaw;R}|G!NfM&{x<M#@Y#<Jxv5Bd{4L5<Sx@^2
zfw@v#v;f{2C7|e8-Wa;Y_%At7Zy!kCf6ndP=v0KZGzldzLFa_|pYw=fN*O8f0AVAM
zmyBHv2mCAT*PDHy^S$Wt8@vxzj|bXYI>0kP<-U)>Rqi6g^0TmK2)H-mDuYtrfhTt8
z=6?@ffZEq20ib&mT)^+`?v(;%$WJEWk!<^#mBhRmlGypuUk{IGcOrCzn(;<#Wym^K
zhd<sUS<lx~#svHBwO0-i4cIqOJLa(7+$;m?a*i%xzc;<a91g)7<*!RU6%$Z!+Tpu9
z;1GF7I6SB-!v4|ee6Y8kv$pTA#)DrZHeP7H9q^9siMj8?R};3O*c}U$b`2tpme}g^
z%~Hi8PzSFKJ4}|Ljqnu53;2>)g%Kc4y#yJZf4df~Iz09OAk_TN#yc1m9+if1gB*W0
z%G*A;E#0PXUwobDiRchbv;GX-y2r5j3<b9V##3{L&_nrp0Nfilc(M#8h_hS<Yr4_j
z)ts{SK)?SaJceEgjr{|<yu_+rz&ODE!X%Ui7}CoDXFv~Y^7f54cuZNEpPX>DCW@Mo
zUk`ECBvsuS6f1X*hXKwAI#lr_g@5iCa|?sODzWBY(RiLK<Nqdtxp|I6es?*NNN8qU
z;rRlCOPf<9@@77mb9e_;)PAz23GvqV9w|H<DV;wm_TF~>Pe*ybo^qQue}4yVv&>eZ
z+Dhw<&9Xr9-781a^&!PG^_R^~uXgKI9|`xTEBoqXREI#--qLP*lCb|4_Gov~B08y(
zjpBQeaar=xxB}9I0C9KsyjP@4*Yo>;s=9H;I0cE+7rsnAjF07w^_?-(v}|ycW32Jx
z<Vt4=f&<cTgRcSXdeO^++!iq65+|IRjB2lSlqtf0#!~wZF&ju?F|Iw=@Fsl7*xf{7
zZ12qBl9=K#dtxCe#Ewp!7=45@CsZ_EeTm~OJ9p62rGn56?V6tZHH4a!-^fs^+N2WF
zb{JR(;%_U4ufNd03lSzAI*b&|LEv<S3DKIn-MEw=-wU<OY$kDdY_t$IE~_2K<>XPx
zA*cO#{Vu#3!OClF+m{UH%I3C`(HJ(}O(~nT5-QwJ=+J)ixf9^F2SI&o(q*Cr0{3d|
zO}|*KEK2OLp0gnI=3z&g;bQlRdvD0}ne#8Q7>2(I(irgxL3V38xi0@Thsnq&{BMF%
z;@hA}hzUn}w6C6T1qmgLoid2Lx-?3C#{WYYTZT#9tHYLfJMnJa<g>Y(Hox=Fzt9);
zD%OA@YRr&H=ll1Sw#^uY1f7J9t%&g<YPrLOpYMZIdynKBdY!J1>w&eJCm(1<i39K{
zvh(`U2^RnfEBEP2Hdvkhs|#bUjvv+u3UHSe3aw3nsZ>wLg4No_)AWn4kP(-9gW=H|
z`gnAGNiVvD9wL|4^`nrKK-XG+Ik%Msh5_~WzCNnD4VXO*5eQA|KQM>1Ml9NNnfzf~
zrbpE7iC(qR&QMe*Uw$2yaWcvsJ0`d-RB^}loh(+Si8saLjt`>dO^@1rba1n6scKK-
zp}lq5d;7Ke3VY;ltCX**9>7*VpgZMe3~VJO*3KKXHtLx6_|2OQ6l^#T7~Pe6u1<8d
zAC&Y0mbo$vQ86mX)yqD%g^!ayWO`Ge=hO$xH?<422uYa)nf;D*%jhmMn-G?uCS@Eg
z9n07zry-S2lktBnL@Zi|d6(!N%@Q}zh4a=T;0m3~(rX7X*m^(VGH!Q`h+_pI4aiuN
z)#6Ybsl247na0e}#^ca%-tMWU$yYIG7WvROJ?X@!e-Bw`?2#%^vDLN`r)$E==c4(}
zFXt_6P$6F&-Cq6pQ$|)Jgt?h(>%m8g!O|G+FmYTxDGHBo@3TaXPYsTSNQp7rK1Eh|
zq!{yZ`@m4Wr9;j~k^6N(a6i~a5QsBMJqPZ+Jb9l1J(64?of&q1AT%vJO{vUe1Q|W^
zV;7!_Y1<xBbLIT<zUH1}qIu&;NUhK4f3GhrMXeuzwe*X&2+%3Cd<4A7e|!M)OuNYr
zEk8D2<(k#6jHB+aYaEnznLk?o`H-HT8|MF%Yr^hNV(8brd|TY%`Dz<0F^thOi3@`t
zqdJVN*?o{0+2FNk<Ar}YxcTf?G>NO7EgoO22S0ej>Quuw0ExI+h508G-f||TBnZ7z
z$02^471KayF%2@-cE(aZi#05nIh8W?pw^G_Dm#{yEwsry(ylR8NjWfo?@Y0Ph-yE4
zOQ<Rmd0BOhSZX`Fg{<_JLvZ|;p$JK8hzc7n0@u-_yg5qnQEmqM#@2=Q@iL&-%6jVL
zIi}Ym$|l!x=d@k$ldo6vq)@pRr573YJv!UGyRKX%nO_RF#(NOxH!AUCnGnk919Ce-
zPEKoDB;hl!Eu!#gs{wZRGaE~-;L3*oqFe0$J}f(SEFBxI1<S~YD`GRjtS-u32j1QH
zz>xK1Nsh$)Z2ar1W%r{M4IwnM$ApcOLfZxFDEX81`)gx^KZnuz)1x6bSnNQAH+zYz
z@2I$Jjs;5OaG;LsxgS$XMntr<h)(>2jD`z&RHRq0bVHhM{8g$~?6fxX{44~IBe#)B
z9dxYj!dimuLm#$v^BW&ZGB?9lc3d|C7a1t9hj-E+;)TG)v@n<CO6Bj&Xp17y=^bzd
z$?AZt%{6qiXdf=owm8*XDj5U*ZhnCQUUzpBBLhVeDwrsrhe~(8vEN{*IGIgWZrKzV
ziT)e&^mMxdL~FJd&|fjjwr2K6vLIO%$#dd}TW&lf)!pRO!A^HB7s-N|<AGsv+B)$G
zxU!2%DN(*;MxDa2Y)fdS0o#FHeEO8%*l(>v?han=Bms|W$oX2wT#Hk+l9CharqO1n
zkDr#5bhePn0`M)S%<=B&<?co8Rdd!81YSEYMu*)UBVPGA{Od%XQhxd$O9!dfPt_Ml
z4E+3<QJaE&b3tL4ep`fpVwkcG(&!u^McB!>`;9P0$h*4>rxkl19H&0F$zQ(ve^fQ<
zPCk#f<3ZfNry(_<u)Lz8{zdkIwR&@c359g!%$J^RVTOOrVE^l{+*YfbF{CgoPeJ+_
zEGm^W<XQAJn?p=02p&$0nL0&*-Y*TfB?8BY&y|uFizoG8)$hA7ltsc4b8Ex)N3TA~
z38o}(V=I59urhp}*-tv4Hi4<Lz|~~1Z)~@`r^?>4QtQyuS21fW4Q+E`Eb)sUuAbF`
z?S-siAMU&O{BAceMl3q%F=+Q}pNBJCFf7h}Pwe!~H%nS{Y#G2)gb}=dDM?QN+PAhg
z9)OztN4P^#M%l8bSlI6ZvKpv(9n=aw+zLUQ_-^O1rEXug3Z*uL<VD>c00<E<&Y1vQ
zk{;}eo?qPYT!}7TSIz;K5YZ9irrq4Ye9w886sQ&<>mY>0Y|H<7g4Xke@!T}xtru{F
zML)WeYG)}J7MH=1>%_i#uRvS84O>^l(7DVY)sYA>vL%#%oKNMOr6!5QPTTbM=<>+T
ztTjvnmRw&rrih?h!e^gez?xTY9d;jN<N?%VymZKlpmjLiR7jiNagO((E?~#p2>rD2
zkY#=Gbb0XR#j|q&-SW+WUj)4dysGVWtTY3k*Y5aFMa{aD;S(s~A!K*b-#1@hNt>>L
zgLBX;bVmwWvtMQpG{k?lM&|xAJHNfYyI|ULCXDagnW-)~Wk$jGUG6rz!YuVE{%>wH
z=a%&)u5Bkeu0o;Pa?W;1uEa}_ZJw1bChfBlWy{}s`+R<aoIL`!O%0wVgsGt^8~NtN
zl5Sw=$^<JhK4HMSo9#Y5{wYhu?EwS^=f35B_bI-V+zRo(Do+LaiBpy2*pz6fY(pdn
zuw?Ysphm9?P;wL4`Jk4s1SkG$P{Ud_WD?sKE=r~$#f=ZGQDHcGTn@DPR1TcmE6y)C
zE*uofOH?Se(n=vP+|7W~^V;O3=kwYx00PP@s3B~3nSXc+0CulkV#sOCik~rMuK8}J
zd#d^8z|oNsPhkXAQY**{OAzcV4KdP0<p@3us;722y|&+bP?^S{jpJtPn8?hpqXrpo
zi?%_eVsah}U&~=)zAaa@-{yU=yCD#m2||8tRXP9l>rbxS7uVwenK&&&MRH^RVDypo
z@~M?%CcaqfONH5G+Q)s!6=kJz0}t9E*=*$^rc6D6$Ha8i_t-IdsQjui0+OIu+-s;j
zinP9XG!_AzF8}>=P6q6ml}DgcY|;KQB}A9bH^I76zj5-*3GFf??40Hosh$qjV$1n&
z+#IC%Kj`Dm$_a2RX<K>SMucl{<S6rDx$uy?DwuU={^N@uX19|eNtTigj@sv#-xCPc
znOu0kd?7tyJ2$Yv-fofq^UJR<hx1)q;xgQp7)uOM^68nVN&;#lLU=?4Yjcd=l<cI~
zKJX472&NnraLc*+Z>Wc>7@(xsz1qDm_Wyv5*T5X${+{;{ym+1R4<w}ar%;@LY2xDJ
z7iOmveVKftUZ!;8_FG=LhJkpJ=6#!nm9NOWZrb@{BW^aT1LJTyN`d<vO(+O_C98h4
z(3eUpi$ptE(xmhC%}o}86D_2|m2aLrg|@OA1n3^+?fUVN5+^ICXf>IUp{ybBK$-GK
zfcJ)t9i^v%s$1xJ%TxqvfBDbZ>pzTGNFOlP$#)-!BxfavC#q>zGAhk@s~+T4EAcak
znz#^^GiRzM2MfBcDkIFCf{{6RA3pK4TO^EIdue)lcD2@>sIQjekq$LXXzu@Q+si0x
zJy$q7D%SZlECV=BsCi~9h^{`?yH}XPZNOq!om;xv)N5XMRI#Ie<~5hUq?2;SZP~qR
z+irAz->A@cQ~U=~9v^XM(EDa7^xgS`2ou`GSwRvJ5xAk}be_!-#LVU)3p+U<@IK2X
z^(8$xh^c)QGstV6OUc1zA3n5ustLG7eH6ufB76j=S(`py+C5X}u2)Vb@)eZF;*5_=
zqel)C2)<Pc9u49H5-1Gn!l%(c4^GQBldYokxNl?O3M;nq_39+UqmY%&7+Y@{ohu@)
zr6~7%wOBlhw6FFJ!j9a{+6{Ksn)MqU`Uq<W@z%d9TNv3ZsU~}%J7-%gLWVYEwYjG6
zsB(l`jh)2;7)q>peDpz62Hz6+0=ko4Bo*8l921RO_mu{YN7xDeieU{e#YmUc;<<mA
zb+!oHNT#RAmo8x6!MaocFY1W%rR}nMXSLx2##|6^;K38<Y=0MgK|*xH`vM}KO792c
zMFseGMeDNJ`oTYNKO#MTaP4)$yO!8#Ptn5ZN#1)HzsW<)YbY##%5+d!k!sgE{WKFj
zsb(jbcl>>qX_~7X-7Q}eohR-<?AOZ!>aa#!0;^$hpscdtBRG3+Y3lDa`0W!7bfq0~
zCIchP?`4QFdTI!^c&0sBps8_ay-m1uc8!FkGj?Zr5!lp}BtG#}Ur47fV<S`?_g8zQ
zSWCsjE3m~lF4-8z>fhq*quZ_lby=w9*h^evF7r7c=Xb(-T*e5P|71sHE_^rM0Fbz&
z-UAqzJkU3UMuhV*myvjGB?}PU;7HWR1G!xp_e-@Yk`>>gy?^sT?;3wzr&?ElPU$`f
z61ramT8E}llr+bR^t^&!Utj%SA}@L_XrO(1Bws_Z*kTI(XtUIG<e#=y@~UXSKO85s
zo7^RY@Sgrkxfb0N+q;h3Mq#uc<#mMWVZc_%;r|ZcxV9B?6(MMwv7mToJtv0CB28r=
zR1l$GoTw`SVkjn*F%(h+k37Twj?zzLgpHoUpw1~X!dCo4bsB`w^+Q?MM9-dYze~I(
zD$@K*B9VG<sn}k$cO8{T?|ai5K|-z>$}iY>??>2YOc%nRY<wrU@aQN8{Hd_e!>N{~
zzeSPINj-&d{M;^$bJSGkLs~8nt0OZY8_{@-^5&TPIcLlim0(l4oftKgFBV!>CDDid
z;dYq{CF;GfS>T$jY)RZOdC3BYj%;Iay5^`Dr8;lR=i3o7l6@z0i>F|m0Up<@S@l}y
zdNP6{WBzD(cB?M6X#+*ol7+>UYPZWI|CIq2_uZhM>1p21ujC&T(HkN()bviN+JXB^
z(bOMhButnQ@XeKW5S&V~eKb#uI*msKjUH9Lvzp)`vtQN;c@{Ypywvg)uMLQe`0O7~
zD@l-3uWhZ8Ld&@jQ*kPnm_4(Cix{%LQ2TrI?Ji-L!`sw<Nwq>qTy(R{XP8o~HAxE<
zP-OXaLAK^ibNK~+FkODJk!{k=mSQtv%bcL!pM|_q#6GykIVs{B2Fw7O6>7ZEXgAYZ
zGC9>FQW-ujSR=Zeu0u|HLiu`r1z`Ss$M5s@=v?ey0JnaAh*=M;_C8SmXHx4OP(!f!
zbJoOX?H_LKt2x@s%+;?nX6JMZG(zqKQOl+D=)0bmVU$vIgh|WDa+RX|R|)Bkvw@z~
z!le}Zw4s?!MMfpm)F=*nQl@`7K{2XS&nfkR9>YgyXt~@|Ub*m(0EKC8vNZ{C`RNSQ
zvGK-UxiL>|B>~z)#n7bw?vvjd=?U$gjVIRMGDUO^PAAka%Lag3P<j`f$o&gA9SkgN
zY;Em<bjKi{uK|DAow#UHMED%h?pZ>?7en4g7<G{6dRcv65&xB#-2&YvJ?kb!sgkIy
z+m_HE@PN0&`b$@P$9jZK`TH~rdPd4*Av|C9L#mr%StEl%#KiOmFP_#3BI(}#W%G6)
z#M1B|FOR>gFaQw7B|z$N1B8b9za)ezzJPCqa<Ktcm&wt(2QZT#E8E^+23&G8zSm&v
z25-D-f7rJf6&WHp#RqI@%J=}a+yQ7#{nE#96K^9p$tAF<$nFbM#=h~tvOXYP;W=5z
z?Ge-i-MTz?yarY7KgK=)ZfBy5Bm93*%)e%qiyW5Te@7nC01-`T?ehK!RGeah*0?85
zZe+k=@0iJMZ2_vgP-`#IT%cubV;wM<f<OZf*Q!WkH^Uu`w}K?f+wRGx6J2g7Rp6Yp
zdcUY;@GfmTH8pvRP}PZC)4AL?Qia#rAqa6Kv?P56Zixi~`IX<z%d!1%nZK@`eXma{
z>gcc$ubCAR-y8jxIw{}Fc&k%FgG>n;MNcb2fDfLN4k24$X?0#53~=`iwuxdRfd3W*
zdo$U0ISqTDAzO8~__6ku=34h5PBKYZ^Aq|PT2-;gIfU5iGO3~r%I`&=SxPnoaDO27
zme^|RWAMySeusr8T>qe=qJ%9aLX3f|4a+ZV>lCoYKJL`4?1{l%y&g=qMdJDSY>7l`
z*pUkcbgZ8<@|K$7W;MEzY%9xuyU1*nf@E`h8hc*?ze7#X&-G84T=%N%gogR7d2cYA
znHq1`_1HA-y*xg@S6)!vGoN@|q!BE4Bc(=xf=x@4=+W_rqH8|&<)VXXQQ;D9h{AMf
zzVm=(fy!bYqw!si!gou1vm!KBN7NClYwr49p?h_6O|0lulwJg`#Z{TV-~~=?s3`5f
zT%Ut;z!MX4DEbQRp@DAc<%k9VB~g`9+u*}vG$n=T6K4roUYc1L12mPUbwA~kzNj!>
zvL5sf3{@FeLkGY7XC+cB^nHw|)5XdUmU<ikWiDtQi}97n8VD34I7RTs?C;rx*AXfM
z#X>`caeN1HwU3EtxP%lWH1qv9JWyUGi|N#DD95jr6`?@(KT*gOfO=*8+|e2L`ZhKH
z)B}8KJ#0|ouk&~2)gG73mMlCeR=4!d@^zIBekd6$n&K9jm10@g0jB=GJY|jn9pTTU
zuNMc<H~AX}D#{7W`4;vte10rJq0nZ2pELCW{?-gOeaL0+n-X?=1l-<(GT)x?Ey3X-
z;OyMtTD0=;QQ;O)#(Fr#JwxNTD(f<U%vclkf9tCkz2f{1NM{SH<UULZ!)6Qteu$3{
zU}F<{0KM1CvAzP%lVWFm$l10U0WV&k^lb1aeC?v_IsEA+kwOftIOLBZ5tLjN;swLc
z2e)oDZDy~5+sn^2V<O-O>vvFaBel)ji{=vVt%vAndjl2@rw#yAx_=-q+?$5IurJmD
z{5u*tl1dqNxBHTMrj)eMuo64~bnv;`;1!Gybo#Yky)|bI;?E#q+gc_{prigDe8zq6
zH@|lgou&(*iT^toRMQQ3`4PUpi7roX*J-i}=<9c;C(^SU_IqkD2^-g2oQ~tNgwGN_
z)>oH=0H*<N($b5$+ehky!19{#`q&V_x4!l8Hoe!)0Mh*qq{IGYAzsE<UZ!LU{L?fh
zX-<#IFBH~kT3S3=U^s<X9?z78U&AJaMP?|^{8#F7Jbop*Q}c26MM2$0k3Yzf6zj1@
z#g5zf7?UJv0pnjAn=pfD)7Sc?3FZDTCsg&IH$&WWY`oXS)wO!Fxguf(57VfFj$qxE
zTliNUaxwYS!_~v<^Vy$OoyT_{lfsxQUrWmsRod4R6lCUBW7X0!G@dE(CTuhVCTMY0
zF7>dpEWJYQ%4I|pUY<Wk6aJ2BFzw>>*4<ETR;uQF;3IWwM^~@>6Sq>ZfUbeg>vdo2
zdXudfMU>ncbcy^U+xK^BNto0=lc2*_7Uuo#D|!sQBqgNp*0D;d?F-@GzA91WPSzj~
zxN5@h)^kTiO7!Z#L)OQA(bx!LctIKMqS+yQ(O8U{Vn;vhOXBe;X4uPP$i+|p@iSzb
zsF*(}3&lbP)-_fDGsEk>z_1+-2NrR~7gybxQQ^!*hrJvHNSqETb_7p<rPMVyPR8~9
zw*ZD(*gUkbWcY&YYI(_HwA?Zue);)_m`AAt@)5mYA_Z%Lve2XXRZg!3fo)}rpZtvH
zi)tecB{W|7Z5G7}1EZO%-xxTizP)bIs&*IS)+@}H++<b(_ZaQ3jv~;ZH_}*f3UUk5
zb{bTrnspAaM!p@N$q^N8^6@kfL%msd4r)L-D1ccVF3OgCcl!@bb0Tdz2n7dAnZt3G
z((E|S*xHps>x(F1rofM$xILYuAJGTo<25)I<-&L+$^0_EevQ_#8AA3jtiSx@Nz)#m
zvgmn2`JvLEohK8Z5<b0~5k^;MmBEB=%QM{ny+ysgENi=TKQ7vf^{*@q^Da+ehoo_f
zgUs?BBh&E5H1qikOKICPnA>Rfi%ZfdZ?&}cs{nTT<+I0_43HXLaD~!hLDI!R(Zbuj
zCf`!UiGH5sYLwGs^8D)m2XEOo1{BXby7Vn5DwXsLOO--JMe6*RroU12IoWw&pNvG;
zq((S&$%5?=7O5Lb@z!*>QtjZa#&EuexMmRszPjhr=pPB)lufwiTPwo7mC~7*7!w8)
zjTj#kSw5PV+F}e#q@@{Pbp5U)TT<%Jv>-u^pE*C)G=+huat#R}z#*^ZBTQuC`G}VQ
znSgcodkqwY^qd_j+O?TCp8CI{z~2N@1>{K+z#SRAQVx+lleJajua%l(WsaNYQ&2G3
zMkIELoA)A{krSMp1-?fn@P%7#;CH4x5S%dmAl79-fuF9JGPRiH=@9<|8(CL~pf8cE
znuv@<wiun>Ml2$>gjns^YGoqU-E#TNgEJQ_E;@~9wxebu7ZH`{jith_Rf-y2GEgy_
zPWxbFYAQow3YQXPU~eUvD58o^&xtfMnNm!i`T^0p{L=2h*KmMa_o%?>BcsB>3H3<<
zGP=1eoSDRP*RP5Ib}n;>*qk`*-#X+k<{_~BITS)EVI}C?3)zvA{(E{^(=$5Cpnqc1
zyZG|gVtl{F`{7iBGY$u`=bTeu3+!YP$p|XKDe)^kBtBv9Xke45Q|<3yA&Y<L%e&4J
z>Ro94SeYIB7Y1SygD=g5RxBeKYo6=Nhg7WV?GDkT<IVU(>_#!j^e;hmikd!SmCu(%
zGc9Q&N(P@i%zXYvOE&s3nts|c7{{<RouWVRQ^0r6<V?S4--vHS*A1QJw&wYHB0J6I
zQOMD@VlQ_@?)MO3V^~!MjXsID3PYAIl)jh4R*#KpNXHbj)H3l-$=@*Qp&d%fetU5^
z-RJ0Fh{$4>8;PmQFV-8G8KdYpry&o{M3+w5W?@Zq^|{nSP|_UTq3Y`tCXgqUaj4*t
z8!DA3Tq;uuZp05DM3_^!Fl~&g5<vZq_LiNjNi*^U!_24drpB*b)(uhPsgTAI$tOR9
z-@+nKd9qW_+$O^}xrC;5T2Wr{2pwi$RfS2dYk&oQS3KgmjEd=F)?$TgjPM&WXwPp@
zGpD%dwzT|J7#q~l7_U7eJ4cKcc1^W}Pj$R(D4$rKw{*}Bw-|U78md^4wIa91MqRe?
z#ig$ovCK~-nnNSk!W#)0aN(mkvS)q7FoLn=WDXaG?a&`34&M=h|I4%aPN|7Uht@H6
zXRPYS<2FYDPDe(d6(J7;Iy*cQYtUWdV<FO?=VsSQx0gqLb+E<HJ9x6;{io_g#2k-0
z=R?c1$nbzts^skMcTQYG3*?L|!4sdrEM#({{WAS4m;K394K;w=k4gqU8oHpWZKT&o
z=Lj0ONO9>{jNK8K4_1;A{X)^O{j&YhWckg1i79j69lLRuVp3IvJX=KViglTa@JnrU
zR#(ub%J^pO^VB3yf;CP>;8U!zoP;n?b8+Y2NNq;FTEuuxy<t51E3(<i#G1d;UKkuG
z`cEll{}fso6R75(kh)CtA;xf8JW0Y+B5+{@+q-hY5m%eM1ky3<it-({PwnlK*_utM
z(c7Iwa-%8v1hm5+pY$EBnMb$`F+W0vdA&-FW_p>fCy2|mx9z?tUD*79;5redcsB6k
z0&5}-Q$W>Rs%n0^`}+((pdb-wT6!aP-v+)u2amvet>>EQ8o2sU6DpZ7@~x<RMy|bY
zNjra!TogL%xVIBaqLBYmUc+5;AQi8CQ})@~;O}aWC<iOl!20Rg8d$Sd$Inosj^K$u
zEe@9j7(1hvt{zhz3Tt&JUYR?jq2~PjFeOKIKuK|n9qXpifGq^N<IDo2$M4IwT?$Km
zu$~Kw#JeYVfsSV%peFF%+3i2lfp!NN7nLtPNG<;P5{{jqNP(ABd)6*v$>`(NfP|J>
z*0-WrH#!KZ>^jut7<Bhs#eKPPiy~!1-<H9E8Sk32Vf-v@>&7KC!hP_k?3<k|X-k}U
z=JWUgFg5pl{x-HIB_cYw1m21@pz6@43%KOux<bGAXsyxOVsyI5NG+AKoa)8Xx`wPi
zGIbbSZ0^4hf5{i$6cFg}jV5LT`7~He)<1uLVzI%va!M9e*-d(c@d=O26GZ%II`Qqt
zbfbk|J@`=Bx$A(IXKvvyAa4y_oDzB?9u7c9p1gOtO+t*bz}VEXsA=^D!&H#w{t=5@
znsrnTyyTL<t)?%oqgBp@rbiP$`@^Yl(*qFpHmZb1KY&0$Z6c800czcOb3I+Ocrz}X
z#9Aeku=%)zicUQ1Jb#BztI#OSbG)}7ZELa9Ib=pglRATV`dyXYab0*In@}qC6+W{<
z2^Df)*;ui1m`)E(!(VUM&)?{04*1MTUh=m1C#Lx1WuK-cAuejR$XjFSsdr(Dflj@H
z$)^*s>98SggLN)+>e+A>TY3qLGwqx*9tA0%R0_20&yRF7ge(1LYFaD8x=<zu9cpy@
z6mRn|pEkp(0Qxun1MutU@Oj?qF#<Kb?TZzZ&d^E_6dxy=tuAt2);S~PLmR&$bRw!P
zT7B64<32BZ640XQ_$9{HZ&;U3_DDYqBaQ^)8p9~_E>KVedhfDY>L>q6uQimI6eS}v
zlpXh4aDo~?xiqxkNU-m~|GE%xNZ6;Ec51rZ-hdO`K+h2E#Jv%PyA6DBl$Yoc`lV53
z9$`CKms{)=GTg!5BeH|^UOwQLr-9xPsHGYiL+_LJk-ZX)LXzOw^ZHF_H~-De`K{tL
z?sHd_?_VFus6~2IYU?kjR7lI_r|1@=IHhj`Y6o1y&Q4VT>c1u_nv<K&J+tz73R#2D
z`1*PHUEN(5Um2c9Y`F^jCVy&HisOAK^WdN;^;#A^@$B#@&kkLZI+cE)+oqsFwqzvR
zk%`ZG`|oEauZs<b`u)D7pGVx{LF+o4@Du-yhj9dJI~ej0PqNO@cbPCbt>l!O8OfF4
z#|`38K0eMSMgEXKLHti;<})9vq$+~1eAw8i@V3Y!$T>$&7%<9-U+ZsW5PVY(P|O76
z1SHpt`@YhUUn;0Irh9UD5t+^ZRT&hLe7!JQ4I;eHgAGgd?bH9wf<DdP9r7{`dviq@
zZ&OV<RMJcpou%G3GjlA^pd#YRfcyl$+$wMwIo_io!8lH4(BDY1v+S6IdLG)}cwnOQ
z_1tfL6k~WuS>5MN<7oGreukU3zwctC$2BFtU@9Jp@Yd1Ma#sjYGe7?Du26yt({LYF
zrJI~PW>=|XN%Wi7+J@)lL+SHx{gCjGhN~AX0k<EI>_u5c*2evz9pva#J6=pTG6)^V
zyf+h|GKA@j<ef38l9|Ut-W6@PVNJ~kNBcpQliAl#@;AohxdWj=d0xLX#@~ASLUzv`
z5wGH;y*WW7aClcde>g~Bxa<=8YWP{#Kinvba6D!mp)l$)zDxckm&lBrDZe8q4vP?@
zfzrM8rOdRYWiE>BO=_h@aSlwSW~%+(WqQB0_qaV&HT6FL;y@k0O~d}YpBehU@i62p
zc%}ouyz`&^{(k=a|6p&U|F7k7k3fqCq6+g}Oxr@@(8mD_$s&Q?^CuHAb<T)P#9d8w
z*DT076Yv4{+BlYD#_4~6+qCbG;6Qzrn?X!xcn`$%)42}JKlkTxK*aG@3*m_Vz*!tw
zA6z0I8Na9D$P92RcX>N00`6}*?8F1%1M_i2B>Y$HtKg4EEWL5DpGKqDaN?+?6?161
zmD-gOA7L;$nV-xze?`pKf0$Wb5-uE3@+3*9rd?E`z>9@s6Z;Z&uoPx(xlWS+V8xyq
z-!^Ks`DIF-di;MtL$&SsME5^>y9fF6pWfjn|Myy+&zb+f(p2{s7XvIH*JP-QTb?vy
zlv@ZD#bj}?A|CusJPG2Z)Yqbhheb@6bg%d_8R6gbnZ^HClKf*n|L-33dwKo8zqiT%
zv6g2&{QsFLHe%X>6NzX03$K>dC$J``CE1{p<>x6*5RHVf{&_5O#`<4P@b4P&zjt^0
z1^@qpz0LYx$FsKeUkC|a7B_sh0{1zs{n-}<0NlB^1S(4{6B<0G&y5Q{Pf1=dBKUd(
zf~(<wvS{E|{;VP(ctNpRaWwFlt~(UCA>;Z4UytbP4Rmc0z!lG1D)u*<P>I^8VR&If
zEes7_y(n6>0`DngtSstY>CO*5C*+>uy~TKY1yuiOVa{#j1M9Dnp3W~AO5F8%sSGGy
zBb<1lor<91xmevvuy!dU=hQ401N*3Z)T^_+5(vsdo8|(W&Sw4DIHF}IwpH<+)kuEG
z$9*zBhvu*``>8m>>QLOX8lTr{9lVu>Vl55CItP8-Ip`}7!P+X{MS&D^`pySqg+d^t
z+J48lHn($iL_E+n(w$AATRDkZKIIiX$w{<04ORt9T}rMk8zr?KyfacC%t(CjEIP1=
zSAaj0iJ2yz%fm9wRIsoNBe6p`|K<Gh_U7*9{Q8&k>$|JB*S8Lm9#l8SsBzSN(QVAp
z3+sfJvz>nb`t7ebcPCdDcPD3O*CidgKHJB8d%KN76SuE#?rz`SU7x=``Pbd~<;knp
z=Vv7iNgk8(%DSc*_vOi(^J489cW2?nWiA|Gv76JAyVLXQ+q>^CUZ39-JIY5yR;nxE
zQsk24WP|^e^z!=R{PH&KX@QPPB1TrW|I_)umTcaQ$5-ZGwH$pM<!H0M{%%)Inb@7p
zAm%Z=%Dt2AG9!n}*2>BS^^5Ma0L}{cGKiNG|I341p_1iNrxaAOT%&VHV@b_oWva#V
znQf|+RK%N|5t`jDV5f9NT=r)yyw6|Pu;Bg)s>UoM+j=9J$8;0Me6~@hauqBWbvCAd
zasYFf@joGYd1;{XOc?IHOtzA$Bdi%;-K|**kx3+{XOthK_aAfhvU{s#xp6ICTq%N!
zM*vl9a#mG{x~#g>{C39V<g~KCP~7!uA&CC&LDx(77**FG{uVLUXJKS6L$AwV%gipz
zMi-ykS&7=UiDbT}XU6$I4M&^^@m%kp8u35&^XLBuhnxK0>v`7e|CxTV#FdW=Yp+<9
zgoSl3V6}3AK?*+eX;6?0-O);13)Xn#Ka*iv<Sh~tq$DsxX-p8O`5ECqYCBWZ^~9Jz
zfZDMgDn_teH}8uvJ}MPr+pCv7fi<t^o!?f}E<iK0YiY?r1|=RXGpo&}7;{_2-6mHz
zH)bN;e7BJL>4x@2#`cyfNJ_!Usm)sFdH+6T38kr-b=_Ntoq5H{kUnKT8r34Nikb82
zqJ~!Gu8?%bctMqS>gi+GFG(MnA^%qs{Jl>6_rpT`$Gz?*{_k3zKTG~UH%5GU6KItI
z;x|5rf3cwOG5!4c@w%TG{C_pU-)r#y!*2fm_rc*_f5ZRR@vPbZd(klQ3-aKq9gQVr
zml=OyTbj}#JbO>`r-+oQNcYYt7Y%a{FgPdgC618x^xmEpIT7O>$G-P<L&E2PEu;Rb
zknXd?!OyI?@~y>u{{PJ2?{)5f_jB?8`rX~$#{RdKXTAFW%=_Ofj}gE04dyaoQs&bB
zh1tjE4B^?rWTRYvc~61=i->a4f#8L!iU2j2{~zSze{}o3jsCxu=Y28$JC5a;gp%r*
zZtY1dV;r=BE(#2NR#_SfiGyINIzWFphGj)XYt^x$91*fKY+=S=pJBVR+FYS^$XMvV
zLf19~pjp01tzRS=!a=|u5p=Ahld6}0#Dq_kK8;SUE=-i&OnfBt8)`JrzcYc6)VqlJ
zqS0(X{3rY04uql9rFFz4RdPh6dbJS`pW#!N|34=J)I9#bcTmXxvA?&;|FM?m3+4Z<
zR_l|*i~5U*f;6U7b+o9}4z*6~s%4^5tpK$0G%s};4*&XLt!DH8)kJ`r!~b`?CGlUo
zoA`fgdDh7P^G;i}B0xFX>gtyApU0W);55t9A)`KM^EoKwHg2{mcjr@%UZO^a$Dv-9
z_CjI6Mt1>uAc6XPetrG++I}%vGO+J+B82*^5vbqiN=1xIRph99)Jr}w@1DrJ2+J{g
zSr^Fw`wi5DU?;`E5&ndRcgwY{s?KU#@>s~b0k}}xwjG>x^cVA=w#Q{7Q_*J=OvC!{
zK&>-fsVqPSh&|%p`6M7C#Zl2q^jqRFq^4syB*&f365W0L*wO4-uZKp{H2ZJ(uL;y1
z1@VZ6BB7*9=93dCiI9w=#{H4Fiv*SpH_HjsxKkvTiQ8_sj~UdMmlXj*(rgq-*!Z8w
z^bHR2h;Y=HkO||{`F$4}`IYhefMGu~kUC=!_cXe@j|U_m^6r6fIy6|WKjAqo<DN!8
z>Gpncn=3_uGX{O1^iGEjN<h@PZwSA$Jo2S`eNpYX+@;)wd=AOAV)$&=@LqpES;GN+
za8`o)WxsHO{i(A^)X#<i^RKDjY@XTAO#RQtWWqwRtlyt~X6t{wUiY97|L>r`vHz~+
z`4ja&8}!da1_WBWDRs#Egi2uckgrZ7<}zj3;otL>$mMm?g%9o)>~O~LSL}rXejV8<
zUkXw!u$R0eQ9Ge$3AD3=8m^3dQAupR5@^z?SqTPb&UD=%dt)Z#)x}vRSc7_ZsqgV*
z-ut1jkrIp<>wC(D{FTb_kGhJptC<nyZUvU4XCg9U{>@S$1Q!gIKtn1|3o-6erzrK^
znakSYq3VoOwS7?)G-`I(sD+xZ2quM)$0ie;zwyyRodFFyVw`*1@^UXe<nDF=_M-r8
zx4)+W5$zv{L=8xyWfY}HOl51xcuT`Mz+!9ydM1%H_EG?gkq6URDO<IPj3R%aZ8?p|
z+u;&)2T0#R4Iw!VM~#vhS#qK1=wJoLP`sGEQWA6f{v<@^bWllVB_TBs!h9r-(QgeC
zC$`bd7$Wq`PHOsT{5#j+l6+-G{Fj*#U@DnQHe6%HV9Nso6)9Q|JGZXf;68Z_<%(8B
z_9=FxEj+b4Dk)mB3|rb@RjWl^G#|Plg?)$vF}K4RJw0Hqd(-hxJCfa#(Csc4k27um
z&A;w0-=3Z4gUKNqx9oe)CdDglLrMbQoFSEd({SlLQE=h!;>syn878bE>Q)kWOI6H&
z0Y}-r{(dj>VTfrEb8<W8M2uPBAESQeJ0yg{!5Ing^oDpW^u;mi?PtnFgi{d8`s+bA
z^VQ^PO+N2BU#p{v%^M*YUFr?7bO<v?u>X85WnJ-`>O=I5a6@$<tBf18B)Fx)iArEw
zFm|5_9+DAes=rGnuN6t%Vj9Yy$P|6BF=`Mv<+Rgq=9;U8Ot!S;FAE+S4v8m^(Iva_
z#>9^k2APY5G?&4b21+X5%a^rRV9qt#%hjpH%wZFv)?{`;)#2>=2E!TUKz-A<{1jXh
zYU*^Qk&8;B2RYgFGO@M`Oj$!+ElLm~PZ8Br>9D(Qp%{*RN<uGz-8h78jKhD?XQusk
zMK?g^`G0l0h5H`|`<wIswLD*_|JSqcihMqPMSq?%!iK4Do(lf2^{Lis9Kh!A|L*?b
zZvOo5aFhRQJ<pfn|COls8=kx3r(*pl*m{2ShZ^}m_X_bJ_BZ~Y>v`6={<qy=v9&5b
zQ6XtKO77<FRP&Ie%=6X0zZIvbSpRz4zoHAE^Y(v-dwco)-(G(s|JU+-ru#qRWm3HX
z{8Mj$mP7X$-21UtKpnK?FMev+!FrCcb*D}4fr5DvU6Th&9?{9wMd2oBZX_D1W!FRD
zfQmyyB7Y%N&!c)<^R}u1y6U>>S7^w%&hH6-2rSLm0LuE;S<5f3t`bPNCc8Y8E5B`9
zoBu!K0_Z&czgxWjdAPCvt>^ht`Tu8d`SY`t0(EYGW=?nh-0Pe3@VL3Z`3avn{C^$x
zzrEdq-Ms$a-RS@8dA<z$U&5!pc>A9nond<J4N#*$zF*?@SM?3fMn_Jfj*G=k#OVW;
zq=O^cR)s&|eaP}_tR3~b^e*eg<@ayx2M^!flj$8qf?W8ro<%Qi-;?QWE|_H6fe~q{
z{lpUj#1EgMm*}^pJ2maLZCh#Q|86E7F+Refk+Cc3Ez@9WmmZr;Sa=7r^%*!#ho_pm
z%w7exy(M_omw&1MNp8Zjh;S?!uXh>t3`=|?87HVA{s`(^AXP60SP)BxsvecZN&O4{
zNg?qR#CO`ox`f=}AGOye?LrHM>#onfvnw(btr^t3E4+m&2*qmLY9D{6H}ZElqIVBC
zpuQ#Af=h044dc#ujoiT&`7WSBEwkSm%d+i{ACFgfe4lZ>PG=zd_sqM@J{9+MX5^ks
zMcK7<APV)d{kve{Ok$99NQou{eGpcs-&Ec$ywKCCGcS0f_1$hh>ZaM0H@BNt`OMb;
zpBwp6KXdIr-Glu3f48^M|JU+-+4i5$%<lii?@rPfk}M!-JB3PkEF%66k_-(9f<zsX
zp(qw(<Pk1)91McAcoJY4M~U&EmSsCBU9iGOSbF0|Q(Ly1sG-ElCZ6Pqp85R$Iguar
zGl&285B7@j-w!tVpVsoM+5VHV?a$9%|K)S<)bL-&o^Ou_s?P<!aEpH$B=j>RxK_mc
zzcJCRAR_5}^nT&=yAB0sw)|gB3b6V9UxoOe`<wVr>v=wh^B<cOY`v#HOGkbx%f$6J
zi~v=Jh80ADS_MdM#3DCB((KFOCDES>naY*`1`ZCOgCswhy&gQ`kq$r;Wz&$kxyjNp
zoJr=f;27PWUKJu!If0)Ry0Tk~|3C8r=sf=4?e+5hU)_V=hX1eQ`BLqFYq<dWm)|jN
zOlW`iXAb|DSdw8JJTC<7Z2sTt^$$z#f9!7f|2m$}CjRS<A+=c%U_Y~sz~6iWu$~aG
z$(%n2)Mo~P<s=HIhs81KEf^9uf!^p4mu1vEJ6`OJ5U)uKDehN;p_y}8H^}P>;<3(C
zz@VEk=H!Yqj|g#@@&(7!<T-d*SIkz!h(;1^2P9ku(rnb%9n_s45Y~nBxgFLVXE6e*
z-3%LtzD#i1^@XPW)PZSB!qS!nrOkz;%?G5N8;(|iQ5uBSiRjrXm#G;#Tr%FQrHtx;
zv&)5>b=xg)pIo%rmC{V6<4-^~Zu=FKQxXag;>>QjG?NX%*D3~8?KlqSsqbK#FyAGN
z#N?D)vV~;%RY73q#0RVy{Iw$RtD(>(u<RS}UxjO{lx6}fx=^dab79UEstWg78qKk|
z2#X;K-CnEw_-piE8I83xQfXBr*2GBZMh%=Dg>`-m)>#o)tK+X$M_-*aqGIIL(jm=_
zx>^x)^|`j|${@}&LO53iaPH3JAkWhJKcn!l2Bc3MANDz*mBxat3^-dWIBWsFTzJ-*
z%(pa@YNa|*he?%1QH^pjt6i>D45wNhO!X76dX22p0Mp5>wR!0ynX)_`1!3UsZ?LDf
z9B-KK;(j^#?}D2)>qhduCfNU#Q%T;29&t3P)QQqzj(@~NWP`E`-T1Qli3^{g|8aL;
z`t50e_3mpWJveP{OxB<FDcFC_^`4ak{xZ)T`|m-opU?lb-|ubWKdj|>|Gx7rvU84n
z5^>^TNqod2EwwNwC}a{12n|Ol7Q{#2cFa0-c(aVdkOX$Mf?9|g=H(+6Zp$=8550D8
z4~))ZEYN_E5OFeL59!zaHu|1%<P(W$AW#$#EC}Lcs3WW>HBTIOIzID+6X2YL9jM&V
z*8<f5I&n1O*e9K@#w3`u%&;0cR+8F*w|zQ74Rc3sLd3X%8aSdRfhuaqKr~Rp!|ETx
zWdk+R9p#C5gQJ~Anz$#^vKF#vbXsaB?X+be+8%BzAOMpyOWl(xdL*2DA@g9-p+)yk
zN8<c}gz`rm`s{)59C|7WeK}N@9qnlt-9T22pCcdg$Ciz@Q0NO7?N*l8jN`!|AVwq2
z@D%qjN|$QKv^<Pp`dLUE`Z!==qVVlxj(AFHakazCTLKb9|ES^n`2rLw%88g+|E1)y
zRm{rOm0F{#Gq7?v)JivtJ~O21@n;(cPC>X7zkrH710OU*X+6C)G9RxMBsP%2?duz4
zAxTgearQucB}x_oX2`fUhNzleK-Heexp*WLOma-n0DJce-4XNa%*A|ysK(wLy3wep
zBAwbqlUp?ABm_-ZNF{^2=BL+ZBC~vy5Oawv;%q|Xn8cz$K+Y%A@*CZ7x`r}M+1vKB
z+AJ$mt8s{CHmhY4KCs0Ktft=#bu3Y?3W_{|ZMRQxga<UBk}6%`>cX6ri}sILphi0B
zZI5xnMB8JN&O@)UQ#eO*>9raX2&tgx=lqEZnLqq9^lY4}kg1fCbQL&2k!^HUAx=hA
zj^hE8O(9F-IF!B{1Z>cmU>bJF6P`o?DJ#|TxZf#->COz>d=#*?QOiV-#j)fr*@8Ky
zat&8;{t6OO>~F>=97~qUL-I#u88ss2YfW{cBNsI0ip8Y1s%7FGTnG^peocl|>`pOz
zRenT5q<ekobea;49Al|=5gbe@bV!T5ac2MXm}M2BIq|V4+lmO=V}gCcMOz1NtWnS>
z;WVd)y$ypYQsR%5NRf)Jnzj4#aEJyZL6P669_O~>yF#8M;UNxey8I#$xtoMokdv#6
z8xYnzr6sc4h)SxPQ)MwCoYPn>nlzV--ViZf31Kb)(;`A$Q$s7Jwrg);t#}Ke?U0mw
zHwuwCVU&1;8er#<jh)ImL(W23Q7JQToQ%lRHHiZ3k&_@mjsMmD_UlGHC>qAdeZ|R;
zKB2~gdLhW<f$&o{i7+Rq@n7Bci*~nBM>U_-m%g<A%|Bm0KzrX5=VtK{mEq`<4XLEF
z`C}^K7Y?hS;fNC<PFW~93j$};U`vd!B#(G{a&=L<=oNo?g##RVgtvo3i*~g^ePGiZ
zp^UNkiA-%>)Cdl*bm&^gBP+)TOc7Vm8dP0q(A8*u&@e)nT`w7m`f{$IK(7zcYleMf
z0YycH-1egpsx$)0&^JoRf76)fv^E>XfCwGiu7KR7(4X^I+y*BNcB4a1*?RZ!fWU|h
z6;DVgcOYC5G}182FYKbX^Yc<xxv{fjO6N%VpD%mu-d+Q3Cx;aJw}r$Q1)#j7pw>=z
zc6N3Ov~MP~Q!$$g-18Kdb_!>X*i0vRiUR6U8BCLzg_H4b6#g=kJbP9bagD7KY`MBs
z+sB)$i|cblLrF&3x>6+B@|Hj`UDT0x;SK01*nyB$x-$~W;SR=11%=N;KVmeLH-Xwl
z0F*9{oLYuRZH3e8GpD$NBRaHj*rG@`PDNsI*q#dtjD4qxs4Swm2+2zzoJCOOXbr7I
zYbZ6IS7~KgT1qLN`f6I`^dtzFo?JLCY<S!+NS5u0(@+jk<91vHk_Vo=uwD%EXox&E
z8PHHuVCM9@yz`g;Q?$`7LqteC2&fn%Z0~p@rH3_<4+p%#)aW)bCt$IOFvk-DG3z8V
zXR7dllL?aq-9JFoJS4}Q#iMa4&P=-PdHC6>misd(Fi(7|!ea@E)ioi`*Y{URIOnDp
z^k}<5B90(5+lnY>O*6N$fh;q1z#LLG>g-VRO1@Icw-rw-BlQV>I@RGOiEkPaJE*_E
zzq3re{a(*Ot;W&>Keaqtw3P&uoWw#p8d86MU&+w@UN3Lv|FcgtH_sxEIsb2uNid<K
zka4p5KIYv2?e6d8<Nx&!yPNn=Yk9sxS6C{x2;x^$0D2sg5Dj7)z(Gxfy?Z<&qP_JM
zx*gMmX$mC9BnZ$bU;}*(hK8di;v~S5J`nH%bKc|7-}(xLWTYADb_Ba*;%nCWkDWG3
zY-*7P2}OjXfQF>K)jqqqgTTF8U!hZoI*fify-_-a*lLfc?7+X{c%c8#<Jf8s{=+-)
zuYEBdb<{uhr+5fEX^UzL8%GHI>9@XZi^pi|+x7t8Z++XA6ZJRabhP#D|FiWK`UP{!
zVu3Es&c#;SB=p`=;tO|lan63<YCi~%`K0q1^F*`$UtgS_U*4R5nm%T)|NcR*pI`sI
z{r&yT`d`O`<~=77_QnLgrXC4JKGt*QF^5&C-|jZif8#L5e2V(r?p|f3v6Rtqr}Oyu
z*v8OJoAFU6&|QfR#1_6izkYLrPA<>T>D$Y*i`$F0mpAD9x7X<BoAV~RKEJwtd-n6G
zdfkLlXBRiO*B7sTR&StzUK^be@KA=6G#ggAVMf$IVvK_TO$gRU$Vy`p+M|YrzODu5
z&#@qiyG5M&F+}^eA;(o&p9;z8AO_wBz8FIq5+4nw=tjo|7pRwPVqPFNL{jlmpLy|w
zgfb5o;|0Jx7EL)FjU{4_p|)~qWf|E>ThO0%GA^kBHf}1=h+}<{F4LKH03ahApmS)t
z07M+B0Rr>{VGmldP=r3hL13C;a!d?>)SB0gQKtz`Wr>AH0o_!iQE%hWS34<S$j+59
z&H^nbpdH<z_FjQKWXvNbh)A)TOt_t+hH0e%LlJ13?&zxQk#M^?RY1^C|J_vb(8IBS
zZK`QSe*z3}q>m85+Qf!P#NOBd)>Hx%hCi5U=rOeIV&;)5YGNF1Q@W$4M~rEtS{l-!
zoGRJpsiwF0yZ>_sx>J%_Bi=R?OK_P`a{#v>g>8}UpaBWVka`pc+14F6(<%QKiyLr~
zr2gWK9e37o2snA5evIMN)TIy80C^(ZqXM)A!Y5R~skNpvy$E1h3Z!-ezRL}@ye4@{
zi{Rv#6JLJ?4-kB>x|lFu`+cZRn#mnUFNgsZgII#$Eua&sdY23dHk6NwytK14Qc}5@
ztUYMR`ZGg;rd|JFsL%=vs0AtLZy~f?5p*0*^*c^P9KiY*ayCH|;*D`gJ!}_<<Tw<n
zB(?+vZvyjkh%nOVf##ao0Va1GGQ;%PB%*3TF`d>z4|7C9!oe#nGhml{c`SS|t_G?d
zy>=(Wrx?8RonimV_<eyXsQolR417pYTDk;iXorz30F62`tO@oB!Vj1R5LH;Oe}^wM
z6*pA`s2$q|Q-l+~V7Xh!B$yTrdo%a`U=Od@ij+#W0ER5IripDFBI8n^Dr)B>T~U=h
zi6RpE^a%|}z#ex}ESwRzd!@8og%HumQ-JED90z9frX`I73-|yFHF+T{MPK!ysGqZm
z=2faIm@c&z9>>%hJIsLi;P`+8#K{ANscgCd2AYTjc)+;*#kiejcQqxq3L;Jf2_;}3
zqsK7|U{N5Y0#j>4$<BF^A6q^(%q;&V%A?O<Pf@eIv-t?`0Wq9RFiqAci7*FBQFwu2
zOb92zRBaUQ0dWHw0-c0-LU!z=(@+vV#2yHVrXwR0q!xfu*dc6~&N`gd7#UwW<M}m^
zELo?&1c7G3Sy`IEp&HA~3DB@_G?C;Ak;V<wV!RUgrn4xd;`%JaL15XohzAoY4fC*i
z2T&J44&a%k0387zFQ^rEmO<Rjloqa{qPQ}2ujqY1#yA)vHmp`&>PdUlNXBHdLTGuP
zuw^zxa4C$lka|rBGmZnGqerglf!S{ohX(sdtpXS6Bt?|MlN9M<0sM>ROi`5ZF1HUB
zIxwLLrh%#)P$5Or6<LWYB&I@=iEvps6(S}|gm@q$O$j~yO7dxKCDFB9q&FQllA!_z
z+X`<!6<#br%0rJ6;Fm^?{1rG}Dw@cXMM8G0mL5G8iimnKi$yR+6U^@w>*J|*WK}LA
z=qR*K&1#MSv89x#m{sGFNraKRR@;r@63*$@$*}DToU8J<2vq!WlIzs<y7mZg^1(FI
zPr3*N`6DKw3{<xs;}O&1S}DBF^3#l{-$p+uwMun+nhf7+R_MlLv@*0>x|wm7nah<4
z_QuFT5K=5;Fx6Td=mq~`F~Um2i-?SIV9D>1@xXtiO4kTk*n*iC^Z|ahyfNk@wQ*uo
z9LQ;F$O&m8$~k#po?_$$X>Rs^szbZmB2A?Z!m)FK)1~Y@iU$Gpf~g|ZD8SQZ`X(Y=
zi&_D1jAG&L+gvq2;l-dV7kVra=fGR^1noK#bcGeu{R_;_HhJ<$B-H|gm|#Xlq5=uM
zA=*Ka9;-8Z6MRpaXpA2SXn7VO*hjOWaSIhB2%6?!I*AyUdSVhjU=(Ge6#|>FBU32Q
zb7XtPQ52}{CJTe9#<JpF1~f0gbRtYyXK;h5Zp6iI!Z$<W5g{<AusVmFh9kS9A=Jt~
zcj0e~9i%<unb`oQr$}1XQ=YG22c&nnM%qedl)Nl(ri({46;{@@(Zx{Bf3g=6l1fF>
z$)reX?5=o()n{OGX5+q{3amu8=1hndAWRJd;_eWxf71|Q6yQe@Q>lg;kdYPwSSG-y
zIzf&r&SG#N6Ext$Y_-#NymWG=c35^kCZMUxG1016mJ+SXWH+N`rPz%|y2gyivs#sw
z4r+<2*|W5Qg;m(JKfWfu1iMtgKGD~#V6Tm?iE9~ZL)R0y7+^SCo(p*_qE@%b@S_=8
z9!!Z+8;MWjNmJ92(rBn0vqU0ix6N9FS8%dsx)lP1q@*<=M9=b&1p#~1^4;>T<E><0
zwWCKG3yDSwUIm`sZ*bz#h!VxLT-BFx$4polC<ghE-${H2V$}9IaQf7Sn^cun`zUHM
z(|DLG65?z^Lq#Wg_b4*ArLjy%TD7UR?jt}3(d}e=_MDzMk(h=}t2aAac-S3;)574~
ztMInNlpvaFg{9K5X{fuY*rHFA-qduI2_R9KE;lnaZGtF)C(lx|nw#dHwhaKzXQ0qV
zgsWkK%Lc4CE>ppUj0T?{XclSyj$&HL{F{xRn(D^o+uMuN^9F)I7z*EN*_l3+%I);y
zt}cfKl&q8jW?{aZrtH=eLwFIaFQ-|eBc*7yp>bUF8>R-FK@S9m(5!=3H-<tfhD-4Z
z#D*mb2o`EP<yz@Ym2|a&i<~&NU}6hnit7|Z8LAR9VffBv<{2V$*LBtah3GKlGfHHR
zQVCdWpYdi9%h>9Aj+M*o4N9;y%&inqARY+UlO@NL`z<xdX)-q<;}f-ER*D6|yp6#7
z2fT4JWN5JB%r__xdMlk6`EcNDUX_ND1;?x{;8@d)Z9Wkj*!R`nT<v#Uiga4Bpc@R;
zSqV*zeL?*U>A-#phpJN&`tii7tr?23j79JN>~!XN8X(vjF>p}6m=Yfx&;xj!r$3FD
zs&k7{6s5ZgP+P5QD16TvS<<OcjhJz`ATy49s<hUOmRq91r>4D<BO~36b5_KLCD1g}
zWiy1$;<REb;#%jDr3CG%t{rP$3P9nsDkFsxt=nT0tx798%9v%6ol0&ekeQHu*zA~-
z0KHdDwLsBEKZgMk0w&FM(p4=w2PBDoW180@9b=Yb#;P=3rJBC#F>lDxs@}l0J}<I0
zGinxq=@5)=LaVO6J$=;mFPT)8lG7WIF9W7GWop@uV0)*;2!JNyh;TuCq7Q=9GH|BE
zbfmQlZ6K8--4cyB(S$!WD+G3A<cW9=iwDM=AcT_<=K5SIzxOa_0S9e#YZVaD)_x&Y
zkM<dGPN`LH=R`;$-W;fD^~D}z;0Y0qMkAW(MOXckab##%7q&!eA#SEtC$mj8F1?y2
zIKhH}W1pVVSV%U(d<xLe5cx!SoDR%XB%2O8qDA|xT}^i0j5H__0UA?>ZFEKjY@G;K
zrGCX+;bodEf&|pTRBvEm=dHF_DI0)Ugw0E81#6}gX4bw)K?N^=g1vEmi|Ur9Qe-E0
z2QfJDYn<Gmi<<^|b#ilYW0Cvo#qE!8f4)V(o?Ks_T;5)s-=MeG?y>ya@6pNSztB$?
zmuF2xs6GLHip*^dyEz5E;yY&2bOnK(6k9$uMUNU)up#0_7R!d{_Tu*Sc@tf}y=+}v
zet&&&`NR2}^UK>NdUJk#`s2yv?a8Z)*B7_{0uuWE;`Z|VM!OH3m^Q9Xu5T|+e|~*(
zjjn#azIuCeuBEL$EeuGY_G%(xp`dW;paUkrt}sh3IEpxnI92L740woQu$2P+r5x9>
zmuhRH5b*@|DwbVS0i0bhk0#q>&D6~~D_CRQgVy3^R@2^58@*0Ysw%yv`hM}WjV_er
zMdU%zu7X3i5i%5ju~Uu-<5S1fVo$Op<I*)5gk%)Z5eYrA(@ajgn;BDXV)>a%@7r2Y
z5XdJ19e_dyz>PQ)B00CPT}p&KDd2Rxe0^x{nGqk1qk)~WfZ9x^YQ|w|@dS^uHhfjv
zx&)-o0dP|<HL}sr1J`A9l%NzCZPTSVu#H*{?TxWQ5#b1PeP*ttcp|Gs9LW4e7qA&8
zJSNs}XlN$W;j6C2V0-47xP?j$J7Ah%M~wN8G;nQ)_ee+<MR-J-pcBLja1-@WdqD)l
zI82or5P~J1ARe1c6!E(F&>a)8(*!zH3VPlUXWB@N>DYgua7a2d?i)gwt3`=(gK1u`
zfER6a;whP+uwXf_>iHxU)Xt*#b*xnP>~hT?7S23wvs$P(W=vZ_!P1#IYzLbw!e~f<
zpETjtLnLwN5j}`Vn?Vitn*!aDNl0a~9+T7Cz`~B$ATU-a&|5l+?I_JxAGJU#c4_xl
zRAi2ONE`jg9@S1rZzU6i0Y06E)A4~vOBgt(A&Jgyjzz$TYhEixnzB)V7c`yp6eZ>8
zsinvv17j0bdnP*6{8=q{z1{&g!vr@z8IsV~HO4IPOHAjOPk<9y<vPJ)x}0Oq)6+6z
zImSW|u9lB6qBe_m<H6J@8|i?i3Ii!l6J`F<p+-k-OkmLje13VR<Z7849DF~yx;no+
zyZGP7Y6`(x5Jkb%xG%V_d+Hm2@|c_@A%t#gR%jYGimWxks@04JghK#1vzu$CJNY3c
zfiDmVy?_bL^amV65J=Q`|1nM850(id?WUHP^o0<;>vML}ZM1#H!fz6P0cVZc#{aQ{
zV7Ct2R5508;OqMx1`e}3aKyHAHmlZ(n1&KRB?qCfsn-Cs(XRyIKrqCKE^X|jmWxAK
zO*cY-#;Uhnpk_u^7~7-O0ZCm};DppdB2>i&+`}P0iXeJ57P*s8<NTt)Bv{boJl<f=
zp1UUInbgRExi_W{mQ$vOiSMV=>GUHy(Vh&jc>^zDC}xPmclJtIvT3@GplDkaNPI1K
zzEe%ueTZTJT5K7!xmDlw-J2+&z!DQmN>m$Xx6cM(CBqq0oh4u_Et$`AH8uXvt$w=;
zRqANwRXT_9HQREnlNo$j@TkZXsM5Tjsdih18_;$`NCpH;+)3bp0EeR(j|dvE2g1X=
zN1w5hq<Xq2j;p=(8T-3$p6p}%|F6$a&fc82C;q4CW2XQA?!j*VU^jpNr@OoH|6j}V
zmC3uYwe^qRlFUpH8?e{?_qL7ML?@%R7=s{hQ`Q+^e?&T_c*~S-WenZ_Um>Rfc{vQQ
zY>7W&%*hV=$8RT5v|uM`joSTeZJEpAR3H|S(0WiMPQb&&1Y%v8z{McKTsz_Dc<bS4
zD<tyKoJ)tqlk~y5xd#mU1BfXBn=2w8VQ-=(gci5X6;s&JZn<C6EGWjZ<q@?HYG<$4
z6M?Wqukn;{wA<NJg2q^Gwj{@i!f2qhW3kcVtqBc`#E(SngN14A&@?592Ydf5sAKk(
zLo{JN;o0HX<fF-O(2uvbS4}j!zB+|of5O9i+}_$cK_PiWuW1-Rp?ktZ5+F&uamWHT
znj#N_zdw0(^}U)MY>$%T&`(Sh8U^jG3z=Rt^QR%6P!G{iDd46cv@)1V0<Lj1Osu+2
z-&mpteN}7A4XFUvc9XFjTNI*;x6RD3O|bH&B@&P5np;ZdPohBERV~Jw`KfrI$>ua*
zBkHx2k&o$U989;!a7aCBEil7?JkbHz4gc|*p@bp95_Z}TYBtGZx?DJZG<V)&LAbF(
zLRdA!)6IV%ZrYi9@YaDaGQt$NvrV_7aI~|v_0?DCiWAU$1eHW=ZGDS=iU$gxl89sU
z?w>E!+C6A@TithC-=ZH$Fwt*!+ue6i{|6#rt8*i<+AeKv-STNd+WLStZ83WoK|`ZZ
z^!Cw&hB1U^-}->w(2(B81A;!F8xjm#Z;U(RPe%fMKqnLY9~PqXpKj0x^aEp~fS@0K
zI!CIW$C+CB=tO<o`f%JjF8qJ%1N!YBzu7JpLGc)KDLNA@B;gjV6VpyxJdAeI#)@H7
zAyfkCj5M}{MpozkNVH6F^p=UN(%C@(VRqyR2A>P?{gHsVUn#8Vlsp$a{3uqB%9Kc+
z3*HD?YIy;R{nf*nq2Fg?@;@<OF<EYHz2!}9M?rtY)VoKfP`Yii;ej&OX^ywH-o1Ob
z^)(ukV4^nv3=VEJAW5u9_0a*&7PnoP(iwh-TCF6<<4d&+TiO*Gy4yM#O2Sd9ADEVi
z--KPM2lqjufSKSVhWnaBb5m`sw%}|_doU*F-@oOU9{M4MBNnx5UmV*zZD6Fvk>Zs3
zM6u!jDv6<)8T>yp?Dt0!L|a?8V}b@mNc4!oP&^`1VKG7!OjGb%$XLys4#6VsVJ?ZV
zzUgvIwyZq539xq${!k$a(s2p(Ivv<f8~v)L-`EWt-#vja_!a`rMgbd;rZ%2}J`hZp
zkO&8lcq))!6T(9Ga*$*IxyFqSa-n3yPh^TdpxbGrq{Eq^HuYC(ZTYbEp`{-Eul-Nv
zFZiV-&F#<VgHk8Z2lTG{4t+qUnSeDQo`R`9`p{~Fsv;T4=toW^K{%GI<r4`pG}Py|
zf*{G1gFe_BS|8B6_l=18C!wS#=4<2leZv|a&Oi~p@y5iD0~(Gl;NrS@eGW&sl!cAs
z-`+PMgQHD&quOvXQ>ve80ploY9Gi4#jgKFj4ap+V%zh%%#xaEd(jr9>=a>npmQv&6
zzdwFdc(4G%ayRMv@JKNpJvum%`G5wD1!`cD$3#`TFsl{JR+@@*(Ij_?Q~#35Yl8jh
zEvBK=6RWexsTLa{^NF*3phhcXvIVJ~8pX-FCy7x=DcsWDBul*eQdST$365V=L-LS7
zsEvLds~v<6dV<k|B02=Clv;PCcRHFt3p%htS6Ye$gogvd+gY@}1A<S2Bb_AW&?5~3
z8-gK)SSdwH1twl{tIPUw$utxZxKgWTP#hU_-iyJMd0`q`Je?YdWu>rnt`EhPZuIJ3
zZ%;2T+{j~Xbjc*Kj=hRo!reL(&n+;PIaN1_5~Gl)v$TVO)wHQL6vwc;I8hQP6Wwh4
zot8=l$ag!ylL_|CC;~db1FWTMje+Rmr>ZzQ&kjeor*FiOpN_<(PO(#H>ckX5_eTPV
z0L2k#rjQnl{>KRjq^ai{kt7dlyPbe}EVI-<I_=xbmILrI(so2xCM;?N<bed4C1zR?
zXggUo*7BC5ZgI=+Xh0%*jU|CI;LJ)2X`n#41p_#3sm*2!jCv;ThmAlB`93nN&AAvO
zjLb?rqRRxm_P@{$DHDBpN9_WIb;2<V@B{{Va&@8ME{~O0<Sk~}v*qoE+HS)}m=ExX
zAddxszOCR=Hie5#&_NSLI{hLEhm4y@g0L!uRR0bF=G`axmF(?A9gQ#tGI|wD6UNM5
z1I_`NG-GVA5G&iff<BEioV5=4Mo<nddq_%~g1{DtT{l^9M&3mz34g#rmZ9!Xx}u?(
zwE3){DI(0?Y(x_rA)=&t!nI3-3>u5ct<K<=>r?k=zYX<yIT%>NktGWg{SB7i?dg@-
ziO=W}!gwWed#}F_qWem{HT+z!BYkN^SISSx7>B+X<9i}fo6ZP4)nP)^WaxWDiWVy&
zG1<BO2@P)m>MJbASrj-aB#nuo1LfQ57hp$+fi$CrNIDvDaIb}LJ_*PO7%h&d85|XG
zYmk85elCQn$|4Y|^7`LJ;Ix*o5)j+y#N5|We2|&_LWU!#_50Qao18nM)$m<ttPaD4
zf;)4;veeDO()F-wmY_ygTG-~loZJ3<u~-Z$x;-Eg&j;ORY16Y_uD^avf!9-<6w3;N
z1^b#gmznO|k_+`=)B3u~xKBq!$i{I)jB$Ve;P}Ohz3%?O?%~1S;fsT#{@(s@_+m)<
zz5U_Q!0!+IF2OI3x`zYu;;^sY4SO$!q&MjI_6~bwzdvX+8%lU`>XXKC7zaVKk>>er
z95*h8mrP#i3&f3PL+ykGm5i%zqp`=8$|xc_91@d95kPM=8xoHi$Bkb5sJ-84Hex}}
z4CG2S7La6yx)6FyPWai_w}lpJIg_z-cKey4S%TtZc&z`i+t940tv1^okA)tIr09rb
z6V)OQ6joRV3qeO=D`I|2_0#!E{VNi{78+AYrudSPS>wECisTrPW<7f35%WbG<=Y&y
zz!&P9WmdLD>rzjw+cLy7OHLXRZLK{QWfF^f(MiIz0(z2mI<~`>8A9hPL1asgNh|-Q
zHDtVnRrLi?na_p$JUpg{Eq?`UrXVbeQ#cJe@!&3Jj_K(wn`Rx&25kC|8!o#kEKBR3
zjct320dr5IpW*=ti2Q}{)JdhN;OjnZfLnATB@t?E-s{@v!Kpq=AuWT#P0srPv=Y_x
zZ|@sqI3%8u0hi2}UPz+}x%!T^2_ieqsR80+bAII(XF<LNZKhqix(N%>iUJ&xTCKEU
zLv2nI^A?IYO!m6OZ!{ZV^k^J6AjYj~UAJ?}slsw_;`=NVZ^K}!WS!B~8pjPtmm?Y<
z|DC5D7w=h){%V?RBB?ZPX4+H;u2618;|FD=n-nA%8cmKpx@x4^J)1i!u%CcPNuXt^
zKLN7&%Xp?70ZUB_hkh#su~VBG=WcJU`Ub@fsl$y6*p}$K?)aV{J?n{^WF4K63LRp-
zHmqt=X*jyHHuf^DQ^T8>;SmnBVGSw+7uF#VRL67(Cy3TVFEt=FO~{g_4K|{-a_P1r
zX}$icS5$pbL*?`OyWOMR{=nZIbO&Vr1wQch4vBxT*MG4$eBqJ99(mCl?Dh{|>>s}9
zcLxVA`Y&+T!}w@-f48^SeU8fKtDO`meE}VC%%`0}ET#kY<Y;`m2kl;k%BP0tNGYxL
zv0+YM_HBy3x|j={*>-j=#^3~H8)Xv@u5sG>3+MB7`^)E=uTl}sFrK;Lu)WpTao7%*
z*m9U&bTU?RSmEH33*6f4zBq93czOc%YpKef{CeZ&DoT7cu5V7-==>CUd>TnM;y4;l
ztu@=YPt-706k!yx9e+ko05#}R>j(Bk$iUiYHb4~sGXD8SEdoBmp|O`Xj&)`WSCcqB
zNdlrQ2w-KtbO)i?jOkzi(8&cRs;DtpW@c5jY7?422cnw%e8s&&UiJ(IdOuK2P3p_1
z9B?LKdx@F(#{Ir(K<aGb`$zqQ7yX0%qoaOz@5uLt-68RJ`$MvKcyO@m`7e$Rdb@}H
z!+x(jIP!aVfB&F&bksi>z8DPm_xeXG-^80-(Dirm22qP`<1L0lDo<07Ge_0^cd>(v
z09ly3%`q96P8PHon6_&f4NMPTfYrc^YK3M4Gxoou-M}DoRfYqb(B*G#IY_Vyd;R6j
z>ji#qtp`g2Qpshsx5KCIUKW%$bC`c|rRA+@9?IDp7Api`VH=K-HbpkMtQE&*z$`bQ
z6s1b_j{i^Cc59eUd><~zl&LEjRo|40&D}Ml^(JRh=wb+t0(R2RE^pjeHn3|A<H<nD
zR@2HhX^-0IzYOxhUG1Ok|4MdE|7?o~Z@c~N&hdY#+AUrCpXTn_PO|_4SOGW@EO;Q`
zD`H_DOi{oXxFg4r>n(C|r5)ES(DsO{jnKIXhYUs^ag2K1w)$W1_^5l-Ya*AR+V1{O
z0S#s5;ve!UpRoz1VRjX14au}>_d(x(e~zFA@^uw+*IBKrA<@Z2vZ>%p`u`&)F}cwS
zvN<8{b^Cj&i&ruD@d-yqHr{O(&#}-4lqQa6{?Hh1&^r;fAY5sHCO9g!OmOfm@h^NE
z8vp;dO4uAkAo3JZUW5^j@y9sy1CVP5M0N%j+b@|<t{Dig>eEEm5Cu^#nSXk5c8$2M
zXphbx8NWBGm_T%x{SEQz;o2UE$JhPDnNE<=B=sqCeS>EC{p9_MmhfGg>9<tsAceNy
z6}+tS4om|a`j6C?W0N5`$F&Co-Z+NQG#jP`^ZTPSyrdCi^A<}6o;njn8n>rcplbYl
zcIDhVF_-Y!W8#6+N<45R$HO7@G(k8XJy*=v0e{f>*)7^W$2_1!NOVRb%;6rwErp=k
zCXWSN?#yy+0=Ya}3B(Q6sADiG$4YxJ;HAD;o}>?om|wlRhH-i<92w748w^<u4*)N1
zcs}hEkxRoN$3pVhgE4QzRo}>5is0HUNcH;a)wMoCAB>{hys81mp+_3W?;GiDAy5(Q
zbVqvG*y%2v|J0lD)el#;tF~>too#u>7;%zM&qO%Z4J64cj2w9FB=toXSEAUX0eV(f
zxwgUNu5@`_&onrHTGW7TdOjKo>RXfkcZf^|L{T{0HPR@0gCjj9KU~?;8TUC*#q|s3
zx|0k>kx9aP72q&$N65}dvmuDbi4=+PTg|T3yG#+IcsZWu4edP(277y*M-XW;4GQ!?
zIXELJ(1C?=tHD~1^gyv0`>P+Wt_V>QQ`;WU>Ghdm;<=H`$FQ~|s$T6%g7c&D*775-
zP(EiM!R)@Wtxyd_YBAOkZ{4{!+KuFtJSfCL3&6SRLE6@^mEqx3f3a<*P*_SbUut#)
z_xv*&jf(*5ZwaN0G}ldJ4dxmH?&+0)U_>MO0KvquZ?mKVP|*<b{Jz1_8~l{25c~bT
z{?Sp<A$o$J=p>$4m6Q#wHy;H4Fdlwww`ul9Z4GMqV6q98)I$^4ORyn&b@jatmkJor
zuGH_6Cf_;fdbLk<t~?dGDdHn6(K`hXXH34+er7DpyW@}H@&JUj1qM)XIFFc)lpG7S
z#*Eje3sDnM`HfJTllI&P^+A``VXO@}gJ?JuE~w@vqq#;;d>7gW7Q_>Cj0FKoRZ0Ca
z@hh|q&wxDXL(z}IKsrmFJPD_n>F*!(dwY9}OuyZyhAeCuL7VuY*`xw+RmJW0)>{G9
zsRA{7R5SdVjIcLVN~&IE#Z{ejZKGD1>`vU&fdc?@-Utjg(T5bH1u7B}d-rG?GDPc;
zjV5`qnncLNlw92mrZzN_BHwKQV@K(``u+i2LrpHSQmI3T29V)UUnLq79ikzVAi?lG
z&^!jy2*QXEIi!I!QMkrLLz+7WRagoJHq&ilmnhY(KsmJc2W&3kBn2}=X>EIz*zF_F
zaSrzPcMs}Jy;U}HBmn*$R+&*;$mwl@qceR4SZ$Q96{64wGz=J)2YYZ&r`_%L_p`mj
zB^*Kj11Xpo2PaQ8MXKpE)lPc5XhJ58PjhCu$_ra&yV4<pXxLFrb{uHMA2H#${Ca_5
zm!S?Hb#aB9;;Fu)Zwe<ZvXDx~Pevnd^Jiw{j1K%=a{oo!CfN{Srz)h<(k(*tm?Z3I
z8~uU<>YF<NTI_@@Bux~s$7T{<+)QaZ58n3y9%T(G4IBiG{F+qaO|ADK6qlTiMkEJ_
z&Oj>EE;0?j!-WKwSY+b8SZ+~(qr%l)l;B5BBkJKmw`(`9rMS@~<iVt+eLFN7V);y7
zXoq@va+_y-A)%x3ikgSE2I@zy59X8nqBa(>qzh47iYO_TZC~H5$oJ4Y*gaZEP^q<H
zv;Ldw8WS9$?FiBh>JK|@^uL5RCKH{%>=^w9hjx1JPWZo*uL*3Nm@Se*!3^VvQ2W4^
zvz@Ym2owz3W@dbIXs8rVL4;u}C>D4`AQGR4l_Cex{{t*Z=uJ~BDV-tbiZ7<3GZdXc
zG%TTDt!!y@SnTKYDBHA*ID4AT7MZHL8c$0z$lI&yxBvTJ+QJ0za$=$~u@KQnYLxIe
zFms;-MNq)oU=w<l(jh(sIDDmLTHb1$0^&pkHWypaFRxE75%s^(T@9k4j;dhfV;lX}
z{kN5xO0p?_pH^{$^lC8*7Z40grvdZsuQ(gbV%Z9<9$W!35k(@-23ERcl>#Iw+!TUc
z3l4NY9^rCC!n~y*z4rOB*>KKS^yZR<|IG&a+wc01kIe>ok{tg6DkLbbqH+A&zca7R
z8#pgk4dqY7@ln5ju<!YYNB!Ns{qFuzw|{up9}W)s`v(JWh>!Zay}@Dc$nPKQ_pyJ}
z+b4s)!xuwu*Yl3L&pQ$SBgRv3TQpafHCmFx@P}@@*Y1@ahl9-|xzP&OSCexEJzgn;
z8{)Ch7jV=2dm2(PRvY-<QMa43sJOOL6FuHa#~<T?Hgr1n#ET&s!|S#T1Z<4j6C%gV
ze`zMEX>M_8E}*lS3KM`>Eh{JF#i_1ggrVI8m?IA2BThzffVs|Lv(3qljc%_4h`QEp
z$i`qJe@}22;~<!3=xvr8RrX4+rBAnR)tO&8Y1TLh)JSaE&Wx)mQs_|1wMC5!M1kB3
ze8Y+6X&ZiU%D1bUTcD*}BMBweK8DN<JhCQB+v2R#v`g)`nihZ<Mhv0{(@{7vKCarf
zt|KpC2yyd?&esx{%h#JD-jBLnWBE~~5QYE@N%Be^=Z~nZ@9%5?BeJW(C;B~fH{vWV
zm{{$$UGcZXQm2nUlRI06VXCdtHDiha!p%0zdZ68hek0EsbbpY_p5zn3rT{H!9!V`D
zx_;l0((T#ikz$3sdBlKZNBS99NlIWY+DQsve_C@%VdB!;eZ_Tr5mJc~&na}Osp2G-
zOi!e(tFJZ-^#4ik<T`!Xp_N>)%#&d`6{@=WR^@CeV2)W}TM!+h^f*CrI)VDo!V3rv
zUq!<kS!Es#Ah~G}XbsoL5(7=?EDgzlXU4rOIj3}u?`N1ySa?HZ8=+rMt}ibxe>g@z
z3v&qPVNU*$LR14BrF<txpwEHk!sNKfpyC)D)8~Q;wvjgVbHPG>4(T5;K^JF9-=-vb
z6AP)6Oh5?}2SsOhg8iggGWIaiWaomb&^Xji+&v{l`uqEB^frXB^iGBY8&2X45#uIA
zMja5;MRb_?Vm*VEUeeBtqiDM}7cqb)FCCk8GM?E$XiHh?HETenxpv{eFd<^Rsw=!s
zleHozq{Uk}qKTKcUr|O2gq<Svwr+*awf;~qWdnO|<d?Dm&p-u{o)12#TJbvJqnTP4
z<|7DI2Q&Pxd}dUWs>OFD1XR`UdH67^TM|A{&a@`=fH^fMWUB&UmYBIQ(oood5vC-B
zbe5i9xYc1JSJ%XSK!?PedI2fvJN;(-5|ix;^qln>oYBX##<%>?p6~EkJ-c}~=n63E
z&~ycVv6McOglf=k#Td#cdTv*>w^^lqmTbD_b+vRaGdrkrE1>Hi`TKh>x<h=>eR1gT
zk;DDn7sH`Pyu<Fk@AvnIyTcbR`osQ<{r-`EK)e?(UhKU%#NEC(=<U9Eu}T|ADW6U(
zA|~{0#SMW|N7$WQU1aVG%)-(AgOH39cst)8<ELM4RO$bhy?1YJ+gS33_iufQS!A=e
zc1en)DC+XO*(zC596ga`tt2OV%A1mhz>vfW#Nc26NlcEP&;HhQ_Y4LXUUadOY(=Sa
zERjG@&%Lj|)^~fy{e$`3pVHoTpn0v!J}6`}0(G%Mj`jR#agI(p1$8jiW_z98=Q6w2
zo~yO6V*j}fJbKsF8e4Y<x~;Ce@7%_ob}f`<evR9~ZE@KpacOiZt3m<LGAdRt(fHD<
z!UL1>MH=3Pk(h`R<@1R0)+nUK=Ly#32*Ie}1*uHDgOA?f*_lUDlFMD~+F8ux)8?T#
z4c8fnncj@PT4|;LtzIIyUC{!)t@rEuM8xmtPg4wIjb`;-{g}4lFnF0}XSK}05m%v4
zk@{KTA`L{w!>9mYK%c*mN{Gt;A#25)y%G<Zh*fweUSVb{){8Z<^kE<n4|^IaNX48P
z5^M8X2C>@TA8yyZGd2&}VbUg60kV=}#wohI$>rz&;>mH>`LpN9Wun&o2FIZ7ew~Y_
zjY6%_{*p$kd*W$LQUt_1^fNzB=j8#2tyd)y3*@9nbFx|ruyq;f4fJ)EGLw^3&O|m9
zxq|3KBXHX|3ouPJAlVl0*$~af&qk3PA*#8+T!p5m+I|{r5tCs&>G(1gQt5VXs0;L^
z>dg5pTBgb`8Y|T8nnDeFO`v+pPkAEjhI#FtF;8tCzq=G*5CAB~hIAIQCsX?v8MKRg
zb*<I(A{?j7dA<Cdd3?rv)~?GZH18gU&tRqDfPN-3Uw5IsJpW&M*}V+MYveV4(c}N?
z&hkram@hrAkK%E0f_lZiDwTKOMPZyjpyLs|yEOR?j@>Vutlr!iuv9<M7T-LWg~NMM
zgU6vtbBH~BlLr&g<W;ru2!6#b>Tj(-UN%{3OY^oBSV9!cxjv&a{_r6#M4ZC?4Lhb3
z%eIw>)E99^$UHDA;6Wv)&5Q?v<u0+uaT3Od4j=XH8^-G}W5S~a<Xqaw6!KDo|5u3&
zVnN-G&&bDR5S7_z&OVi&Ibd-fX;zkX>ye=qPhD`&M_zbZ%V{W~*@!F1A1UAQHdVwt
zM|C8f%-6>r_^E&Zb5&WH=Qg_1K9J@`%x!Zkfk+}bFLE>&wfIb1&ttpzrCb4Pc>&a;
zArh8%^Lv>>0V6jduLZMTw7?J)AM4M62Bpukwh5tcW8|v`l48sw4~U-pc(t6U>B&fB
zyn+kJ?^V0pL`bv`7-orgx4LT#l1VkV#;gm<WLp4F-~6zXMqp#?9LEZzFf3c0h85F+
zwODC>_@!8hoLO0jq~v5bu-Xe9OzBVraOkE1)M!(zNb~ADdt<v4#?0qRxFQqcT7=3}
z#V93>zP6?SC)}~u=@0&W^Ra^fSu0CNpr~3}daZdJ7C!!^#$uiRYGLf6WPsZ4Z}0Bw
zj=oRG&X2|?Jo_nMh;nMvY{6<PLRV(|RxkzYpgb5sI39~si<jqyhcL!c*(N0@90Sa1
z8^gw_K=X`1+-+nUS56TXD4PvAQ5>)+sdO&8jiEAlK4GuF=?{kc{Y^~qFl}SFETR&?
zD`4TfxGVz7izr-fC&ZSRf*>#34}_USK>3o3i9*UMeyA44j!+7iOv6bSV}%$>k1t}(
zXkdU2PbVU?Raj(-<;|g_q~*lKtEB=H$S72W*coyE7AlpeV#3n^Dh|uB&052f8Y%;B
zD7cf2L?pGcL&3C2h^~@yx7JyHbtD_Zx|KoTk>{Rq`V;EL+m!p_LZl%`Ul0>otbK@}
zTK@35vdJ=TB8BA{su9g1&AbE80_CD|HsVSQ2Ta7i)N;bb$vYF_y_^+n!3{Fk%O*(?
z&)`<fJM070As@3>JkR7S6P!gmYw37m1p2g&dKf`=WJ8{a8xd8B$C^Q*qbrLRX`o-)
z45=MJ1?|Hqa>COvNwB=)fVT1As><#x|Kv*Fq%*-@haJ&r5ur^?j`Z*^uQYf@vnc<V
zxOgfXe{}vGu@sJ*qT<_Z7E(a}0Ye+wOavj&*F$Ne+4OOnOdux@4gnkpM@X#j@fyp0
z`hwkwRPjw@Czh<xDLW<(#@D>GSXdwclz(8hQeo4Jz@{$JwrSanooccBX&4DAPLo5u
zn+8&dup(pB9IAC{mJfLOXCxjs;OsR_Jy$e-n|cPQ8?dNO-0KF{l(4I+6c9kmi5DxU
z{1b>o;NdIX6W`FTueJ97XDW38{?cZrLU83mTr?6D!WFX3>(T^H!XgY6n+YC=@noD6
zy7Rq>gKpSLM~5JPOu1gSZcwS&s|imtvyR{#S$(j`hLe#1RZf-4MS3a5nE0W;fuzwe
zn;%nzym!#+?(ej!G5MG+;~jWY5zVR*_XT>u_1RT9!==d0>9E75EE<EWr8~H0q6|qG
zdNDDcl@X1yaJDr5#HRl=jY@;orysM(GVmO-3zNE{36o(|kXW0u>a4i%Qu~l9{noDF
z(m>tOi!3m2hA|8HeEAJ;nqKTkb}Q+@iYO)>4vS*y^qL017MHC|8k^rtFA<ZhyEt^$
zX0+Q1MD{QNIg(hx_zpZOMVcAglDkw)>;+GfR3<6h7bF8{dF+1G!1z%p>Ue!GDs4~`
zUryYhL-|Ygp)5^&!M+$<(t^G~6xMN!$SzK1<!M5of#%bf=(L%?FWlKqsZ+JEvJ?F+
zU>Aa9;n>6+zV5B*7p{on0$iT~X9ySYaC%|j3ty6rKT~Smf*xSF{#B9+9vsP7Wht^z
z?azhOBZf~i1&?dR-#-5o^KqU8JQG)$9_L9lry-S*?%M}=2D1@dd%t(k``q%h8tEN)
zm!)U%dTitcThy8jHCf>eO&QfKOd=2NPQ;7!4m^CpV0d`VKx>W)V^Yt{d4KhNhF^EA
zpjDlTGyRtw7m^s=EJCEhX7@BpWJEe>K*_B1=95$NIEa-&$ux&fb8N68hyoIvh!rqy
zS!ul3gn$C#2v7QaI=v_|oENgcI-ID=;<`gW;}1tBY3isLe}jIsvt!H`bsPzIHXOVa
zZur0eXBZ!>_UnUn9PrqtJf2{pU7E*GWYJJ-8N9_(baRQQ)f}uDE~x0p&|ZfsTeJUQ
z{hb{&Aq4`lBuda21VRDhXjBf=dO`~>T372~)-++w?@q5*AKP4s!;8}^b4S*u?ig$=
z3-)d0bV1^A*cpX!Ly<|DWLth5ZjHjY!DIo+hNevH`6(NPF;C}&#U#_YoAB7NE%{R(
z>Zz&OMrsCR^CZxbiC!EMEN{B8B+4gYtUByMDg}t4#w^0x0E(mk<@c)X$D#gp93e0(
zYvYX+`t3WBP4(Y;{AWC=ad-_T#3mjOfdzwz3d$=Y-xi6}WOGF}jl0%*v$$d$`zHc=
z#w{7-^PCowsmR3cdFD^4kiXkFt<X@F*s*?KeTIx>9s`0~SQJWybA_zcBd$WccWk|6
z-9n{Ia2N>?%MDs9xR=9BU&D|k!i)Jb6+GO5?yy5;Z2VgB=US+5c*jgxNU5L2BQzbw
zGtQcl@%Z~N!T|e*b)3x-y^h<ZE-hKnR3p_Sgu{GV7)!_C>?CBntTb>SG9PwQEV53p
z#$GB9{;Dlyc&im;FFL)T_&QxJy2+x404Ku(GEc=BWc!hYqG4rNs7K%>SDBn?T8)*b
zZo`D#r-*X9h$8I-x5RZgUip?@lSTR8(cD2yBQ@4uRB_l55Bd}g??i(l{Epw+{R?%w
z<b5nsH4PJ}vklFED$nSr`V?t_w8c^p^BL%-P%%1g6Wtp7n9KNYBstuS`0Xbe2N5ek
zc8Vp!=+d|pXe4M^tR0OkfYj7-p|wEX$BqFd4k7(rPuFpnF4{i&k+oNFQD1o3I(E|H
zm+vQ2pQ=7hr}Ry8Q~LU(3kkCEvA`7~l@*u{rj<xe^!ZWg_Z?45FaVgPPR}=?xycDo
z$FubORDUoD4b*%p^hSdE=hid5ONN_cLUGV90R{7>W8Hv*cN~fcG%hhqvblr8RP<#*
zWQS*hIRLjP$-M)w*X_={mWTLP@b|lr&~TUKgu=0)kLXe=ziB>?>r-a;|D~A8yG5&`
zHf1t4)hwrZrdMvKkV`|rET7B#Rf?XqJ7=xij5h0QGXo4SW`GubC(O~_c-bM5k<es;
zz6i{YLZ-+8(V|OVZ%e$lQ5DsyuVi_QcEJK_&6jZu_?d5ynt|}TRUo{nyk}#WJ@DK%
zRDUP&Li&E5+9|Sl5G#N?9fscVhi0CdfXztECC>c0ZMeBSJzXY?I03W*bV^g@NNaKS
z<t)jw0{sa#v29hankk3lk?Jdg0peA|IKLvfrF_AVoe==SoM8sc36>`;kMRn!Lc7I%
zh81!xzyHtUbKKLm>b?z1y3FCYt!zaHxC#n>#-fIBWA{}`6l`=v3H9n&B&qNXF8-L`
zNl>C1v4K16TB5fbS92IMNL+2?xZ~pJm(~KX>t-G`aYlBGYA+fTo&(lqei}+6wgWS1
z@G}py#&YaCH5^TPDvZn6%pmHD2Q34SG1J9p%9YqnlvsFF4QOn#LtOJv3$Ibcrc&Ng
zFM$Apup}vDmYHQxkX}dGeiZEhU{X2+zK6r{p3<EgW0Mv<8EP3jGNustvaPkDTQR3t
zQ`#q#OC1Oh&^V|TT1V&e7Q*RTjofGlWCSvI$7}K6i^RrcAY!PD#U``>jx>|6jje}N
z6;^ZCVYq3vKn5U>z6b;W9cqzm6iNTK*0&CGD%N5c3DBiT-cpC8MN%?6s1_a#bYtMU
zXL?S+%wP_*aX7i64w`)8(gZcL)-*v2o?Jaax<6zBar<-{lTdgs(?G!_@pw*Wv7#~N
zNg{Y^F<YHWkYYd=Od5D(=2o8!5e<b|!<G3!H@a})!CAca965tp9`_YtXtamS5GKZ8
zQ0}f>dS<y^LwpZaJ66mqhW@}vg78U;{(|byq-=E{m{V1bI=!H9-AqN4Fo<zA7uqNf
zqo8eeOg{4EY{uiDRwo5_m}5_X00Q1tBH?Ie$FV34SDH6jcgo^z4F_0@@pP2hI|#6x
zipC*<CooN^=}7W4sGg!_$jn+DjTXY?cn97j<zpW68%xQf?|z~J*F6tQ7f@}7IFBMY
zl;7fuE(>sWx~Nh_9F7_)R_r`(;if^1*KLAafrDLgBsd9?L~?5?qFLLY@-$OhSt<l3
zKhg*E&^KDg@p%fh-rS+mBPT}rI>uOd&T0n5n|C4|Nwvb5h7X0=922T>gvu0Q>ms&v
z;j_11U3_*Xl;RUo1TdKsZhHg82S!_es#h=-R=~fxqOw|)_0?h`zLWD-A*F&>N9#qK
zXsaDZ@}7}h3RuuAR+td8Fw?Cj;GG2Zre(gR>V5?Z^}9UE!lHDREB@Vu9BfnE7qyK<
ze0!ErVBFj6Fm{+gP`+z?Y$M-o(@)mM=UKbxY1=4(Fok&QoDeed(dBWYP1mX~f^drE
zm^P<*Q;RsX6Jym7D2+1w@%fc$y)gI{dbjGZ%eCER1Ula)!($jvwt`qeDieLT^$q;d
z#*d3W$Lb=L5A#kCt4pCzic1L2RN|->Fqew4UWk_Yl%8b1eiTY40R{a$evevi%aQV2
zy!2Ne^$Bv4rtl`v{^eDt%oeWr<5(TZS&|B+PzJ6VAP#LUdl*%S!i6Yae95v(u@N{;
zbY*K+BA!C2s40)xPOs12%rmX@;(c&(e16p>&RZCk1VA-4R*|gM+>#5C{y@-R4iI^_
zp5vrf&*=s5rOzrYqr)BoO$J_vUB~^Y<-5{u7)0X8ZZ0Pdv{9GUg1k|lQAXGA1J<@y
z#6y`Yt^L)|+tF|Wh0;U-qZ~<jn<qGx7+2>@updEmRTSQd3Zpara4g0mO+f%5!pDGJ
z>So(?yWQpEl#0yw?V9)jMuDOBA`tq5r7*tEq6#h{IKwFSOW(CEEs`k=s%@F@a@``-
zVg{)J6i?-7o~Ni~=ZVTv!DsNejorxdRBr*=B)&`o6SAkKT1ZLR_4S!8UZ|y^`!vkR
z0CatQ=6D*&4|e4mrtqrFB>PpQ5(4CCrMueLRK~QtudmM(G3A7N)ful0U6P6;?oXQ%
zvh+Iub%Y~i<Rv(9L(mu^$pb1XfmWrAr&*rVnvf6ka?C$W(A!9kOtim@9Zydf8{kTN
z3Xp_^s1qIQ|LvkI|Ng3tu?za<l4*5o0SR*;zSGM$;`3^jd3UC~st*-JwDNI;Rd5lO
z6ENCKN9ah5B^0~D$jmUq%9#2NFeews?=yXYE2)Q0m5obUP=Htf$5|SSdv<!^qD@u0
zsI;P!orUp4q=k}i_o6v6^vAD@ZLn!V@}w%_`mI691e}!zz@!w|rDc{?5n$GBRY`>k
z8qwOzjN*@@IeQKLyFR*Lmsi)DE`@e)2??&|u|G{^jE5XKTt?i#ouo34NqWYzd~bOs
z?)iM3+F<wso8TK%0RZdh=ssUTk&0<iItTV*B={Ze=u#F!xplJNF0M1_7@aI^e<}YY
z7QPn3(s>hkefY#$HiwmQjrB#E&5k|i`mpnhFMva;G6<-il<A|0jRRU1n64ry@w-sm
zZhD&P!*yJuX$TRL7jDvM6HZT2Fo7g$s9S_`T{)Aq!#YO}oK@$?d?bDnsWO6jtVEVk
zsZaJvs~;8z^%EG76nJJa<{HfCw|k03;V9)$qT`Ne!J7C%zkbgZ$St8>b$r7066ll^
z0&Y{boXQV|{lZ02?TWFEqdqatBNEx-017-X)RN%C$!!^Wjt6%I)Eo}k>BZgP&FNdc
z2bXLO{S<q1`WE)8EmMbV6h%Mi(1eHIUcKLXd->i?aYZ9Og!-9e;ev;EO%;TyfK0Y-
z5P2=3C9@s%PBbG1i9=vZwnAd1)5EnoJ$y{3hmY;_@Tr|1KBdz??x|~&XB1DYj#F>A
zUQMh}St0%~5Scy{<+w;(iYEq@TBeR*9>z?j0a7p{IMI@=Ubarwlgno@C~#b&MQYhR
zl?I4Bl4NNkCkd830}1c(<3`r|W1-crW9WKWd8uC{4~a-aNa3@E&<Y=tr69*}t?RX6
zy<tWM2n1ChgP;@o%Qcgh@yP*@ii9yu&nS{ckbtYzBQl=N-qf_gNSsZj5~i6J9HZ1E
z;4FiOPRpBt&(oq_L7^wO<Mm(HS0Iag&!b4+$xD_tm_N;9rc$v!qUTJ>D7Wq@n+)=h
z-Jqaj%FNAVkVlw65-N~k07e|li?I-aQ;ft8*4eJT*x|^Q5H7E!n?$71Tub4C1=7!L
z5++%8G9E?>B~?Lobh3CD@P{?3s1+8TEwtv`I5l?F);9o>(#GzYVfE8FCRDBA@kn{B
z5}u;WfZ<CHfhs{r@E&7z)0+6-><Dw;PL%Kq8VkK)HkEu#6+aEA1JM$J*_fTG$qbe!
zdLgw62qW)sP)SBchH9NGv$+6zVqFFsiQkHOJ=&oLB!4T=5AOzOIN3c^8`TMxybC#f
zdd_EJaod+<4t6qM>i#{Wh}$F=;_CE52_JY%ZN+ND;y^nBd{yN2;@o0Y6A*U-txYZF
z?Pq<0l;SEYbwbR@+~b3AR+$ae0x=lWO2aN{hK3(27lTaZ^g%7)Xx1E&10!@n0XIdA
z8cm5aUnUAs1`8S}=4-`jXq@?sg7@Hzx1_;=Q){nr(dj22wS9@o!p-}l3-}A{?gbMH
z(N*xqqejD0TR0w%T_j(i%UWVNDHg}#+rU{tkmHf3rcj}ze_!O-_3pz|OmdzEUX9m9
z+ksq3(82bj7j0=xtzNf}-)diA)^z9njDoalNX(az3U)37acaY23Ml3<NGVfmS;c(a
zlb^#>ywy{|E@aTZkmz*rGs<~i$Wvz_7mF+D23Vn%OtuKB1PN`hw%nL}<HNS;<|snt
zag11X#yKWyrHjos#_R;7p|CzFRrrUz6KQ1XcsF-Y4`NdcmVVs`iBBHA)sorcNY`;H
zinGkw`j{=-VMi#3iV*ZQcvO$2-Iq1`#W#sa6<AfXAB9N3;J+w(E=y&kpd%CPNW-hr
zr2dPHb-}tpcli<)ppsU?ebJyZG?wtUN&~5Tnn0WC>sR1Yuu;_Oeh@s$rbkl&adN9G
zm>KKioz_UE@G|r1ZEHQd3sWfhQ&S%CPqg{1u|BlODaXt$>WYf1f-GLa1K41+E%e2j
z**Z@*Pyx#k#9a=qGM?qj1F>43f`@Ewr@cRj5&XKth!(0n2jur`(bzzEl3pVbqz6S3
zwXrR|62UrvF&uqniia96BH;Wmr>3`v!w$b!$i+n}#^J-Uh>Akci^lNe{8Wpr<M08B
z=}n6Abwu$}M1m`E@}Q;0(~HKljh+EFl_?!n#J}n$3_;=d4=+v~Q%d!0IXUV>4w@ZD
zQY|cjm8;?;;wlS$c22t7snt?mpPZj=mO~c{vf(urrmkk@!^fFqJV~(BCOH?PxedWQ
zIX_jF(!^g-T6$K;<ZTX8&10Tr+@BI<JQ%dh&{bZ;>7bje^X`SRQw|x&7~sG=@DOUj
zdBDM<@D9BH4~n9r)kOsVfy>*eDUs>MEQ^`M{+q!V%}JK)uwx!i;I4uP3fEo6CsrG&
z3;|{6>RyF>b}1VbM5sHcKRG>o$5KhL?gnk^(D$({1~j3UW0uYliyuaZF4?(Fz1Hj0
zgz4NXc3YKvI=b`9#lOp>g*xKc8Vkpa23U{44<eeORiq(ghu^C$KI6a2xGiomRKf7n
zz89mZl()qo5E_A=;P0`pe>H=YKGw(E;m=pFfllcyoT}Hi-`#DxWn_cU&oD_^e^h-5
z{cRITwn3Bql1Z9kFu|3Uyvj$h$WD*f;1C~Wr^jkBL-@@4Y@9+Q6^}DL+2WvvHqSGR
zA~0hKk=i_lbBVmq)@Dci+0_j~R{>py&{1R^oXeb$S2&(ibe7u==v4_ET5@)CAf)1w
zz<=^)DE7LX(6ni;woYaE*IOa$EQr6x|8e7w7UPqn{$aqAOr&SwEX;lixxU8gf)b{+
zL+9yv>-?}6Cf$M9z@3~gsuZXt`{$GiL<$Cu`dXwj1+@cVI!+!;*b#n+Ko*68HkNIZ
z{^hkiQ&Yh^@Xlp+8hb4d&sXo@BV0J%FQ4^)SfBgr)i%Vi(#I4tY<>L#jClEAOy4u>
zE;^(-?gDzDl9>+qwQ6QM&u=>HkeWd86*Y{%zIC`4ffuE!&>TFBPN)OVbfX!BpC|^Q
z9JaCMP(%t&ZH`664t}**MC5Y~(H7W(@D&)DjK=|wWGvizwGP2`3ZG$DizJy!@iT|g
zkpptPq#9rGRH>vp)n3LfEM|9g1<n$;ODd^3M1PP9ER?J3r6K((J&zX4I=ywPuOYR1
z-L)F2wW*W{pbl9M6Wib0-Gkk8biqnqR8qzdFHT(&VGs%0g~k(7+l@mi&Ysca*)XOb
zuCFgJh|<leqnIh$wjFjX30Tc)P_^Jn1IuUPW{YUGVOP1_u2HaY&>!{&d@v9@-M#T{
zH|TEj?qIOn4aPg;VNY!P<8jdM4~G50ZjX0IqPsH~_~Tx0IPUv9-4TDuf{pIE?$l}Q
z?|1gwz1{xa_F%X_*ll-%?v5DjjmD$Vo<G>#-WC3!8|>`v^@9D~F5lVdil9Fl1q(_$
zo>caPQ_~TLEeh{MER?!P<w$hKJdE;GTu)P>rZNhuL2vXu%j^Sk%nS*ZXc`M?C(AHf
zZLt~)%QhAMtxf7*+=QHTFo>_L3x53eZ|!eq?QaA2?RDo{@yo|=vtK@b8~yU}+xQpu
z@!QG4x8MB2zP+>VN}@p&9G7Lpq3FF{wI+kw#P82U#vznbj&Ynj6~>a~elgBWC_hb;
zNzXQ!P<E-q&ASzdyDgOkGB2Hs1(J>9v8;`9Wt+n8BzydfKim|%?#B8vi%n{yLtm45
zVYA%+C2h?Mkru2}+J=ki-J)kzDVtk!WVZWFB2tIFQW-<+OTo(X>ZjP6Cd*`{=TtQ*
z1cx%gN7kxXL}qC%3XdnrVLFrPMJn|Y(?TXeYJG@7#fe2=QtM5b14F4gASC=OYrRux
zufk13(=d3ImyAWz+*6<2jHypl<K8W8T^f?5MKT;%{v}m17OjG!Lfry8Fq+ZyCF>n{
z`}@Oz*Ye7xhx81r%sey4B48gVlWs;2*Qza<J1KQP`luBY8~N%Tc>nTS@3ZCx#B!r@
zeDrQ^^m%quY?PZs1~+<3-GEB*i@v1NiO9|<8%}>^6^+7ccI3)(7sWu)T)O#!N?M<y
z5`_prZkJMa+**^d+6CcE+^ncHSzg?Yl&Q$0bCkoR;&w^z)}w6d1QZT^B-_;B7bx+#
zvXjp(=BWPnRCBB(wK@Q<0Q#gmA+u?DOmBD`+?1CsNU*pSN@$y_hW^R5`_?1>^g3~m
zT|-~0B3x-(rS)uDXW)zNw%*{BOTt;r>kA*FpB`6j?%DlM1rNe?1pn=Ya=#@}lgcZ^
zpCkD%Yh-bODD1g;!WdEiwWt@hHuh@C{JVv2oVIPcT}U2VE^9K1-sc&hVKuo#WfXx%
z;a4q66+~-HCjt&;JaJN)+?lM@t?Iai#yhlAi)HMcpIqM@9=|(1_gdc7->&F)SbuI#
zM@{AeN}npl!kalrOd0gXyW=v)YcP?NktHH=2kt@po?1d&i8C#@zfT%2Lk}#GTHo(_
z7BW^P{!NDR<<$wiyHKuN)<?|6TdgMVEZi?d0vB?J^}0Lkf%O#z8Ak@AT=OFVy<p1k
zLYb$FcEamkzpF4@l>Ix~?y?8Atu`02ykHOZ*Vuw3z8(5&7G>#GqN<9wFnNI?Yjts{
z(Ga)*iTO9z$#4Sod+1PYglEPE3S4Cq!S_`Fnz19#gGBBxheURVv5JKJgzA<~Aj%dZ
zb|{f;eFKzrr+M3c>h$noJU-87*J-XY5&R$%b+(I^vJ=dTD;o%kQi2)2!KN}%RNBY{
z7CyAcGQH<%Ac8hPjY75uB0GRhV=8!{)j+eeDFN?n*BJ6eJeDbC0g}}PVy;A5lARXv
zej0y0=EL}D+#juro@_D*?K@gTU+}39NxBN8cfdY%Qw70$ida5Y&#SV70TYNHpJ3uZ
z340qn$3}Cea1&a{^r~mf6J<If)if(UFxk(z0j`d((3PEPIaA!35M$*agDzvVLr(36
z+%EjWkSjPS+(ngPTw`21@uKKnGYrOX5j!!t6o^}}V8MP}2n}-Fhj$`I1XZ{67SvaN
zA!nebWwoz$yn&?`HVb|z{^+;?$lPQI17<Y_RTB2NgJEutLYKVL-PL;p3&I;L51TSk
zqG1yBTsg~}utz@}p1(b5zdJeTZ}0AVC17`;UA+D}mYK=30?`j6nJ9MXJH6^Q-FDY;
z;WhPtiAT@UUDu7(NWa0WRU!OTnl8C@JU-pQXm7i}JKi1d@ArrM+kW344feK2`}_Od
zK~DsG<NdxE`+K4{829<kc$<&*cXoCMe7GZcKk&bR$H(ne;rZ!zx}DtxPMpT^a6LJC
zG;a5liE?XL%%`;2LZt=EFb)`poNHsju|RU<6rd72Ovw^RMj*+mW8O2eEBM*Vx(g-V
zqcI3`9*@tj=-43mdx!rQD}LTMT3@#!I&|n+1<)7tL6yk=(aN1K<m*dUH(%WFpQ)I+
z>BVDfm#?)}UZ7I>8tpv4E_qWUmi{u6Pve`vhXqJ8`U17YSC6(*jS$x51c>XitF5c6
zGlO<pBw%C`sj$}&(ru28B32pYjiR}i(Yzb`^?NDe*sT{WjI?z9K3eC$%F~JP4tlM}
z)<kMzqp2j4sX=ghu})IWN%3?cIUpiKr$p{&b5pDaEG{fVwR(HX!aX$7UdKV@z(v%_
zw=DGIPwy0a4KM36nm|=IZJ$<)*=TiNELT&ET&?6341xPC!Pv}Y4w(cH7ctkzf)hjM
z#3Ls><ul<FhYDjq$^)k+lZymf*pka^JwJ4>YO7l#T(3H0%fj^@7pRAnn*;S8quU^z
z24!YVJ;r^XUL_=`!;8~Lu3iGCg4pjcHp5<2<S7f^TAWAvXaqF#&lS5DQB>pQ1#B}d
zPt9ZB(OO=>PIG;B)nKbx!uJzRHO}C!ZelI-j7gVvr>$zDS>2Q#(Z#_GL{C4|ax*rH
zlKni2N@ECF8lyQgMoa+Do5w!k;x_fPf*;{hGvcj5=oCfCR8#I_a=T70?^`J+Q7Ntb
zB%Xw^U?qtEjek&_s>wKgTBd2op;QZx-ERz!rSrrIk~Im~kU<8%th5v+h0jt`;beN{
z^GKXt_yi5P;!4C`{7`*QI4QfPOjVfRch*3qTVqPUX0gf$F@~O`dPxohNs#-+d2X_(
zNil*vaYA`AZ;06EiOMaWvd`00A2}q@x{2yd{a>@HpVN_&^^N*Lw57_v4^wfE<y_Vl
zHB5;rHl~;B<krDBM683tBrnHE)gYdlOSl9tRWzlS-x{M~9&Hx6ruk?TiI=k5BDHl4
zw)o_x%frg>s~?d1YcMU<1T915fr70{c0I&KfYLySU~hkW$CLBYjWmwreIzFa>b~XC
zl80D0sH+tSOnak3pHQ>t9ap#J&q!#&!8@o`SV9)JpfrzyB1<igB(4%gx*~ZLd7po2
z(fw)bm(e9zgP*{r-|>ex+`r8e<sIzUkFLUB#k-Mr(CcD$IgSNLi)W$AsA8#z=fz*u
zV8Z8g6QlfS{>C7p;yg7>UB>`fRD_8CwezNjrp=D2*Ek4TP_7h>t3N<CEdT^{D|#Ye
zX)FZ94dC@dxJ_!wfZKwy?)Wx}DwUyz4z#V%Qbe495?<CgTw@&9Lx;zR(+8)6`hBR}
zValDN7izseWLWduu{8V+i-3maq<K>H0sptdcW0D8uui|qORC|lY`599J|Dv|1LRaf
zyA`Q1Lz0Y3B0VT`SNCD&Pi-}Nsyt?sUzLc)1(3R_F=s@9Ca%i|kptFFYh8@P81XtC
zB=QkFy#<(IBETAHONir<R!uP}6UThp@K;!uGS8Ac!_NpBI?UKa%c9g~Q)_ryHh~0v
zm4g%ebcIZqol!j+s$YkSjbt9<1r6Ij3dh2q`v%&9x`^I?Dv4g+=?8=U00Wc{W7mE_
zb(uk)qVqhH6h^=@Nr)0fDL*1)mXuZ*Y_$t||58MJ-qOmYQ*ITpd+`A(kt9s9T)5yh
z*-~dr+;rvUx3x&tikN>^trkP>eIjBCO0|S-L*xa7(Ek1X;f@XLKdkch5&{4JBS$7u
z^bZ{VPxEYMu)4aP2=B#6o+CY67=Jk5B1&7|;M!=rG4%j;gGDT+B8D2NWqeUS(ido%
zr>2$G`Qw!YBKi9dTnwl(gtZN`0?JpW5J*2QFPJc9E{TTQwA@~>w3d*foIwn-Fl|6`
zDFDfUO#|zb$`l-ME&G%{-;BAV!%i@z;D9k^BAxW_Z5G7p;P1Ie=l=)mh#ejt9^x0N
zOyHNy$A6*Rj{YU|XZVSp9LD}8bC_OZ;%#EtqCS8iaCCMGjI`TIWDCaSJMXt9)>@ja
zR^}%y%}z_R($Z{v_E^&(CuO_H{&1(RKEpG>n>&@JoChBFiWwZGN(1#1^KnXR<y0VY
z%bI$@L>lVw>b91s_GFH%P%f9Tb&{vv+sLIyC)jiro(R8hhRy2Xdu9^Ma^mJ*ZSYXr
zuV@8008)=$0#DAgS-XWVlwq@W`+tUXnR;guAyRtiaUq7+MQIWfW=P=+nPhP60s|y`
zTnMeUnbYYsb4n9pHo4EEa;1|7{%`=wwrVXr13T~?yKv3bZlf)<(gVDVb6S@bhgYm-
z$w^W%7U^knH*7k+ex^zW)Jy6Vz5`1-j%6PE0;?;?6iZ8x<{_XkHl)w#%hoxloc2=@
zaKCB<tO{ZJOw&>|#Z6m-SfSJD-#)jzJdOTSPmO&uS0X))$I@DKZu$6@1A!z2WF55Z
ze0HT5<Oz_dwAcyIwN42kQvgj1GiQ7*QnrhhvWAXzH0vGW8?j<*jzkkAS_%zEgRQ(j
zu%E;-D<HBQqdxaRA3g`ztxxb0W=wz51M>+Q1L#RA%!<Atm=(fd<}*Q+zOeLdEDS)u
zE%oNeN7y6?D21p5hF<-n`-|T(!@2pBnI08CZK%F22zbBtIo8H-KZcrHZNgM-maS~g
zPm@el5~*m4tV9I}RSO=f&!c|c^4===ZIyWRR;>v=Noy|&{qRAt3d}cu&eedOacB21
z&!#dBf5mO)egmiy?aKGR)9h=$zw=7Gv>NzZIP>O^TBbl1N6?4MGrDeGzdgC$bOJ%j
zTFd$qVcIueKYAFSIgX}%^XQ^sqN96BA(Ud2^uusQx0vWmIxUuPrS74$;8es~kq&*v
z^UTzL3Z6W8#MSRMc+~#l!GjyFgV)=7OYBGe#w!J}3%6qan4y8j%-CR?zr)D5U2Yth
zh%bas{DT7#*3tb)B?hT`-q6jL^bfaz=K5Y@e15aeRS@#1sIOQD;0t+VLBk4gFcYhQ
z;xh^N7C{u9Q9?^+T8b`-XjCeByQ{p-PMw|AzIfN-t@}-Sc-aB&M9!AUuMrhj8sH@%
zadpD$Mzxh%s0X(#BK%mIP2?srSp%d+KUH4RjVl_6RV-C|``cwp70@E*h7HnLPIsNO
zqF}JSyC+7y?QK3B1>^1g@lH3`+Z~K{_D8$@@%~QG4R~Md?u~+-!Om#g@9u1mxBbEH
z{&;79d(?lyv?8}NE|6Srr_<{$NGSTj9e_q~xYCH=`28SN6DT`;T=5{8sMVOPtOcyv
zD2$6!#Vr%nv|NznMGbmq&>!p|k{Z|`OKsPPyjWh**G(ZR_2D_GM5V=U69}s0|7fX1
zEBX7<DMhOp_%o#zReSTu6r=Ul&~gB}v3i@zJn;^OJ3HHbXsk-Mh#@pdG4*DWRE|5m
z$>9ysfR>TG@)ZEDm?OgVelNcUu%*=!0g_*rUirQnc8C2X%&vK1JwNMe75!CccVtzw
zKJnr21$GDS)z7N|-^yZaGb|g=*p>}RSUe_Q%)zvJI{pG|Yjh{A8m5==E3InfnVz4=
z&;A#61U;UebU7oBb>1vuK<m4q&#QPt1t5!kAkE_f@Y<z`g(GIwNH{}(amwjc3AMKD
zysfp;d~K#8OXo{8;5XdAmE&<yWfZjAES=jNhoVYzvpO8c%;%U3YEY?GXu<2Emz8wk
z$D@~(+FY72>$#9-`YH)hnRo{uy~DFJ@0ZUlFU{k_l6XNMoy+)A%FHA#!Dk<oNEZqr
zg)X#O6j2s!p;~t10`9@>UVnRFlQapM<n+R;w`wR=!lo9r*fDK5P<py8j5NHqu^D*3
z+iK4ivY}jE@tlY)X|G;AujozDC_E*{wjC_=RYV!$IzhmhmH~OSgqTd1vLe&$O+Frr
z^f={Vyky7xZ2Fssv`yLG6tS*}un|x($va~R{^1y<6Dk&@l*n`kp4@OIs4NvV2$v<+
zi+K%x5Drx=RgqT?xHC~C@7psOh)uKEdd+*S=+~Ku-|>gWGrJUIi(LWTf&4GnBN}W)
z0ag?rI}+rtv_>;O3iV&F6OkIG4U@fYw~5Cufb&L&6fXbcW#?~Jy+b|h0OSz}fLHcf
zRDZ^!m`jnCzpV<IVAVQ~G1HAge)UJE$)Ryk<EKQn<;}9Fhy(@3D0LwZJMLC4A{!}V
z;`;2WT0y9~BbvJ0p;@Z*yw+dc#E2^~95504QmbnhC+}?avZi~8C~I2bIP`fYu=Hmd
z-s#_O#T;eATQN^~2pfeQe5eZ=pFhTVg|;vlL}u#l@;sZ0SYHAdj2Q>@Ql->i-BSxZ
zpuj-@$!bcNE<g?hN}&3@n(;V?yCodEH1xgW5`u|pUQ8Wge9_4MK5OL(^GN+zHjhjC
z-zoL0X4-{s0j>vPR~=Xir@4EyP~f%CCL&(lpfhR<+C05*;zXX@Y%^5FVpNKXZBNEu
z4}_w^_)CIOESH?02SB+Tf1=cK6Yd0YqHe?FLwp;{`}hdtx6@<Q;25~N4HI+lU~UD@
zOpdQIf1=-IVOhdf(!Ui=wagonHsEm(XFkN?gNf}z8Z4ob9oEo{tFTCKD4}~7CsQ@7
zJkO-Ln%)7*N_whPF49XeMl*;0<|iJ7L72@=F%R#c*WKS~Rf`K?v10GQn~G@WwLDvJ
z?ZE4@F6*&>+ZwQc^FG&JY`h{LdCaYGyOl=*&gh0y_p1#<Svs+r3ihEmUX(sjM1u%!
z@0lj9oA8K4njw;ozC-nMC=plhKcI=7_|AD}aog2#aTBQaAyE4*_CN&Xj@{9Vg)$k&
zEZ}q1+}2`0-C>@|HVu;~wLxZUQY~PDDoUY!jkBXexUot+LVXjoaO;UNfW&2?L%&rL
zp{x`Fk^R&<-oPmHiZm-_JP{#Bx=2!a7Y1lZchLS*nWUj+m#*TGh~$0qc;OtDj~ZB$
zpQ!W>l(xZ#G6}=7Xb`V3!CO#HhdN+w2#F}dqCi9=V!6I5e-P1(;eANs8$}hWZRV#k
z{=af`uz&`4AsCMES>U=L8qZnvr!;?Br*enVloMw>Gl`7VC@%cb3Kp<fY=MIsi|}pR
z>?*gn|4JEvl`c2UlQ|$NW!asx0w&Bn1*i^g7gJH35bQNV{6<0<xa=@x;vos?dwuh5
zcG!EZD#G>;$EH7_VjfM12kSNtBUr9l_+Y8<^Ax!IA33s-d{jue0|j{n4=5N9VrXK~
zR#Tb5^G-R`(lD9LU^`Qt7MzAs-Kkj^#NlL`8Kl{9n5s;l8-QR6dh%H2DFE%n*%Ygi
zt9hL9hZb{f#gE6D*2B~OA30K6-<VlzBjxJMt_&)e<xo~$A1YAR%Z-1AoJX{z>Gg(r
zR7EbW0xXJX&Vo?+GEbq9Ggoe$_u<8<S@w!d9GXBPGpz{`B#((1rV@~7bFf9kNKX<E
ziFC5N08WBls4eGJs?1~W^!2om@)5eG{;{^^aq<Yw<5i&p(0#Y0#bv6;$>UUyrS0b7
zf{?O>AzOJ^eg8#cwes*0fm(UESz%_x{aX<Sj|pDNLq>0{5y4b#;*nuYPFo9OnVOq;
z67_|I*8(FJT_J+~-tKT`dobvY0}%|wt{;rL`@_-hNDTS*DA04c!}~$d>+bdXyuUl@
zjs2kr_IE}vA2pPRZR$V~I@Im-wmZG$kweb7)PshcQ7Kn|T<xE%)Ojo<Hn+th?5_B(
z+v)ZHebLgbl%rYAMzz$&i}A78mvm{6O06MTpQfhzHyypNh|(*^Q9-xzD?6jF7CE#W
zPFCZS*1KEvh}3B-@gc2vRkuKxGKdcP5tgSBqzZ)(&@X*v6}t^`V~bL+r-+Ac4my9z
z;|XFLf=??P+ZqYw^E6bhJ0H(Fs5YnaQ5!*+u2UX@`|;D(r;>pZ1U{(g4r+gkiH8pR
zWGXnfXFS>ZRO$MX6=hPT3dP2`LqD8W2XUMNCdXrsTl3m_=WV%>#~--1wPh!6QzK8K
zznJtohpy<0{q5ei814FeJRFR=-C-}-4|rFMM*$CZ_Whwh81}|PpZ9im`n$uu{Xu^;
z76I?>?hpOpmpF7Eec0L&X*_N1cs&1rF{GY+!dPA&bHv#0tvX{I>LA&Ln4q|@1gEk3
zXpKUZbJGP@O+yN$MnYTSWho?tZ^Esb9S2%+hZI+UR%lbK3uTi2QVwnckHN=ZT+^vO
z#E6f@Zs9!qlZUtF;Y-A}=3y<m0tx>?qgod*_mx6g7q$K;jAzBJJS~`Y!J>JoSjw7G
zw;)gn>iE=ymE^dP5irA3AGp=c|F}pU+vTT(>Ez*x7#$nm+v|3F<&Yfb6O6vmAFPFf
zUyMP+Tr~&a)XwR0M9$8Nh@3oJBOIq_{E51H#g_8n)Hd4ON^``|&I?BTIE}qbxX*{v
z$H)3;CNdreJd*KJJq?3=z`YO>lr1LFlQGkjTq}5yaWrpPa76<KtoN0O0}=ZGS9_XK
z9_Toapa#E%df<`P3FmCemBHS2ybx*Og@`oA`m4Fj+5hNM4M6xxn^~W8WSuqVqJ8x)
z<Y4M=xn0rg!vaSHG8XXIC&-e_lS#@0f!W;mbz%-kyB~#QV5WkXCJu-0zIHngtLLjT
z9}t%!(oCT+->}@FFW5B)9_|AmmKTIt<W`TY+tgh*DT2v`SxG6&q_M9uPHF*Rf#q>#
zX1gBRQd1pXEVc%gdpRYs<n&%AhNj}YdQu2YJ<j5*#M9`Z{PP7_0M}n2!lHKBe}&kJ
zJgf#*-~<u;_WUr?s)indcX~3)ur_JnQ8YMtBaQT8-iG6pmf!17ej0qzhxVu2JC(^)
zeA+Cxbp&=9CpfU&+zyp2glJ01?s=G*_(ZI57mNF%Wf|L&c*Tck`Jq<V(E9zLyFcXH
zgYCUxFBt5J{@!4JH0W-RyZ)fp9gRn$?V%VBg6^O{?hg0+quuS%{<gor8|)8){Za7Z
zb>G%a%{;7B#c&jU`1K->BC4#g6a$Y&Ni$uPP|%w&k4(_L+XBi~q;Vcu7hH!Bx|{Cc
zD`5**JDMuJNN0>bl?{o8hl=tQ(Nbcm%rkvUWoby~1;pZ-2SEfkwPzRh0Y|MS)0<Rt
z;?gP7fExnIIn8!dB7A*Je*A?hHULd!YM-pZfT^*u4i`n0ikDyo4|RYgxkzOueYvcL
zRHC2L|BnwEbFC>K;nbczm*8FI8N1Pv)(s-F6t7lm2x!qT$-vL)Q;2mnifR$_%MAC6
zm(a5+r8KbusQ*9co2t?23}53-hBt*&8JqGuEa*u<J^HSPFT&UiYKNW1zMO$bLt~~z
zi!4hDyOk-DlBY4-?(X5YB2A&hS0M00O@&?@;BdAlc^DJi&Z2J7CueU8#pMD_^<~qo
z$?ofnM8-R%YudA^f3?s3NajIj0>wT$zMNq#)YE#Ch{6e#H|%F<tpr%Ugg7!qPk1V<
zI5q|#Z{})cJPx*GYD`@yNG5!uZ%)7)F{_#4<If}y*c%>ckt{8#W%c2TBo9XPX#JKA
zL;yl);JI7dtWEtcGcRL_i+b3Pn(|ZxEoMnUaK$9$aUSv1tnU`$&rJno9zg7pGXfM#
zU|P0C@#q5wj@RuF<S!T&{$V+2Ef|YGRSBWh>_4%Rkln>=w(_WALT05l7ZO^dwLg75
zp{71I8i7!H6?!w9y=*KFHgmXUDGFmSafx$lF~SF3Q+?!61S6q+$ob;*!hBj@=)^vp
zkxdPe(C>1MGQa+$J*pl`TC0ZL3CBlKm54JfRYwBOnEGqgYutK`R*Z3H>8P%dM#rG+
zQD$|aTT~sdXKyT<>#KtJf@)KoR2WapXItNth5)<~nuWH*!iqjW%f3g`<Me8IYt<FF
zd{8-oXoWtr20|1RkqY7j8Zm-yfyc76MjrFCyItE<YxleU=E80k;TleqYp>HEP`t)^
z?44dbiMP{>r;h)^8^RnWcu^uLe0V9nmsnuV^16EN`l?%-OUIwvJ9u=}8Vj?_C0_8t
zL;kN--#6CT&;;CKmq-*0s^{`Z#&MQ%|MoP2q6O+Qk3^&E<rH6G=0TRilloS?4HFiN
zj3iZ)#;r$BQ>F?T`rSm@+G}*SQ*n0vTO7@qfZS6p;e$nxYP5&SR@(_<7KEuD0Iflz
zSQtRgEBo={l5UN6G8OVpq^(i`_yP*lXkClj;HG4-yR+O#6gZO@XZ{qg^`rAst$5{B
zhBQpxarJk!d_1y<n|O2aeH-f`gh_kG)!*AVk4Tr#NVwJO9gS$0DAl>h4`iP*E>?_m
z&qxH)tsGezCNijyp)2k(XmeJ#xS=1Rok$r~@M%sjm?_|bX(cdZI5(v`aAD~Ty7!73
zQ8Tesuwy_qz^;qpEB5F@2B#MnQZ}CNrxz@NuS~K6NyK5yW_gr_&=+=karlmyt+z+L
z)-9Y~+zsAwb$b>5>bSQ118nJTz>ZFjFWHQ%TP*hjKF>&inwCix#zA-&204$&Xbi&k
z#o@a(n!S*LCVqz6YoWyUx*hm$YmYQh%LY7?@_6!+d<^T|@AbRX@bJs^f4Hds<DlC;
zIN0iS2e$vi7wx~1-VZNM&-7XQCQnsHBT(!O9E0nr7W{Doj`VXl3~=bchJ@1^jxZZu
zZ!0<<UYx29JB*ZMm=H+O`I)>GF&pKO!{_sa`(ZX;htvPOxGM2D=+v0}doI8lnIKq%
zG~Tx-GfQlyVhjo_&xFy!!ouA|-#X9diLqQb!&dF<-C%Ww1T6njX-WOwIoB7=C0-w}
zIO+irhgh>3I+;YFA7;_KgzsAHEWKP}AZe~7lQKqFDnZNKF{Y4IA=T4W9V(=SUNtAq
zQ(taV9tX<GB!N&F+&K6qcUCpndcrt=u=yA&<Nj??e=kX*IbNA_c6EMu-J!g?2s_6$
zM=jG$c(Bql;&PTmp{a*OUGsTNo@XO9L5M20=kymj($fwG@Pz9bH<qd}rS4ID!nI@)
zpe?u-Dzr*17)716wEk6G-OiAa>!(3V&|JCcU^L>@`r-{;ZWUQypwj!L8ymW!a4mCx
z3V|IqM8NtZW$Gs4fq15`AmkI&xHb_QM|@(J>u?PlF&uN%bv}Hlbw2!So&UAYzwA1{
z-D?up3W3t;jaA>uS=vP92m&FrKn#~&MfQg4#8{^Oo+zhySy=|BcnTE;!nyq_dX*k(
zbKNp_iXp`u!Z$GRje?SC#X5b!(&-SnD;|8z1}MYz6^*tQwFrhxD4>chq%zAQCl(rt
z5l4JZvoK?MoP}`DrXb^wFcOryWMGA|P;XqBXPpH@+QB>72z<RRjEbH>ytaFt{;<RP
z#m9FdReFYco&N5>lf;2EOq(gm;Fk450Kr1v#b_8;5r#&oDZ(G6%D^XZNNf}-yt1$h
ze|PGC?lkh>Th71A6`6C_>I1QHj>iLf+*eC4bf5zxKkg}3dfm_@L&5?iV|U+>NdcU5
z<(KPl#EV`=tWW*25XrI7XSmiAZMbUfg8EU2gk0w4VP>PI$qsj44zZ%c?wE_2jIWH}
zx7;9PJ+0kff={n#2b;-9RLQmuvhn}6!2h@9R2X)Kh@7kdt6?aC$M~`+8ubIz(Es&K
z7zbKEZWwc{vj3|&9ROR}1$fmx)0Erj$94)*!7U<;+XGYcZQAcE(hCoI-Tuz-m9>{^
zaoEieh07yU?A6DEgI^jR9u^OG*qeC~2mzsOMUg>008#&3gp=uUsC;=R(lr+RS)axF
zm61#_F&Q$k>9#6tAT`3N7^gx_o8ok~2?FyyMZOfIUMb7HZ8Q~1Mo{j65luq)GCeX?
zpk@NYtJXH`ob_4d-8#KB1ib}hDB)l|&Ipxu48=P=kxjc*B$2Z|2DYuy(t13vP0eyv
zo<(5tlR+|t?`>?Z5^<oPdz<ns4>Or7c6fQQsL5Rn;#j-{smhfREE7Dd@#RwHCm~N>
zPxUg9QBW=VY>+84`v9OImy$v2RFh^Px@{n7QC<y(2*msvl!iv)j@`NHPxO6ZA_~0&
z&+J{V<wd(#c5EWkFq_W2122_%9NeUG6vkf5GwHRZmlAYCexy1c#bPp7hZ7tC(^}!K
z<MLApIxwwh!llQ^cTV=*Ocvi3?P{$8!o%)D&i?E8f*mH1kf3LqB1jQ*@Sw=lcpXT9
z{m}CDe;r?Jwv4R&S`&D4@x316Ny?4Yn1paG{N@%^!chi-G`th(E5!s)qj^!wgJ;vt
z76{BjWo<DY>+AKkZk5^ttE+Ca)NQG+G4Kykf(i)=VMalWrGbrhYo6pM&MdgdcG+2J
zQPrF4*aph;=(gpCkDR?>#T(a7cwOlWbjmr~9zCSSphUot6yX?%*g&<Ib>PI^AT*@$
z);OUeqjt30woPu<m&yTiI?-a0;3~Tzk*}o{)IiP}hs0zYFJ9Q@0NP!&WAysPkPx{0
zNisHKyJQ@sRa+zxhh@qgjma5;Wh2nCA#G!s-t&|aR|-5{(;1XOaAMrpAN#oJi3xsH
z9d@C|3_Rf&Q5i_WFIP5F$n{S<#j#77D@{|wSQ`iEz!}WdgZRWCI;f0H6L`Rm@wbK+
zM{{<Mz%uof*tlB(P`@6#Z3^Y#w-DxKlVQ+bUE)6#cqS2w#z@`?GjAPs7#9e=fX;$0
zIzdO564Z(fZCpUQ!@dt=(Vh^(EX8h_y~zD(DDE(v27{uT_oEpFpGTKO+UPiog$h`R
z=5co6Uej`NHCLIKLD<`pvS4`Ef>(Pofe{!p1#jXUYGN}!iNxJf+XOx0%UD4)W2QIV
z)ZB4|>AqT4Bp0}Op30SXTq0`-TSaP2Go?kYcdsc>8-tthwQMka7!Ka@Oz7482+6ld
zl40kE*Ms5K`Qi0&z$S)Lo%$Nxy!`%Xuix8gQ`{stm17kZrXVM~tcq56k;)8~Sejk(
zcwz(iw5~<pfk=b^qCj20pCT`)xE*P6YvC7Xm1rr0wz_O^&f8b+sm+RDMYDcPM><Wc
zHv!otV4JkT5Y}iKCO5FfZc+itWpIOgJRC!``4sIZBAJSrNO?pj0HAJVwAoAil!vPc
z;j%!?!w^+~xdh`ZWdSMBZwc<*H8H44TeY!XEWo1z4T5p82uPbAJ4t$0fLPJeSv62*
z(UK&$7zuxkY>>gYOtQny!2ozt>mwfPb~Du3Ty+qTg`?VKuxo=-<Q%`xOS-ov9Y7kv
z^9Qu-f_NB*+1fBtM8dpRA@VX<QkM7{P*N3sHp>i+q|8*7^5pxliov&)%@XsreXJAI
zK5A#-Ou!*rCPo^LjqJ04brCp{$y{yULGx|KXOQ%KpN3ghNWx%xhaQ)0UbY|Wtttq5
z)X#@JG6iZE5nKcD#ZJQ#oR>1eb<tfc<vONI6T!#Os*+hJe`_z;9SwT^z~_UVy<xY%
zGZ=0Ay?xQ|_IusIurJ1Y`-9#6(P+56-3x}h!>&IN!|r}C-06+_`~C~&Z-Lh!Puj{)
z!z8nLT>j3$-xY!2qup^J1_2-LiJg7!2iv`UKI#wnxIgIo+v5d!Ud8%yGQ8{%y%?&8
zor<pu?_oRg9CVLjh!Po87t!N!A6AiDUcQVc$zeK^=|w8_dEy=XW}>w}#GviOA|O;`
z3u<5}RSxM#Fwv<rTVbk!0}^XWFWK_CWE1~XWd@VSn?fH8-cq45nbfM}s_Y8)1>{aA
zsVM#gUd(&ovQ?nnWs;)k!e52`-Y!(!X6$v65}>41dax86E}K=Ro{QFD&S*0wl^Iz8
zsN@;P6@X|bIaDm`&b*d46Ei$Sdfo23kQRh(z(x&H=;^-}9<a4HWJ$N*!obV6<+EMP
z-&VORkE^i5gTOoZ=w1Eo>gL`1;}2&iUduZ_xxP6(es_BAwcrc)_oE*!-@m`6KQ68>
z506fuGEb6*cVQ$ZjzL`s2uFCIn9K_gL=1iQcRiZ}p%VWlt8S<TC?W0yR`(R0-j80l
z=DkJh)_nh@b-N&S{x{F~tGxs7<RR1x?DOJ$dZ%e~Mw`+2DoORWJ4>_O7bmh8XJJ!?
zfFfvhae?kQ3%_uY?og7!ZwpIx+X;GJv2HqmZFoYt!!IMUSKC-$ayPGRmiY>}nvNt-
zgO$)|RUaCRvUlK3Qa<J}zp<1|k;k8Sl<QT}^Dt!!^2MBhlehRHb698^MxqZkwQvSz
ze&-Dg6DPeAQ%UtkMZa%pk2qBgiR9K)M6)(Pxv8xz6#^?5(g*a=H)K6(k7e3+N2@f7
zv9boc>Rokwenn0+=pL!0wtINIT|Or-Du@-xZ8kp&{%GUJHdLaBi(Tb~c1&oNO<&Fu
z8AFjNvm?pX;?PAK_uHe>#$t>+v!-f{78YW{(~;I8d>KV(QmN9{n#y51S*oVg`8KvZ
zo=$S~u{Mxhp`ul(F45G=bbpWvij}O^)v8TQ=}kn#X(Ya`8dxP=*9M#DK7nMFnnC(l
zv?6-VOTq$#tXvZ2$sYtyvytFgQw=$9yK9;;Uzb{$nwM+rH|VrH3P*gzA?^LRichk;
z$NfQHbO+nxeX+aS+wJ#vy1X|U?(gr8Mt-ojy)zt*_QqnD4|ewkf#8C72mAf*t}jOW
zTC3#usz$ZP$Gs63J3IS+&<%op-rF1Q@_`7%{?52J7US-&*bYQ*cYD+y?e&M-dtwyq
z2K&AK&QNeIe(_)PR8;8>{h&J-ZSQRNyL<fs-|3D9+nnzNyW`QA4})HBuRk0Q{T<=&
ziNW5^cEGy>-rwVVduO{h+~4t99$=-1ewA{6JlGF>J{<24_xobIw>#|ixY!%*jCimc
z^aFpV>x+N~+k3vh7YuscVALD<y|KTuyW86rgBR5E?bY7$R6ZVu4=5V0h1ybG<Bm>m
zmxva39(Udmng!U9R<7?CGZ|F-@^vi-wm;9Y95i%6)u{i`z(JSt_NB2wmpA@rf(CVa
z@<<EOTFYjsnP@F_b&Y0Tu*&^XRpaqR?$;n!t8w33!m170T~7GfhMpDVS5>%2H>NFc
zzx^@=?*B)Q&PX--qUG*us^EGR?;FPF3sk#bb7uZ3c3&=bzs3+fv(Wt-Etmz|upRAJ
zH1WEXmznt|SJr=Gdta!q{u8-*vAX(8+fT(z-T_L)wL!<MS^zHL5o4qPAr)+e7;fbR
z`=db;M1U#36O5C?e{SB@5+=b3bgFDrL9_dxnydR~vQ*%|+PR`&LA8O!SP@kkzk~I@
z;B!r+??&0;QF!0B$<+lMo-gPqk?A!?$vRgV&+^9luOdS=#g{SK6-<7QD=21?y@C;W
zMb>W!`Q%E*>=mxGQ}rQvWo_rH)?{rwveJIATTf|ugzH66+cWTsvB*ONLXn+l1z<MH
zGl-zJdjRe!iUCqMY_O@Qn!A0mu=ZDIYicg`=Fz#WPnTA^bsHu}=NCBkSLoF^iUf}v
zF+Xp^gdLq<;C5FyUp_pYCt7~6b4~t{rp7Lh0fV9(2vuo9-^IRpYNh=4GX9im6Tg#N
z#p%^cLKQC^z&s`dmkSyE%rk!~3hAL<=zqr*A6fuIhR?KM*F!v3IHu%Do?_Y1LJ!oR
z=mly(V@77vbyhQ#3QXc`x{mN0YU`0rJr=L|Do-cEJMj8D-+HYYfU~#L{nlFw;#{4L
zCJ$IL%kpIjVKpU<XH)j>`h$}W2BCs+z)p|eU9fS=CpM6+9SadaN+zXkODC5XN9Q>f
z7)(I32ma%A@j8L85}#2t+gZ@=mkr5)_7{g^ppWM0^!W0f-Vim+Q4#{19s^v!h~nbG
zoNcr9$uNX=INBwr$Coxxu|p*$lnQMM0hF(WGtuiftP$|7US>^zsBjxuZ5;=j0^k!s
zbk3v`S`X=9!g$0)K^jth)PcF)T8u~ce2yuZvAENB+<M4KM#kB~HnzezOXb!#_*dI$
z5x`Js4qo0kQ>1G?*&tITQ8U7HA7O-Xh^1m2g_G%`XjE{+e_0p&?Vf6*^PQsaU&Qrp
zJ67%H%Q)W)^6R_Z?K_(lo>nghBebTXP0bdqy)FT4Qn`>?6Ki-ji#{#!X;w(C>vt?@
z*FBDnBp*esM(BTa34!`zaNJSF7`$BNI6K;3*Hu(><vEf{iF;Ki{6}*WEobga`-xVx
z{%3L&mAdjs=@d=J&cdl~t`~6>m6v9%i5CfeUD}If*0JKn-@z_cu=so{)zSkX6X}eQ
zr=0ROb(Od*Tsd#CiGGdJCo9M0abc9yl4}LT#bH8@{~pBZA{9s6pEk`iME_(Gl2|Y(
z>r=Z;uW7lW?dummVJb`}>kTZhpCH1lci^2%lI4W0kfqP#a*c<rSY~agljePHt$w+k
z%BV_V##JWLC%;Zfwe2M0u~>^r2f}l#ZLCZ#k8SD>WcS}un4-RFfjZJTN<%QN9tMGo
z)%!S_>%0Fkrl(>}{7y!vVl6x|n78Obqbb9ZzvEG;zdt&^XtMM=Fgf?aTm+=unOCWp
zg(-3eluS7(kZudWA~$8dC}Ut@+u(Ds|H4tIB{QuQo8o*1O~(`gEUe0Qs%G5mr5AEg
zJBfe`z0yTl8z`_zt|#x{qX+xH?Z;soj38K0qpcO9c9@s~8|`S+p7BJrb${Agy)u!a
z-Y<2h^~_Kw5!SfC`+p1<_(!dCT3jdZ!26fqdY^Si;pQ+}<VWx3W+pOzQ|y?VL<To{
zf8Btt_=^^<(}~CoH~K5@v;H{ERd#fFtY90P)Z|KTa)aZ2O((nK>1&?X5@zqSC-@T-
z@HFL;iuy<s-C`+dpm0bRpctfDsC<OE{|Ze*z+cJ0RHF=0-S{+6<B<WBkz?lZDDvPA
z^kNwc4-1JHj0<{8EFo-s9+RA>JkFdVhhXQi7(m27q137BKI_<tS?u6-B~&Nl7*V*W
znq?|yCHD)Gg~2Hgn0QDm>;zcg5}tB0!Er{#U0(k?zJD{862M1s@|+J_tWAH7I0A(b
z!bb7w=DH>^Ins*-lY!=DrEXOR>WhVexTdGSLO+^AKfYMR#}^LtSZ8jZ8{Dx@8(%h{
zV;v64K^%_2{YCGxC&h=X)1C4axu{rVCXJj20LCJkp#Y{2Zgd)!uN`MIY~A&6laicQ
z08<iU4>h~AWmd~2jd6SsJ=gLmY3FptC*o2}#DldoZ-pug<qeRp!v3A=uc&2m=5z{X
z-1wcvIWz@Cr<OFw{7$CmoVk<D6q?8<3#z!ROWdNABIVj>Gy&k01_oEv1PaoLha?pW
z5MXVQLtoAko`L5G2aTFwK!mV4E9FS(R@ZE$BknIQ#%2T=6DlCb%#?p=zkz(OLxdVR
zGH^@vqV8H_4cEac-2Su(s?d^f-~=mVp95CdOnxRah&DMj*(nQ$N9!1tlzxqHDd@$O
zqQPCSv%5ta*A{sYw!X13L~SHW`Q(NhX8{_lap!c?ixSM(>>BP}44w(-<Dr=uoXY>q
zWyWh-5E{h~e)Fb04fMZ>3=}99x8NhH>K=tgUVmlB`&<g7wKlE4W7DXlySkgH0bbS-
z%X~KqLlZQOe|4J~g^=0GFY5%7xo-GJMUfFsdff+{<#8+`7sL<I8`}n19Z($gjRX&x
zPde<P<bEauJI{lE2mn(5imw3=%Fn8K-wpUuS4Y<u_FTt9<R?^242?D9O(0@x3Y@>c
zJ~?1Vd76qii{`D;*DR0%l@;?rDzsLodx|hp`V!2eESy3aSRBuanX}{O>vsUc|7x!M
zEP8(@QqU30YU5hz`Vg1m&@F-!pn<l67TVG_@u?D{u$og`Ri@HY!Qasj?|;_3{djtI
zRzVujzh55y?6thpi=&&f_eVbx+ZLCg+PTY<tM?x+kMvi^hetQ>e>%CmJU!Nbe*gaG
z^OH;c*va+V(_{SQ!|5^h{iw0;<-m-`^feMZ#@%+6;q6s)xQeB)x--jI)Gf75;ZWVy
z<7Wm^M~_gYe$vWmW(~-;eW1G*Qw3l|<MEWoWU31Yf-Mqv1Y1t;sYbG8(22^aumpbs
zPKXn%pYg<)9g>v~ecyP&ZQDmCQ~H&Hs%&%i_nb#i9>m}YvSTq0V^N_(^3mAMwpN{{
z=1eiDnNU+-q}fEotFrgupw}-Oak;s6Z$Y=slMqqk+K}eSGtt&<DH59N9GHqmfTw4_
z?N~aUEK&gCr**Zd48HSI8UJ57YV6@OAB`gMqMbvMjlKDy)SA-~eCJV|uMZ{`0Jxc$
zB{JpdoT^ha7$-^r18qMFw?d_Ip|*P4`$MQ}V&LrbO-<&oqq9@EmEu<!BS{<d!NUS)
z1aLZ9ESu(NJh_+YEeCkt4*NlCa%6zx;BG+!7FBgux#(aCW4%M{_?x(|!afSsTSU=a
zRbV1^*!yfM()&;eDDg1|3t@;sMIAdvMAFETR9jvk6PhI8Uz&awh<V3X=sf0;0%4RM
zbEfQEzCk?LOQ8}OtBO>U3cchiQD65{o{`K=?-XW3=oi-Rfr<gvVr4{Sf}d3#W{6|W
zM?LUhTfWtDVWil9e8+Y=y>3f?7Rh^&+HdX!8}ld{QEeSBNM+(R2~ur_O|aKwu-pW^
z-c%+y1d$NQ;W!iNDZmTX*XXe{@$0sz5nS<D5RD2&!g-Cc;waI5P-2{e*+`#Zk;p`(
zS2pPxMR_C^W~P3NOw7lK>6`J?7V@E$t3MfYKU21Hk1bB9q<<^2vp0`IWQBK_e#xP*
zjtR2-B8J1SM#JA(sAC$$Ay5H3tk>OP53H{&nrjinD`AaI`CTaUbde7Ey4UY2EPBKK
zoo#p71KU=cb!Hdnt^GCB))L1^`Od!r^#l-ESD=%kO~}E5CY1?LS`~Zk7XmhH4X7XO
zz=aa%h?>X#G?j7qtN3wGonstlJ;kJWsv&ntvfDeANdxU9(y>fukO=Yi$h4w`<8k<~
zEQ7SVw%{ED!!B4Ll%IwpR4Tvece}g&3i0&-St@iXZiZfMk^8hHiJ^lOj%EGrR+38J
zqO(esF(uLQ0dkLJ=M&2_@DsqvD<G_s_SzQ+oG2M2E5Q<3)n@GZ9KhK`N)TWAx1V?v
z24OZo&P^$YUUz@Tgade=Tb|F~<Z*!U<5l|sKIQX{pJraQw0kOL*0$f}N?buzdvmBj
z#rITX>W!@$0Kvjlv*PvHRi##!ThYb#wd3<@cOTVJaJ6$Kh65&IUj`yz7bowGN6rYi
zM~6%k3&)`kCu@viw*LKA7&v&kb3qE?N+0Dj8S7Uw$&CEuk|BX<G$(-x&+bA9ED5xy
z;3bQxYMKpXjb(~d&<Y{atc~W6)UB0iTL=4$!+|@D9sNavR|7Q#9+^Stu+uSB?xA22
zEw5x2_1$!e>?UsW`ZANyfie@0NTYX;1(QBH)UBA;gBrKh$#t)feYii~ns>_se@8E}
zz*$@YpDQ;^!mS&jg|&hac63<c<yJIdSh)jNS}lKs@x#r%qT<hU_W7q;bv(TjQix2%
zw(a0j&8aXbffbh~Oe?0TNnC2)F4e<5%<Q>u>*N8>KGA=LyuV`OP@r64BvdLT?lREA
z(s8CF<<TKaO-&4t=3>bLc^?BFbA6cCgh+Ob)0MGmAX!^;G!;lQOXrppOu{>!m|M=2
zR9M}{!ixLu+(Rgre(?G2*+tYeP#=_FoYD7MG!`6YjTbEzB+GY9Lv9MiA-T0N6`RU?
z7XcmbR|r9-8Wcbj7w+}hRh!>)n{4Wq*$cH$rUx&YmtKVOB?3yFXsys(@$p1oc2K1;
z4JXA%n+t5cSWZR%1_dy6mtQ396Z`u+#oeK~`oc}tfj{;JyM5s9r~f)TJa6HL!|q-W
zKGf&?ohThO@EnXLeMyG!qRK5bmC8)|vf{|Udx$vJ8M?M+_ryF&L26nMDcR(qH5kF5
zJ(WIvtCpMUp(XfjLY>(72YYn-WhvXTzckabw5pq86YnySbo{Wf!r&ps;5dOfCcx>Z
z>yryAECtDOs)Z1R80x{iUPu4e-RcjR{-qDUdPRdP&qhU4iW9<44EEt`-SQ^Ha!lwJ
ze?1Zz-=riYd2h@cCg~Le>m|#0bc-rtm<BB2X*PGeq2S^$<AsyiaTz8Co;pgF!0AQv
zVD%UcRnHlx8TX&u;=98mr(Poroc?UH()z=J{g1Kvf%9L94|UtX2+)N2XYceAn01`k
zoLVir6wg!|?(gh$%>TOB);$li?`8U<sfXFLK7Qs@UH8WiZ%*15m+$}UZ|$SQ^TW%(
zu`tPS?W8#ZBJd;;Jk@*G)1(2Jv?z(`RrNp$uZVaalk>h5mHLi~OF<Yt3I1c5$AuSE
z&Sqi8W<n{->KF;VA}=mi8Y{PwJc_pZ-ClniM?yr=kFmUu$-Nzlb?PTN0)-~f#tQpk
zL4y5b<DdTedAT2&yvvir<98>WS<sotY?eeX+D5nA?G6V6__y2bR{z}@bbJ5Q8|-%b
z+x_A0aPUvv-u8CC_fM?*qFgNa$yLVFf9gKFt!n4~BtO6XW)oSN2XM%pso;S~J=S5L
zKW}U_JYcE~hcf<|r&>~8@-W5fzTv?{;A0IB>Fa;_6Ff<Ns!`h5C?Hd0B4T4<RC1hw
zkc(j-T3xl};!_^0grnh++>G&L!<0bvWgLSdrPXZxe7Q)Kv6DJ=otRDdV=DKjjH?az
zTgRD*y!cd5xC9O@6yq7yW8K~wU|JJs*&A8Pi^42Ll}*i?agrA0ov2`+{?`<DMN*j-
z$9NoUz&rMg)nZ^;?v4=~ZFkrY*Vh*<Ho3ewf>wXz<6GX@*f?adxM%2EMVAH3gg=cD
z#l*+t4)NyVdx$JY(<59qR$rzZkBw6sOQBdWkNGV0wW_2QS$q(vjOLl}u^bQC$xCf>
zOl6k2+6W!l3QIAXz8u(Ex2Nx0rEa6SUu(>`NPK~BZe+6Xx!DnKRj1-ER3V03vq(-t
zzhiqo4JXrRz9GhAtzl8B*f<goTEgyZZ2a>_;}H=&(^I3RxVuo?|MJ>gxhcQz;I*48
zk&;26;Rc3a<zwmR7A0g0qVY_I`i&voN#e=o#>O|_u!~fHRZfMOP#YWn=Ge{;*r$el
zsD%&Oh`0woZTuT}5D(a=|M-q=ce<Z|@LQ3AX9p08M6j`Oomy-r83W3TW2O&6EtrjR
zW7NV7``!+lg>kNV+1SABQ{6m-qekQQJCcuo)aoQVobg{}%uas1V*g-orJO{9z5Ve7
zvR3_6>LY<2>Mu9`anL@f{cqzR?BhRwG)+8a>=8m96W`2u&xlS(-Ay(NVhe-zCpcOP
z2W#tgPqoR7)+U$U)+PfE%RRRv_*{l>_Y^FO7v;5>lIOC=@72o>WwA(}%iaViwILPp
z<@qeF-)E2HuX*~y%W`AmecB>7_}}x;zctByMZ%p)q$#;Z4mLJEefqTVFBnRmiUd;w
z$bxK`(_cEwna52N^mOSUWbL*sLh&7FOPK8h&24}u+`(G2nTRbmmpOUDl1P&MmyTsh
z9HQ5zfLOQz#bt_gp^ueAkG;*ojGOR@c>HK@b{gd=eaMqUaYfZT7Ykn$OImr*Ii7zI
zQL?ddJrz)u+my+fh)j=i!oo3(iT+z<xt>|niq$R5wNM$A=+35M!(3!n5%+JIKjm>O
zqN3kQe_V8Yv%`MY%L8B9fV?n$1ISb{t`|I7FDH>4Va!O17)a4fLZk<zlqxwBGIq0m
zG6|eFj~&{x%A@gn3*f)=4{e-r80o`dBI0Z-kt%~l*cNfv8F4jzW*aN?zusVXP|^Q}
zgMR-n{qJl1D3P(YWFk$)Lzr#QpGlaAF%Kj2cP#T*iELxz8+2Ehn4mCbhd*Djlk-zh
zC0YpX5rwztL*N;E#qSjaYQ55j=EgT{$^*vXbiiWX<{-a1KfEs6zcAfY2{@8dq4Fr(
z_y$~_sZ0{AgRG_M7E{vAHqZ37htM+&B-4k-tfN^MERZbBs6aPoub_^YUh1#dRLWbX
zLJT<z6`-iZl!%(<@y0g}?kJX<pFtKm!jDD(o4`g|ISk`4dquFInu^N8D1x5f2^R2p
z0v34NLkO~CijVaf>~pP|708RR-1vqCA`x*QV(`$Q@SIK2KgH1_%hRkHw1f4`^nhhb
zL}OHJ$mXXTi{=pT1(E8BJ~+b}mI=q)lGji)Kh*v9IVy{s5qjfhXCoZ5j~|)$FR#sv
zwG{`C#v~O9YoD;T&t4t=eAU*|+CKW>@bvs2`p={H=jZPZFMq_3UTu2ppTA>X*JHo@
z@_#n6sfafiV@&u{$zC0cNWdjkUKJE57MMz}dI27tpR%7Wj#v`qlQ4b-L>6*(w+?6Q
z9|Zv@ahQsYakxR8$yogJtN#^ON9p``t;JhK0W9;m{iO3hO2+HAvGn}k+1(j-cgyF0
zzdsoMW&issKfi4-R*te}zrptLB0x)EAK@=XpTakzJdCo_*gIgoR`F@TGmi46cfh=M
z+ZKImw>{@E^Z|GW5EtxxJ_Ve$>ZhSE<0Bc#RMSi+BmTPEV*OsP#riutE!Nv~Nn@l3
z^W1#(e`SXe1b;ivp|eqQY|7Ztcc0<kUp5%~tRMF<pfAA)Ean}X=iTaVR=zDn`c0FS
z4UKvt2(wC`y-6&x)4)SKEBqwo$@E%EeH@#S^}<Y;05H}Yc8A;D{hj^Z&TtRDjl%d=
zPuRy_;Ln7|kYG$xW+u$zQOFexVllfo6={kC`_0~dciio}V{}i3UHz@!+wpt5c96_d
z-iQN547=H|%Ro)fL_Eo+n&)ombJ6s;vub{;&ykY{>~NQddhEP^`R(}X=Hl}GyOZl5
zPCi_HuCoYHGU#P5(<hCzJR*#FSRqt@`q_T`*=gAZ=fJo(v=>G0zJL$jraTBCBb*iE
zF-gPVLRMx(kJ*kp3z}Bn`QX8&!I(GKf7iH}hCv|WE0Kl`BMw8iJG6gCVgdn;E+71E
zQhg7`1_E{)zM1idrccAT;Zrr0_w|jQ$&5!0Pov6azNqyy3S;=zr3N3~hXJlY_fu!L
zz(+CQIfjUJs~431z^*e-CgmfMnFV`hN!1uixG$QPe}R=(n-DNG>m`yaclz=3`uwF@
z7EA?f+;Jqcf?ov_{@z`omhaLchZ8}+k0(IO{cg@5Lj7I8SpM`|F>Y#6FIC3<+Zx9z
z6IxzB3*&m{5$IqEui_zruBv?YI^~&oO}1=cUER<*rEXvW{dT*jZg`S>_umxr_1|8L
zB{KN#|NXc3FNqBP+xz^nH~VFCQwxu;6B)E1MlafA|Hg*h@<5DbI^%k=ds;NU!NDy*
zV&dn&=ZJml-iLN)eQ)Xf_8T<z`E!{{D#maXc!%DSF}Jw{l{KuH`#yyu%iJaQ^Gh+I
z1zdUIY8sBS`WqQsQr-y+E&EqS-o2vNUS=<--`pL|QxVknv;vrh(s>2j`NkaXVH|{a
zVUY8vesY^<;9e{kc%bE35=X#wQ|XRAe`r_h9yiDdm8YA}C42rf?DaW+ShmZG1tgPM
zdCIAvZiNN?g`B+MO4ODT9<a5?@r12?>~y8+68j@_SzGt>`h@c+oHX4m@c9`ggF<s9
zv5p2{wOE9gpZASF9`o_|FR^ERv8Veb#h%g!PnCQ2|B`$Dl6!F8%9ni@MQ=nT@2@3%
zAI6oVkjC4cjm2kb(axH5{tyz@ER0`=u82j^DmQ+T-%y2^CyH5GzUp<qxPVm~?ncpS
z!K9gC;CGWh`7r2Hta%vTtUnAh{_rOshT0~#!*KKm5wwpkKCllEX>086e@WWUleFo&
z`TgbCmD0AF>N)$}`TTnFwlAZICkmGD5@EQsQx-~#y^6HhA5^5ps*!A`wx&QH><xR4
z2xIK0ztp$tTdaTY)pkuP@4d$UF4Qj$e|md!7p7UxqnnwS$#i}*nrE=Sy>E89d&5D=
z5_^a_gzP7Lg}sAU;NkIpus_~+AAWcEUyEsr9qxBa`|}-tXrjBbHyG^xW$<OckLI(t
zVkr-6Osv*>`hV#?f9XAq`+b=j^e&8-KK?|l=!s-&SJm&OBvl0Brt@|UnRxR{%fG9J
z`Kij$pQQT>?#&lbjQ%7;uxh*i;S{1Wv+NCsE`O;+&r*p-r9otWDMZWptS$eq?|{%k
zd@BBb_TIj)aUA&<oqsQ{LgVhU4YMR9AqmjG(|ZmB^bB{pX%^_-yT4^lj$$i`7RPp5
zG7rPBul;@`*^X?>&LhDI;*V~yWj&Ons&AF5N`yzfCU{Cmj4wv=8lb<3M@AZ;?=J$N
zH;Vx}TUm$XD)b}DEWBsL@BFf)OW~cRvHc5T`<Dg23goBcQO}BdSfTkq;kRGZ-JSp#
zO^*v#kU+(<M@^*TDTtI+pO#OgNl9^fmPd-*bEcD$0O^ac-$3*m5DICap|pn5uMA2<
zem{{lGJx-+hK9}MfX(&x0&w%eelc#=hVAtLziO5jo0LcUJi(UA?97~kL9U0KPR}X@
z^2wp*ECyo*;49NehuGOk_+2CiI)zzSp&ylLpzyX|G|>6<oH7k`2=9vqdR!8K{>4L%
zxXwKaGGo|9<MX-jc}Z}u#^>794YJ{*Kc9b$)bW5j{e?+4kwdY#O@g8!z>aALR&?>E
zNTkniXNl6mcB4F6Rb!R4gLX<g7#rqTuV=b3UOlMqjnNOZUH#Ro7NxPPcfDR`2)&Fy
z!4Te0Y!wB61yXIE@Al`aZhE*jP_F1j+weK5WO0%2^FAB2)pIfNaY1G-7JX8%?sGvX
zR7sPC&eQ3cVxCHWjB&{^QRNO>2&CbYR+eT_mfpS{Kr;9ZaYt`)O~d>8ZaZ%|m;1y+
zJ(#_`!Mt|0Yn7F!kJz@s2p|HtCl~_s$Tpy`A8JNJ=<&OC*IPBpghJ1z8y$@CIa<TB
zljqQ8Ce>ORYoxU#ky*#{5g~z(CO}S;`mLl9Ov!Vmgv<y;l+fs8QRt+xn;R({ZoR<4
zixKNay_#z4nLtWox2{1-So&q-LhE~(H7bN-OENMQ1%@7;pUxf>x>AU29g$RKIqc5@
zq*{$)AeA&Sr`V-{S*eHlC~JT%bTahlgF1!ge<R<`zM0i7ot93sp*D%LXsh&U;5&HR
zPh{KUDS<oC!||DaXy_7oKu9p0Gz-Yi6xEt;;LsUz`Y|rY{`VjqJiEie<D+Qq=?OeO
zvKC99-|z7Jl;6(;Y)Fw~K7dUa#!5P_g|;+wozn~9<<VOX6n(`gQv<JZ0k5nHYc}My
zJ2&#0+`u&l^h!U}$V(%y{4;2cyj~6R8p3;xx-{z2s7s@+7ch4<nlpi}G0DWVxl4nt
z)dF2pn!8pN9f6X=qc<P|NJQJD5*?lw9l4&yM;afA=Ncd7;-idJYDR#xH#b1iRw)gT
zN(7Lmv`T4!v;=^pO-C9WX>g>$(Xzl%+IX}(%LQEZ*1_D^NE?qdHYyP|dI96nHt-P*
ze5Ye3<Ue>Wpd_{S^aM6l$Z4zO(1`&jF$}<lp$$yQ4r>ghF_gwo%QrC12%@ISYNA1u
z22o`PQR(a5HHcab5JiF^h|@)C6s1wrI-;nT4N=_9=0)ZxU{4AtFN#nU+2W=MQZ!wM
z3M?>+x-J;$vT@o1DVrDk*=!bJfrwoUp?_n!caD*z`OoJcvjnH;p3W8)n!qd?rO%1d
z_s601%sQDVHlev1ZgOQj1WuAugY;QIdV*&>i=ngY^*ZE%n9#O6R^UTM-MJCE>mgCo
z5)gUZR_Ox=-bCqPwR4<C-7nhD%r1B_+hvJCk%de=gdCAK)*2~g?U}PdrIv<D8Y-<3
zR7(5HX{hvKP-#JKa*bCClO$1A%UNX_KNa><PFh(i0HqIqU)F)HIm?B2^=3_DC4Kb!
zQc!6L{&R&`X_|Z&KqIghL0}U8l2eTJwY5qox_G6wDh;(>*w1c8thGcxI}MvOY<e~m
zlZH(z3Y&D0r-n@$Hi?HCHZ2%7?Wa&v+CbH6%mkXI%7&j=Ky#$OP`z7hd_wx2zNq!p
z;4SKUH=C_(pfXntq1SOe(%}<72_R~v!V;j@VG>b>M$5>55jM+15LO2$4WS2IPkTWn
zJFLB+G(^%6>A4}&{$e1~R0+Z~MA8sxr67{ZG^HWZi$El8Khp3>!y^rkmIROL?Zx1u
zsjl@|BtClf3>O+6y;^vb&T%mjEOG;Cx<mBg+UP-S&xVsUOd1E1NH7G9zJaf^SZJuU
zo>1x4q;+UzW6%Vw*l!exzX{Sh+}slCCNB41=hP1C62;g`EugWE`K^OlK<j>U8qlg8
z^K}qo$%7bUyc)8-P7LfKyjtw$MNHR2+W?wN0-?M;jzC3|rH7wyMi_m;snm3|qK;Nv
zEp)1JQu%RG#;bltprjLHX`r-DKq)@&)Iez&KuKqG&=^T$Bz@TV;&>=+H)_vxTjc&~
zB=avL9Mb2UWjyE1^ORShBW0jsF<26iB?L`dU}vUgMC9T$4J`qdMPLlX2(9F>OiJ#c
z9r5QxWja!EhJI@3^;)4<#uPOh_BznXv^4fwN9>h$!PnSpU9p$;@YlFY<1X<~<E~}r
zFm2Ct0(dYcMMT*g__dRMA%JSU6o7jEJ8mLCgKm*SN#}cjg7htv<vQD&7|8rw5+HNJ
zDGPjLB7BQ1ZA?mZSo`9yC9HWhzW95sOywK`$Qcl3a>W<7S^@{rJJ-Jf*b%D<yUrrL
z^EJGDS$MfOOWM}``a;pA28s&<itA))OGk6|T>lRGmH>s5r@2VMMGO0ASx_-<tMtaM
zkAk+y0_RX5E)5Ikf`y)jg=K_=8jh3;j$}?5XTl@(x&|b#0+6Wr8Q;|0((%j1$>n8|
zpGB;sUche3gl@VI6it!DD;M2>pTNFGI4Xp5<-=YNn;PNFhj6+Y;j93{8C7#=<68s(
z_HLUz;-dyzHCUIIkW>OVu2Z=>I_D*O2i8IFKwYxUOSJ1v>tHvh1c>U{ueDKkFRzr`
zVqSemR{%Mb@vTwYU1;@sO}XqbvJpjAs<aq&w^#4hYO2z4k^O^Ouhz&blIUk)(RNOQ
zpZ0)-9E>dBqwfJCG^eUhd!QFHExG6(>NeVzTvPxY;|;3y4y*))EzuuARb<srP4O0p
z6>hv~Huq51G%`@gc++kipjKkFh~*!@$uJU)s9yw8rwx4jv*d?sjR_#tc=}b~>4<qK
z0d-@n6prg*^PhyG*tUO0wtIKw^7q(DiD)?*cZzlvRFBLS=N)@oSGsSCx-ux?MXtTV
zPNb8t#q2>k=$Nj<)}VRQ>6@KUrYf})LLm*vhif+eTg0C9;1JsnAFd51Jh=knyVNyZ
z`@^+yb#$IpX@oW-KHC=c&2Fkqod1CtRGiGTDHWTXMIie;tPM#gBpj0wYQp_IIpK!z
z{?!pK!*pW89W8ssg}iHJNT-xnG5L;{z3x_&d|9y<lklV@#+=jh+a@@QCWI@P+L|+;
zZ+1ECB-);%?K#?>qwP7`o&)kuNM|zW)Ei@RU}%euw&-Y!&UAHYi_UFZTXa^Rq-$c)
zDJ|j3Z_z0&=~ly{Q+D#LhDE2XEjn_CwM9o;bhJeWXp4@v=&YATC*z@$y-jHngU*3A
z=xBqEHt1-B&a=8jgtAl{byktAYhu_bHSx-C+$lBrR>Q!v3M5<&BaiI1a~A4p+R&p7
zJ=)Nt4L#b>qYXXlWa!Dd?#yKA*&UNYU0ZszrAJ$OrmIU^dNPOB+S0SaWL*<WPpOGl
zeoIfO$+sGoo>d^>YFK*O+R~#fJulkN%m!G#r6;yzwCV>fGqHL`78|SHYd2O>YnN_1
ze$jN=p*CNeLz|!aF4}`x?nB$(E7s-bxejgei_KCG^}S}Rp#K+1_LoXv7{V~@b)aSW
zh>#rArGid8U!lNHTi4EWL#M|_(NyX46du~PYeI(d4kMCk*rZ|8>w-;IF!VZnhx>s?
z35eCZ(a{is?Pfc9f>QL6fLg8ndb4J(B-C2L1Cr_Qn4Jkz?P*WgSAma819ucwC(e6(
zL=c@kce8vOtB+s=hPD9{kW09of;GdhF=MUsUsePn9f$On3{1zt&;u8o{u(W5wDcO#
zl148tj9xMZp_y)Kt?5*|8oh)so)5jGZ(SwGzr`jZ(Y33y-Z!!ITUSdCO)dpp!B@|M
zR9kN5#UlE0RgFZVE@~u_i$t<^lv$w2zP6*h3M8UtXYo0c<e?NeK7!@|c5T!dAZXJ;
z2RWALLkt48=Jv{r?jx6)1EM()H@6z@nv#)7rk&$j(;bXGJD`$D&3iY$Pi4;7)9a?R
zWGG&7rMuPt$aNfKQhbZ)1NfEqU87BH`O<h(<ISa8zUsAE&h2(J-h35!^W`C#Z27W$
z*GpU>A75em;X1rPmLZa<OkqBPWGPlK(NO8FV8_18CJvnReME@9QeGRwUJp1KRdX0d
zf}1AXO@^I+7LnY3zq?s)?`?y6tF{g5_4=0fOqv|wJgc*J#-cVG#5vg25a%^O95qvn
z4P2kcgj|1KP^k2x>VcNU0MLTMtrt>Nzz@_GQWYDW?V8Z8IBY$Rt1cr+%5Z+mZFU`K
z+tC58k4%Jbku~#4F0Y4Us%;>I#TNJpBs^@N3DokIuO2+%j3(O7g}7xgzn!@j0w<jI
z8rRN?Ylkn77d5WcMz>Wny3OQoR@ad9RY1}bTHU%26p@8n-M~*^Ut8YPmbWV(_IlXV
z2xUHm($$u?6+kGXY7Rq(k~3E@L*osC-TmEzlnqXLZ`NC8eNUU;CdWF<HowgRb`I*r
zSSOinA+s2t5emsE7c@+IL71dws<P!S<Pu4Qk+I*YO3iM?o1(T1yL~D1RK_yp1jAA}
zdnKj9cpR5APm0ux<sEa*TADNMUx~-7-ml6`eVLuJWb>gm9BO~P^#tao>rjD_M!8;-
zF!)8Yh2`SXdJ2~|nkihGvBA}|r@|b0%Gd2@VO6w)hS0yU+&jm}GKh26#^!^O*|!wk
zQ$tDgTy035<UX4}Wr`&CqCP`Ps-Gc))|?dWy?~Xt-pcf2yyDc-Mq;h~s5nPL%FN^u
zz!}H5YBHj#3^r_!v*eDw*Ab(b@~Hi}p|6Uxv&QkLhaF3Yl8rp>*ZfLO{@`bHuz2pV
zN8Kv9zN5qzTK$<z{qfQFl{l9uNk22oUwclx5=@*uO_&K3?~cjctU>X5fZ}qY&cb-5
z)3a$@Ct5mSDKD6slMFCg6L9Kq=Lro@bhy&`gOgD;pW!|5kk8XW0MB<#L<n~JSD3FG
z;|*#wt!5+bLJ@xvc!c^04&(A+uI257gv{zy9`p(7Am4ZW$TuuxTcT+7r)%SB%TV9n
z$v+0-<4LTM36ZCP*V2uVjoJ*j>!4YTyC(7C$h|b9WKJA~7iT1CqY>LQP8@lhEy0>+
zFlgrUz<Fz)hg;6uc7m^tt1KhC#=_<V8-AAfD9?BAA3D)|bbRF54;_L`*Re>4OysnX
z4v-?I>!B^M12Q(kqP944pSiV}0lG2oHJgu*yay8@_ng(Fa1JV5$Yt^)$=?8_i$ptT
z%MbX7c&<YbU>|_Z!`uFrR$%6IFL`;jK&vm>wpwn8pS7*dgz@Y3F(6+XSJwlom(aMH
z7nU}iaaG5qO%j(D+E#U7nhs2RJs>45#*8=ZX18X_+`-^_B7b)P&E`HdGQv!Chp-sF
z@urQe8q!XfU~*8j)T@H)jakl{>otvuUIivn^Uv5Am$~gf6@4~bP}ZkK)dO$)K(Mn!
zZ8Ml5hwy$uHI4dIAP-&wkq)twK%~^i{XX(ZWGWMRuR12Q?T!`rkS+G-GGtEG_6r#{
zCj`cswLGigQqRr8=Z48G_1sJuji~2l@%tt%Yf9%yECQpzm7qB|4(Y2k$@MpOmm*PI
zX6>(|r;hfkSv8~kEDC0O%+;gXu|{jA;m?}5iKJ2EYj+cwBCEzYhmbk2`<z}ONt%?w
zHKZ)3E=t#s&+uNmhP(o_tWRB{YPv3$FseirNQ8QD)ZBt*EwQYyBfYKdwHk>}9oIn`
z8^1I*Zl|De=ICX27I&20G5Ig%OB|TuNV6j2G;>z6JAy6rj}XkJ_@l<mYwF>WgjLan
zrXA$;T;D`P<j@YGkOq_A#VUO|J-!+!6*<md35ALsk@91%&watfsQ0D6SK=hPein%7
z15)RKn6*j4TSjv(33|({ks0xuJdc8x#ZPonxmN`5BBz?}p4Ek2h2xCh@50UfgKbdX
zZES<R_BN<hTg@$%BTb{%+G`>0NK+0l*Io#itJiA9XiodltOxQ^v&_=^(PUWXOZlH9
z43s_+KG5a5sDEMp94j!^h51LUz*twn-+<dtFCyw`%c;)U{Mz8PNShydGI5-2wfA?E
zuIRmRHyUr+^`>>Oo5JDA&(%djKPuq`-`?A;HBt~gSxIZZ+1%Sp7m+LJnFyLtqxs3v
zd}D!Vege0J8S#8W<9UteC&BYEH&_s^Uub=TV<u`UYbxXkz0_wsv0utP!@0BfjGp0T
zrbi^!i)pfWkL)tjL<S+_wUWiqgL8qB(nG<aVoDsBML$dWgI@%W*3tBZ+^<SQi{gWO
z4f7!B-V&W5W*oV*Wy}F|`qTJ)YwhWUgNk=&@%i3w73)r=@N8Lz&$m{(W^?&YaFlV%
z%UG4FWJfaN>QVB_mC@i5enAr+1FYuhPU%Lt@H3s#jc~G)oG~NJdasGCHmTOQ4cvg5
z?ht*rHhK`-%gq@%mN}GDdBTW*bL8`TQ?=@(kGEcz@}z@l%db~0Ihb}P#j4&|K+J%S
zrhUz-)v86)PL*`M+!3zRM7O>qU^_m$1YQ``$uCjV#_rc~P0>sAah$*E%engZ4y=RT
zfx^}Q&3>(ox@o5%`Ar_`(&p^tnzOU8t2tZZaD6MI22bU)Bu|gemSObm4B>spN4J<@
z*D04H__LUR%RAoZF$kA;yer`7FU+?WA@ww_)|Sw<w1k?jLk0F3-4K=pu!;S#Z0wnf
zDC;Ri*=VK^WyV3GnYH6_%(%B(1f`-KG=%<*<=)ARAQPl-WVS9v_hF9dX>TqnvDw!`
zCLTgN&2CoF9DFcNFUhW=cBUWW)sof%+-$Tlc%Ai`7q{FFFrjYWhr`bI06G-gXtP#5
zsBHt;q#GxX@!2XyVJ>R{3Mr%{Htz~RqJ*5>vijqPYq65@?xhz{v>evnvgGfJ<P4Ch
zAExm;sL=rk*Dkh^PU)vp`mG;U)tG4|Fq6WTI}2#4*EMR=sA&~Z(}6}!D}tI1G-{GN
ztWneYqoz?cJ&5g`C@}VFCq61asP&S`H%MTbQ7YtSa}RY*#oPG%-ClctcUL<&PK?fW
z=RjxE2adI7@o#J%6l1elz*jn4Y>}tzGvcep>&91VUOGxy!5Bz_)y)v}74eb+)>wwS
z!IdCxid!jmYeYCQZiX=_vjDUxL9!}&@|55$?8R!rx0O$N{NhM$HG=v}(aRDbH478d
zbsS_;?1Wc_XHus52wF^@hxv``+n~{?ZG(dr&u`pF<Tt*9nAKFFZYADUB3`8iTQykM
zSgowVC^LbzR=pUky;zignZaDR;gGdfi0(x#W>P$F45tW%6ispSg#6hOY+T6(OOKY0
zIQ2l(Ykoz<#8JFcgC#Q<1~#PlR*@oqoxoB_Oh#kjQc3!`JizpNoY&gfXb9oF)+`cg
z6F9FOxeoPR+eZF8?rWpoeuUWO+(czoWG^EGo3$$PWNkcXx_;0y^|c$5EU_1{7`E#(
zfY7}$*KRz+Y3_>|6m`_jO!mZxJtRa-Bs}V41!1BdWUWRfrnH^W9P#6hA53FmT<*QM
ziOiZH7Yyf2l|mzs2i_A4p-c&lRBNhq@!)D<u8*>{fpk6ae!hV;ya@s@&Jp-12Vus=
z<OA$hZNHsN=~G+@<H}>&;YH*&vR4f&dXR^Awb3;Vcb9B*oeA%@_m_xw2iQU<Lyta8
zhlNuQwO`{);A9_p2xeruczVpQnF_DC8O(#NBYrb4wvHIzdVuRlAjB@1BpA+;m5ATO
zy9IW@^exVu2}!iM1UFCKQ29;YF{QzAFr}M-2Epn@l;h877^MNgFW$rDf!|kT?9PUZ
z2uM{cf&~*8yMGJ1$afG$1TZ$(53i5Q?A_VJwzX|~p<sP)99Yk;oxMyyCI~fZPnE4R
z#cHQbDkX#UR8{QNe<R;r+~o;r(WaABmD1Vb8NhEkA18yDrp@+V2YR?;Ly8>pA&f(s
z9{%o3TlcI$m$5wdzX$1H32;|5_w)oFA6bi~$Gy<Q1o^kf2O-tLW^|dG<61hV>6tKa
zsm#Ey&hbOTuyVmLh0Sy}95z+Rx5i;1sWc8NF%C=L{Hbx+Yr$bdc&{;-#$c}$gXv@I
zMMALsaS$wH3EOMVgutdcwpJprnNF>z1Yi@ncIxx&)dOJ96Lq99QuMGS80n1(ZJU5i
z5)1*fZ4Q%&#!0W^_8N_p!WSATW!rmxq?9#Q%?Op+b3>)27^|knN{g{oX{Z#Dc3q$n
zm)SE0q>QkUk7(dK9W!AV0ZV{LQo}2Rlr&J%K<Q=sse#gZ0;Tpipp-Ew?Kft@NqdcH
zaMA)JA)e(>PotqiG}KsQG!%P}cF-+yDCzjfMEDk21(*nZ51{?w+F;#df8RnIThiaE
zG|s8(j<*5iF(6AoOQIo;mR2LX^EXD$ZSd7`kckL^{sZ`JpMVoSKj0#q9}Sl@T+(n!
z!=>kiOIf?pjCiS8jF&VZ0vZsl9U$U;(uipEd`3ic>fCBfG#Z6Y3RsSQYE-nIsAzh>
zr2YMwK+zb_a1Dxp21P3mieeBnhnXn+SYx9sHVUmpXBro2TaiXZ;)O;<+4f$-2WduF
zG$wI@hDAWbqV<DC+E}z;W08hL8WL$p6u!`qDBIo(q;fi#>DKt#0`jg-?w0++*Txs;
z16U(uv_?+WnY>IHWRwqxII8$?9p3YFhUlH^-<-QPHXp`2V23aW`~=#yC1N4ArPL^>
zG->m*)C?hzMn110i~frtADMlZBay!8BS;YtV$gWASF^f_TQ3X?*+?pY8ci#iJU{R(
zxdv409awuhw|zM<R@Uq^8_24Ux&B>)EDf?&9%N~FwHSD%ft3bUOYWxzRvK6>6<DQ>
zSB={4EV!zsah1kZ>yE3=8GO=cYDP45?phi{X$++?l*UkNhM_XXsTo03V*&XFG>Fn5
zs?;Fr%(YYwP#Q%|hN2kxG>p<P>h-`Vjc!V2A*$DA0XKE+-lW0Jx`Ufb<lkbmwD_jv
z*e0Z&hBq4CXm}%@X?U}I<IQaNrcu-QM&p|`$2TXA#p$2{&P)I&A|KHZM?)M9al|tX
zah7kvndy$(MqMKujd0c+;he!C;$7DeXSVaHh<+O4Xo#~;5N9K-mTft<o8%e{Vh+#{
zenURNE~~rI5|8PF*cBG^Z#a1j3j3oyWl%KqY)G*)0vm>n36)mHqe@sl$_Qg11fRTD
zuw&YRg$`|%jEiQ*I9EcYVPI3N_$*xdMgl>}ACAP=h+_a?d=HTSkdMsx>u+qUurl(S
z5uxjer+svvE=q2&_tm#A9~@KB^N1fv&@sIs6YIl{yCdX7^(R9KSrVIpARC#K^RiU?
ze4g+5J~@=cJ&1V(N2Z+)v~5EPA#)(_IM6#D_NJOaJ?vmAR<Kwl9l^sQfqE+zI2Vj^
zR+_O(FvS_wykYFh^IU71^)}TAMvJX6-(m|Tm%L;t?DG{x{vLJBNWRUCfjv_f4kug;
zQdV#Xx)K#7kSqV6iJvFIZ}4!mhK!yN{f6V-Rd#EUoH3{yJ~R^FdDy(+C@}mwq*y0H
zGO{=`>NQF7@5+DFNAk>QNx#?SKSsS_ZzLJskbbXQVjce;^_yWWX;F-AMXtClS1h;E
zXv%*`DTVedxxZ0g5+wV><#5&rs2OtqWaK{hjHr)IL7ix`-qPS7)Cz`wh^M!)P^oV`
zZT#?3KVtvv^stS{j`*X3oLl!{$K=ZL5PCaZ*QJE|(5r}N)qfM$nWBwatyXI{oBaP;
zt(N+~(b{Y7{ZMc2)f&5v_FlXBL#@$hHfleB+B1$j{s{<${tvae+e!~^MSj?(HynYA
zLk1w0>%b-SKlR35wN|ZF>;G}w3by`ZyC$?PcL=c)aTU`J2o+i+cKSXdq!K-f_Y9$s
zV)FtCVMmgf2sy}?_x0mr1>hcljs>cMy;eQny?>~Vgkcpquxq1H0ls2Y1)iR=Kp+x3
z{G-a~qsmb1+Dg<bnGZwDVq?po1D7cp9rfG9XGV=vGO1B=?cArG2rfK6=8u^b1b>3i
zUX?#|Uhe5hYDI0p>S3EAzhe#{c9JR!NRL7kO&7`*%#ybnep+=z%x!f*sn;=G$3a~0
z?F^v<`w3FV6)~A;b<C{IPAc=iBf-i3ul8NHZzJeoQZ?P-j_3ipr^sQfmQ322>g{gz
zS4zF3_|50sUWTi?<N2tE@26c>QZ2q4P*glxCN;26188^H?o`c3{=8)7XVk+^*uxI*
zgR*<!w_@uTHO!0sWaPg6y`Xm9{J6^VM+W8`9T3_oH3zx$mkN$1d?#!mf6ySg^_2CA
z-c8W3#Bjw5uRv=U^W(8S?)d1=$Gj<Hhb>*QBWW4MLnwHg|L*skH|j4`rIn;J_~y;$
zOyVbxnmJsG)mh~;q28rnLcSE1oQ*q4onV~kLUd;;Dyp6;cb-A0kKnL_EgN+hv~>fn
z(AE@7Azf+m@86XICu1RF(j7UI2<8ETHXS^VFqY&j_HLUoT=)}E<U7!RV9G)WeGFi{
ze_uDipWu7oQUso!CY0b}g2gb-ClksF?33u9^st@9IAVxg(}#9Mh73c^CrWC5$I&zO
zIj53BjL$|MkXc}A;{Bc^USer!kn_wSCx44dUoIWkh+eG+j2Sx?Fe_*gHUF`Kpv6bf
zdeBHkBbDbtDjQN4qIFBu2RG5wqzxYm!|s=h(_c={4nK8{FRv1(4ubt&jRuqvk;x*L
z$aEcxfTyR#af{s*>8!XB^3&JLtCNe)`Nd?tRZyId6SaxE6LfHQXK;6Sf)j$fYjD@W
z-5~^bclY4#?(P~`e*dp_t9JKh>b;qpsi}UuPoML2s(tY=_3+7u7WIsJ&Kr}f!qP{<
zwKCXDLL!ym^#DV#8gXRYuFf9={Y1_L2%|rI1Z|TPojce}04x<fFF%6kxP?NhUs_ve
zo3R5H_aSv=rlXFohIwBSeo_{>-+e8D{6VsUSUE=^G90hl6@kcOxG%YR=}i;Goa8io
z$K3VEk1|s|+XcyATCNT_>^%ci<;t1IF@LyLt!x|Oc6s*cce;|kH=q*seXUKaaQ-Yg
zG${1fyILhqW}^x)Ln{vqDSP|`8TJ@W7>bb@tn3pP1duQ7P~TX2$xrBT=+4-fHZG5i
z-$lR!wGk+-!K>U?PcJwad*o<)t{7EM-g30j6-u7R4i<J6PG;&IzTxPE1#fq;t8=4;
zo_`rjm3Y2z)As*<r_<E4UtG%A87;s@yxv{ZNDO_{gokzh%*@>pAtLy3zAoxFjGE=J
z3k|u3K8#>;v`MD%`1TG{cwT>>_`6oo_pRM&tCIds>M18iL0)XUdzEPfIRzQ(*Lcyc
zOFQQ<lwMP1hIOg0{##OPw;rFX*oWVKrlkP4Lx~$ly|h^?V7h;Ir-<wl&Fh&?57e!f
zMNE5eoF67t3qI7W--@<(W3-#d3LBfX+WnkUx*BQxdl(9!`Y1#dp3{o`y6Zh4n4gPI
zS`*vF{V2AX-Q+7h_E(zgw^L|o=^Md(%#!Q5KS1vHOrEh9^;E>JQrUX!T7Vn1vwWtX
zAV(1mokjF$(cJY;aS3F^1z%)O?GEH^{1?$d#?S4;`!9O51M9_gLAFj`Wp4M&fWhyV
z&R<d9ROodDE%xpD7VZ_e9qysm2D}nS=qZg~MV0|l?OjGX!9!1*DCb~>{q7juF*ovk
zT;pS_D$HA2-)}h3WZE^~-qb*2_d6zc5YC%lGycS?-PmWlhV{AS=auQZ!>9c*H&cj=
zx(-_PB65v_QnosWJXywQiFyyS;JFBFpsd6usLxu)C->JQEl@v<n&5})>p!OT3fmyb
z&Msv9%0*y_J#8R&O#h5Sk6}-KjCWZB$DsA{$V&A{AIE}j;T6f4m~$ZsH9E)(ORD$w
z2knk{H}kR%*^l+>ydWFs&&dfkB1%}UUjoZ#2UM_1#cF8+Z-I2@=S3Ja^BAaq<npEy
zbTVlI`WWB~@F$+_O&^2J<zufIXwfis-gqHJJ4E+<sj+#s8qR+K?cuTF8JBY7FE;gW
zYTBa_(xrLwS4ns-<h7KZ*S>iI5*oCncSA|tfVEkzq=Be}|7n%d!}ozG=w)7M1K{o1
zH8s))Xg&!t^EJ@E5D%;8c=)QMX>&(*Bk~ei4Lizs;hC9hKYe64v^O7EDe(K=IH^=Z
z9S10Q>10l03-7A8>D5dF!n}Kop`}7xZe#Hh{DR5ksln14a?=mG-`jl!i9h@ZiP3FH
z!`wnGj$cu;FCis<lMk79h%j0#*3r@|0&=Gkw`~{%r}iDP;q#iKz+dTQ?f=yNTVI*T
z0jFe#OAE6}A}EI2u<0a7;CX+HYU{?_&V(n~=8Y@S3NIOT;fGGIsV6ew6&NR1tD1CG
z#c1$Ge*}d4LVm5)T-rK#(CY(ZEjqHcrVe&Y=NfH~<86E!C`=U2ll6qPl)(GqZ8?X3
ztc_LBpuDVNOovBbbelJyp1kaslh^Be$CFsUo)6=17auwM5%efcne)v>-8}pL{inA2
z@u7;_d83N^&yx+UH~{PMtL_Vs$wx&0`U^^<n#BH_F*<?et%U*S;)Q~;w~vYc{1@6=
z7J`Q3dd6aVWkz^toePnmB(}9$W-s7-7;H|jSusCI+^i5%V7<1_qUc#Z0ZPpGw1s`c
z{11RT$?y5SNAzBDJ>}o?G5KyQiU{Fc<5(=0A_#x``u&@OkeUS*Br(Tj8oav}hYo1<
zykKS+KQH#)R`!kdIvyx7pULizdVyF{EA_nlQWG|dw$q}C56KTJ&q6BUv*br3K*fz1
zs=p7}44aTN;~<<#n$w+&4_Cp2wrmK6hMUgDfiW%pqf{DfQ`E-UzR6q?vcm&4qZLKa
zv=_p@r=)xvWez;t**J)ykwbJEZs+B#6us}1EZFN8DVkBVVO=O3J{kX<2=p+#AQ>u%
zcDE?SX#|a!HHnbfTk=~SCkzvJL{F;CFsF3d&7!eSMjmM&zHo4<008iyO%f=mG>t~;
zePh!V6CwzIZaO?9CU5>=MN_sDLO>vkBJ}kO^fcfxLqO@mu^>Pwik#nbLZqVxJRi3Y
zk>Ce)ARr~&6lcK)A15Nki1gu10U)#O%fcs~2<N0AL|cgBF<RsD#^>s6!*){SdN2#}
zi>Yf~o^d%plTb1k37fcMXy8GjvR1<R3ixMW)VmCIf~U0?6iYwQoc%)`l8l@G*R>Ox
z1%7qyuK#uI3jgccM;zU$m=9?bOxSd7mCm*L9k1xx8)<sGMK-SU<DVz{4`Y(jfTupx
zyHdCKU(OyMl%cA3DIb@3|Ct2e>T$nlul`MGKsD(<1JrsWNiGs65Kn^rC;nQbo}+G+
zmR-?I(r1li_m#GjUtt%8^kdjp<`-R2E9+0B9B5kWERtbZvWGNU<@2D#&2`~@n0WW(
z!h-bM!H^HKP{ez8P~KW&eAeT4{&c!E`^RFIPy5163t&d+d-ubJj@r?u{!r}X=UeoP
zpL=uh$Y*A*jFICDM%_#OtlME<Fnl)&?8`LF5m~YPEP=-BJv?p5FGtIudY#5c@GKE$
zUoT56E#v}f#hXkSH(uk&EqQ?x_2sgm72dRth~zOcB>T5a3S5LYe=v&doQutPnr5sz
z3g%E1vn6vbh<)?sY%=g`G`<4@ec!T5TIZ(}XO|+S_P6+W_yH4$qY+qhXX>rW;+HPq
zvPF=BuMj)nhtHHBHVi8JFcZ(S!}q=Zg}yN6(?6_1-!@=)={0n63<NyxB!hqra0_JW
zQPZY6T6Gb5El{?E7Vu@1$D))psiwqLF-pJE%YQb3!?(#Llo-hs;gsb*f+d!3<6@rf
z*|Bs>1*BBzv{{|B=|OW!bu_usNiZ7ZN_7~#OpELEDUulR6g9*xh(1EUwepj;BT<KY
zZF>F-UXsir^*Rdu2n6eJS_%uzNNI1!=dGZ3@dzdVNRM7?9%-(TN%hC-OOcJm5^Vb*
zyk|5C(1if`q$)%|UM&e5AqVumhR>fnI)daEa0o5qdE2EMy_eL+Rft7)dF9Xw3-V{>
zRH(Rnp|8rZbDRxaszQpfbL1AJp62VEpAOhgMw-2gUk30;7sTr+(aWcP?!&;>p0)~J
zXeAhFG8zkP6;++A%Ei^Gs1>Ew9~nvYe(y_})+^8iG&Ghh6u6CgS%E4lV^!4g{-KN}
z^CG!qQD}<C<RA&W<~@gZzS-}$kEd*r%0=>Jd$~r3^8`(&Vmnxx_|m$b3?lmc=R<l}
z1*WOL3e_D6`L+P9BFXI@6(OL;g`ujHa&z1?;qdiZiAt7wTF=ycP8nUbf}oHwWRWr0
zEbX0bR$fy!u`qj11pu%~PqV#!GX|xx8&8ge#7a~1t{ha=d%L$*HiYRu`Y?C=oSlkO
zp*|R7;Y0*K-*&!C5?;P*>UnUQZt&9qoNB%e4lcfH^MAaMkry%WNxFoKA{CZu9e9a#
zGt8nFYFxnw1(mvXiR=Uk{?MZdHCmBBoIhRMAKi=<OYSbH)%`|4xKVc{EraCMbfnyZ
z+!vDPf!i}D-#9Uu<vl6Ie7TSzXF89It>_UqKF(0$2(?2vi$#bGkh_vB4J}$lc8Qg*
zBFcX5Ix|$2mSDFz8R5woQ2beq;lko2_)0`FY{HSk4$n3XOE@k`D}zqG`Wo$tLF3@+
zg2MFasma6t%Gle#ZY*uIPCR_U!jQor;)t5*c*+V5sY`5=r7)ZY30mW2^@kZQ<>la>
zgdK)J_G<xteKRFsOg9hWuq5`T!6sV`@`|P1$O=*+c7z<1dC=qupTUNi0d;s9!GhNv
z^O${N9I0SIpO`?&Bhk{WF{RHufEZDn6~ywc&!`hL<v6?~?Xm$RcRGFRY{00^ksWCJ
zQ4;OLI<-|?L^^LBq)ZR1zq(q*wOF;ZNTwaN-}r5GwW|2S%dz+Qscz-LZmre{Y9J$d
z+#1sGUf6bfT%_2RknrE>v?T~`9;ORk`BoI!+tzmbmn}?J6Y$#7_Gf2fgln&|CFGW!
zL121Ys4_it{unfO4bMH*eZw5je9@V4tf2Mx_SO&!nSn&?!XlQj1+}RL6{ZzZ+ax*s
z11MA&>cgH&J(4NkX}4C^G&bYZameJ0)Nzb_5z}W6Mv)@n_%BmUlQlCgB#8@|*y4bO
z*P|GGrB?KJnJlZA3T+8r*eQ#NF&4j=!A22l#`xzp|JY~|`YGee%G$6YqNpJvIvjS}
zX<596hS+qVg(a(w9c#wI&Yib)!%=fe;S{M9PG!G&xi=;6`|Y=bCe0)qs=dYnJz4nf
zXvD+}p2OQe6mV26Eb#w{X9qDYz$Yrs;oejv8Fy#tGJzmYFYN(J)E!gAuX=RHoU0i7
zvBD$B!zaL_nFe|PfJ)L^35pLwH@cs37q-~0Y3ecZF|i)vh@;k9TQyflTslDb?sFvu
z@^9?n*-wa?p=*N|jnZMXYAj)_#S$zWI>g=4U4^Trys*Jx_{-=tXr?vPiBM29JHB?!
z79zK)>u{+9wQj@<Cc{%<TAk9V^O&ObXtuD<zf<11+<5Inx?@c$THD_*n?f2;bf_tT
zL>${zVOpCq$o$n&jqaLeX*AzXmOV)_v>#WzE|r(xx$@`R#RlQvi5_MvTQ3+CMy<pg
zL&|o7m^+TbU#m=-#>^ePGw}t&LuFA3aKHR~{rRCV>>`ke=^k)AbJa%-^u#_>V#uNS
ztU-%ggF!3MHj;i*$u+P#eOB;%)xnfGXJ|>}KjA|-NXA*>??N@j28KB1*xX*&G_4PH
z#sr7qUC)FWO>|dr<Pld!L(ai4Pal1_&%IIe#A;)J)(eZk5jEQ{H>fkfK8$3}m0=d$
zMi=g9<tm-}T6UE3N1#$1*|3RLk;d9=pU33#d1|V$&Sq70$And*Cxp8pq8_8e5oQZ4
ztj?}r{eS@XG{$#1Jx0fIddE3@yY_T)2UnUKGAO%(m4uNs@!S+Q`L)@61x%SGnhbbv
zN*j1fOWs`8)|C1VS+c%{5+8W3YBx{{k8FYV@qw$iTPsM>!1BCCC^YgHCnpvFpT|PO
z=aJho%%uyqBlUFd=*ni8aqnK6L)~lM!P~9$Upw}1?=$klgo40E^ny1`1Qo)NqL5>6
zQI3OwhvUqu5J5eFIn#D3D(!A{g9S9+OxeG-2E(OttTtwce0}-{8!YAqK91S!MVwW}
zS5ZEh3%qP`13{#)@Yh$>c2=5(%^bAQriV^8{4l|8R;l<W18}1yu&T1rCkU?T#>lpJ
z?}!KJrNwX^-SR~McQuV7?io|vlImWtnZh1a3?}x^>RlUtsok^jquC?D{9We&`K9I_
ztVBDVGQrsFGK!z_QELxa&FLQD{GMy8bGMq~Ym~XDMzKB;kXs_-(lz8<%{sHs_gVf?
zHAgxGXU61=pkCR?y@tp3+@qV4Ld-@EUl_~xJ&H^GHUCuoAuOAU?62mHr!L&S(qHRv
ze{Sf|^T2`K+$UMQ%aW&~%Za-X`v`t_F>TLEvRljvy4@|*N2osQ(a}$sIXTt(=v?Q&
z-MaGSpQcvqD^u(%71?)*2+wRRq3<1XwAWKi;In}Sh_AEvYKX73+IGV*R+mR<-2h`y
zW}=f|qufx$i~5ark#|OSNl3>wuj5(i_u=p~c8jN3(fQeK4xC*RpB=0It!7`VrQnJq
zl;&EsHMWjbt)TLvNvY=TEd9W4L{$jXmmlHT{*#{98y-c0ehqa5OCrq7z(x=A&s(dN
z4`bb^7_Vlkrgo9P;P`#^Bh<^Lu1imY#;+tz;n4p8DhYib7D0I5kOcrvx$h;h|F>w2
zFDT3Y6Dimtagf7Jp08#)zcNAkh7j&Zd%fqFaQPd(V3f~0Gv5)8p<u4wKd;*d)ei>>
zyM5&_ZY?orwSuKBQ5>xo9hivehk-f4HYFTNuI0DWwNzA4>9OYkD#d(Knr@Ro?tu3X
z!664KuRtYy(68^7Qqco>cF%vMy$_A<BqPBhytX1J{5#fSQiA7CIZtBsUr=dpMNy_%
zPH&0ZIbUK1F7aot9$4}YpDd8%4P@>(o3L7UoAheeWeaIPNeSyN|4*ko@)UL!jqRW0
z6BcE8ji*AK2_-xXk*g1@wiLUo7409SRQO;W%lmn?BlLl$WWU$BY+?7GcpK>}Z?pHK
zWv(Ac#s_h9&LU87Cb|`wqs|bfzMOLCQ1NQN%RASgQodkyVV3x5SiYe8dDWyFvq5}1
z(W&#*;eVL}{Yp6T8#_CRg)d%01z!JO+N~(e{K=1DM2zESM+7@TNm;G%G{Hjxiiv2f
zb4{<a6%k@Sh~6^FKpIDEH)Siq(T3(iBQgMTys|P`tA&flANKRYtQ{$zecF)yA!zm!
z(QeeBE`(P+Au(bT1JH6zd~ac-+1r1Dgc(4yBYgEA<(sV4L*8n|rNV53m!?CnH}^`q
z@>9M+rG|ClJ!#mfJc>zDNy`g8zc|U8j>O9VL;z@SmfN4DY3lb6O@tLUNSiq|>L3-&
z&{TB~Thb8E2oj#r*>Uln;sAo8c$44<wyD|^-u2~yY=>9<7VR~d7%v|HhfbxfveHQ$
zx&o?H1Gpb}81U9oHUNvx&8-GV^mFXtNyjQqOnRa>|1J*tr%{NH21kW>r?TonVsV~D
z1-OlL?g0xuq;{Gaob5deYyLkasDE+@KCdgTE%{^we`eg#4%W*z?WClBh|YCHVy%}j
z<X*-fva#)$G{aB~cb#cpW+!S;tnAnM7XFI#hF$evFgDrw;4;#d_wfmebEkB$T{Xc{
z43XCbC!)J#ytQXd=*#m{@*cq+oC3PAJ>uha5Z<))q}EgoG!be;I+;iXf8TEou#erV
zLHup(r8kGJ+EdYbOx<(USDLa70(ME5>m{bNk(#cKt8#PU`~b!CWTGk?SxjbRh#5QE
zHZ;!NiULt+RUr>4VbzOZ)vJs2%!DvZ=;FD5-rEynUZ0LCqx=DrePF4pBwsq&@ohuI
zKJD%KW2qw*P+q1E75|0!1r~hMkOyD{PVCM@nhDc<4`N^F{Ur}VQ?rkM*cx$PKoX*(
zk(yI=Q9?GYRT_K4+gmyUa_}r0OZ*Vtu&HIbN3~sd?^A7*2Oke}PmMPUl{z(xysxqK
zyUB|<5$h8t#5sPO?vt)-FRpYU!C1_%<W%5)i58b>7%-cncZ~X!e!&tKQc9n!iO;DU
zz10IqTE_?k`!*e&zX;7zquuEG5;;VC3V&set{D?^j{i3Xp#gv6`Zk30F-2bp;kCFQ
z&4`Fku4AI|ng`g@x45eZirz^An<+OReYmcJE%ik%jQCeR98BCMuWm-5h#9#g5><-q
zs#8mA9Sl+OzvhjYqTo>u<i8kF5Uqc~-6E{VL*H7U@<-&Ncy1C2QwKt$yJF)CNlL!G
zGNtP}OYwJ+8akbS2i6;o0~5SdvyLboYW5Fv5S2FuMpF|`aHPkAqJJmpS2|Ie3K*(h
zUdkx_RugGO7>sB1vlCrYpJ-zhXW=UkMTQq}rd<meeaJE>#HPwYCjJ=@mZ%(-dSl|Y
z<w}bwUP>0t=pEUX!;LgzfgE{9O;YV0nC;tyI%C9Qe&ci?>r}2t!S0!ckTi0$3?U!P
z%+`;(KuB8%{U)UUb2geZ_75Ri<U8tTD{wQk+YqoO99@RFhV}AxFQ%z{Yc89t+0_cn
z`FLoWGxCW<K8@!~De*;oN1mVEQ_(XRLoC)S0b}t#HmQOMH=v!=y~ALp)XNf!EcGuo
zIq~p(f8i%lO8{2ugDOkHWd!iajWZr@*r*2Y$iHRlwTqp5_xrs^I`|2*AM<$wjOO<F
zmdqOmx81g1pHY|cPbvh+wAXM<aiX9$2MS{BX$q!)&Uf{Yu(!&W__(HF2eSQCpz5ee
z@{`jISW+ZXxa?9x=}mGWmTg7GYW>IGtd*eWitt;_`?a>JP6i;{051N&kCk`~a4B1`
z^f5412hEyad5k2h5NtfV_ZvO6!0%9YR2L*<*7WXMC(q%`BnQH?D)w_ol*P^xd!t{$
zP#PzP4PXm!pt<71de2t>ojDmD6<980s}IoC<-h-nY|)mX)2LaV`d6O9{Kv$m<#ij9
zBz}^$a+OFc%)uDQLOEwE1S7yHd9(#AnaiD%ZmGn(%Xt(htk$Tk*rh8RzQ#6*!ir5k
zLmK>sXdpc|#W5*ec2^lmp6hqnz6B4tuS--Rck8tZudkiEkXL*}-guiXK9>kidX-x3
z^t8etkLljoP@Auuid!jRn2m{Q@|N)zU?jH`4T3(_cmJssi4-u!MOB~#TI3G>7C2t<
z<Y}O_1(i?In(t#A^cLCob_?;okJdf$`CxoZZ@+5yLjwZh?RaXSFkc@pa=WJT)G%=Y
z2L>8D6#7uAqfCs28VPCSAS>~DLf!exxJm$NR&^fLKd7+Ny8*vP)+90lrG^f+hoen3
zM4}^-jxz&+pqt@z@;e->y5t0w(z!(rfe`U^k?Yu)s_!$WmB+fRh<jsp?67jQdw|})
zRAdeGr0`H|@<v~SG#BXf@qly3-MiVNt=^b1bHFs`GL>W8i5+XeJdeSsPPwSNZ6!do
zAas|Y@p!|tcmXw_H8TkKNI^o98+a=w`#6Yu694OWd#AqsnKtsN-r+~LOZ?kjSKeS;
zOX-7F>VsPBK5^z#_1*7PlvM)7-?5S^(~>$<ritzdQrZkk`VcCv9-_pICLSOhPxvEj
zZK{xky~Z=epas4A_}*&Ru+tA{tROmuf%d1D?GmkRC%{h<mwixkQZCFz>49DQy}R=}
zp7N>0aqH~YmE6{km<v(sKpU`-o6iTy%FRu=!A~yT%23d!;Sj2^c*L<^ytO1cO*KMd
z?248_g_q)QFS{%+#Uw9YLj#d}7he}I6&o)_6EB1I(X{&-8Bx*+pj)~}2E1@?8MMUT
zUq%D%1+Cod@pQADB-wFnLq37*12&*Q^sq{GVeZd7Rh3+#L#XC*v9)3Zn_P|xeZu)1
zoLK|h=_(X+=4j>bxHD{nvz`&(;!i^yPfz?^1basv?$rfFG)NqHk+=<JT1k6ew5bj#
zfhsAZSthd&&wLtxui)_C0}1x!a<*2|w(fxw+RuZlBisrm^KTtucOB$+S&(<EH&{xg
z$(hdh-(60Dmwy?b1{54Y+>Z^F#}$muvzqh%uStxb(TtvbkH47UohKLf^(*+l|HAL4
z9NK`**+hTHB4m}VuHqGy+cai4Ce`?hCvlJcN)vB*xCNfyf|DCk1ZtkU!9H1%aKz>r
zcJ~~186C{TG>pg5kKb-N&Y=oT%s)v>i@f2HO0`*`dDJpS%QfZ~x5(Ng@T?*xj34w9
zz{>q4Kxb$w7^xn9&NY)+oYh}DB0}#h&LUGc7k-w@`-g8pkytOBG|0Y+5J^Q7!Qn^o
zpno5wSX8K`gjkwN`e&;;c&$*r|MDD!D8FAeM8R@rpYYRr-1_%2F3%hsx>mAZ2I77U
zDrGi7S~aHo_{LA*FE>I<lI5>zAh0$!x2o)9qGBhl(NU0r$&=*b4h63Xw35>H4SLPP
zvCa<h$sObMeFM7}!2`C*CEe(aLb~pxA<Ul$IB=XevYL|?#UfWfA*a$!9b+ivZLVw+
zC?3H%OfPw*eP;b*MuGV1dt9ZHTHje(=9BxcAy68JM>^IqmgtBe`wTzZEh2NBv2BF5
zZG_T`EbLg+{n#aUxJ@+HIhe^Qh{-81MK3S0DsDv(<nBA^?&CZAth3SMymv;KsegI_
zZ}i~HTA|6yGzD#~RyDd_mrKJk$=upQ&l3=kOf)L-F~YMsqLk==q|?}Vxb5i=@A@W4
z;MN5@oxd!Z*=QvfKPf7iNl1SU{Yd`biq>Vol#(7ssCBA7#%wtMsB)Db*Xh?p>Ws)4
zCv#!I?d9aj;*yB<>chjGwT>aIm(N6N7s?-fLn+LYp7_&W1d76%g9^iDzp*w<3HF*6
zwk=)EG&~{!p!k{-8EDRmjex4fJxu5ZA|bEh2an3(>Mo*BB&Kgp7*G$450;({#VJzl
zi1P<w*Mb6Dk!dDDQ0aL)+7)0cU<X(%kQGH4LanfpmbH$GS@*`TrFtAICZ|TEn<!E_
zwj65iE`h0gly&!Nl}{ZUSF^K|Efi>fuS7cFP@8+=JM^ewKJf{yT`Fc+r;oJ?_agAM
zw3+K}aCvU>z$jvG$TLwW=+RhprB0-@87f7b_(!myM)8S?w{IRPx-8ZD4mht(>C35Z
zXEUT^-cNd_USK>cJuN20tci5)rZa}EEQpxx6047n0TU9Z0L&9?x=QggzzvC9xxLBt
z6uomNJ-yB*%w5ZeDaqXc4PFPZy7vUw^U8x<H4CHVueQR^x0n3Fr`XEAIJu#66+P-c
z#O`VJ;pOUzGJBaJ!4$I^SillvfhemdsjDoxH-nv|qTdRzMrNc@!{<>QyHY(TNOxY~
z7n3Ud!$_F!Ig<jKd6QAntR{RMab$$QcHv(-O{)?kb&LBH{HQec5((QXK{M9&rFzbR
z>PIm<W+I+fgfq$2^7DnLs^{qo$g#GKuyYDssa1)!0|^`5>xRX9TF)y-&o4V{Zb9j@
zGChG}My2>89@hU6a^^;PR}+G}Q2uCtF6`yd@_D@L{@-3t7vU~%)-)KC(}~-{n{Q$N
zMqJgvjZpn}esk#NEFW?w=e<Ep|F|j?7U$!FYH63UUUh$@0cF*akwpD!Ub3+os*Mb|
z<QP#1iQz(JDiUYH731uUBtEzGHbK{1k2d7d0_>z|B-hyB)PuyXIice{-A%pZ<ee0O
zLcnj=^BIi!<l7Qz%19|Xj$`Ww@p5V%ftl0Ma#f|V3crq)8DB1?6AK2_lj%ur>k60S
zn!-BB187*139vX<ngkRHodAU!f_xnI3v9xi-~EaAcIh6?416Xs0PSyY`T*^Qc+-1D
zfVM$nys0doG%ZA;lPxLiDt1CTjx8cy=Td;oIEp-7+xJf_C~Ac;A+A0I?L>KCjc7Y(
zEi)4F#_lz~DAOkLfA%d96ZQHAPAs{yiO8p<w`@K|BGMQac=ADcOO|6p3}ucbOc%4q
zbm3nO(PYuXjb+x09?`I-><z<ELZe=1N(&+w;9%s`@_B7F27&O0!@!Ygg!TV%Zq2-$
z+3&3QcN9>JEnzCX9SiCwt^c?xw>K2z{!?%?Lm|h&G9fgq#*^v?+RNGVG%vuL??(ac
zP-d2aTD-e@NPqIJTHG3B`{)xyjQ!F6X7-rKI!-Fm=MnRl{YScxp6apIbaR&oF}vf3
z`=)=wE~2hkeu*88=B9h=3#Yb=XTb^Wuw;T(CN|lh*v^vC5C+|qi+2Vq*9?h@^T)cB
zd;a~bUk6<GV}?EI6DF8G_*cb^X^c0qHHX^n1KGQ8smo|n5~hrTDQyvwq5lRM9-?ZR
zEK{1RpAS8aqOAT>YI`((ue&yQ6+ff><-oasB270~h>T`%tr706x+VEWvXPr?aubz{
z(8+4JFqE|`{8D=D7VFvUfUZiv*-IZYW8gHVX;yys>9+;f-g}WkK4+wq756{!0kv-t
z`80GYdcd3rXdg$+4)<}6x`da$^PAnL3#_MDphxLRi2T$zG0clP#cF`u?JdUb?zp@A
zA8F1e=x@RM6<@F&6YaMn{Gp+_A=KAm0wJm<$FBnrMu2$2+Ar?3G>ksZtLFXhU6QdT
z<-tyg4@OD%WRFaZPX#@5dBB%DVbKow^4X}v_~6&RvTpnTae&!0yZM1Nnxc`Ae0vp|
zKeVG4Xu*1cUy&{j`T}wiPzjnzC|>gPq}_!;%;okeGj~3m=fx8C7A}~>7Yt}Gi<G`l
zJgtL5BW!$2<S3F%Tw22W1;_AwqZ7Y81+9*~Z*9|8{du{^9^$pR`KWBnQtLA`ea<TN
zKE#iCkoCy)2I3bV2|kpKUdpzbPgIsV0`x6E1hdZNOWu^L7t0!DUgN}EPo5QL-m!?t
z;(RI#ynhA=4?EJz^D+NMJytzB-vC>?pO^XdA@A~0^_wMb+MVM|JeaR-@6X2hCRI#I
zHNijp=Zs)5pYQ+el#o8EkFfCKE<k=p<Zg&pQbP#3mL5S_91^?iR;?}~><x{}2ogIY
z9mb+{bSe97KvQ}<s;0~#D7hIYIBul5-cBlJQ5Y5hf8j@V?Cf#(B^<zNam)YbuxS0>
zxdD2&SdR7zDqm)%pc^k<gSX*(UmKcKKoJYvUv?K5?{uy^1<%x5w0BX8zY+%2ctuy}
z+#<hHygeX`ZYG1Jm2%Cfk2GLylS)F9kA38PC50k$ZI9PWP^|WXei`6AV=N{wH<43k
z5Uil@BnMNM{Qralu($t5IJnfW1E^wXgeZ_PPgsMLbbt%xWGmJ{N#=X`a#~JcSM8(e
z-?)iaI<?!vi%s<Hm#PRj87QC`dso@gLV`S#C)3{-#lNj~e-nAw%msLyv(l;E%yXvm
zJ)`CBf)yu>H!`RlY$jWPOZBeu+Z%f4Tl|ato*l8y0jc$5P3{OvM?VdZe%c?w|H~fs
z;4gm_T0HaY*mABta<08{?t5Dy7X9TNJNzb$<0(?CA2#>KwuGZ|fvkUyDzHi3)<dmx
zfF&SfSFwApg%Am{mL@DT_*Rrd<uohCCwD(0x0amv_s>nqtP0=g5+c-|h$PF{<w|Q{
zZ4NUo=H&)m_XYoy?TR~J=YZ<vf}W2o7T%Ge{;^Ru_=_y_*-xP}Jtb?;)m%1VhRz{1
zWb9+_L=SzXL-%ZbFJtd&L^iz#+|`o-3n`<0RKF?C&SGNhTxgoDZy`IZ8McrZF0IV2
zLu*2N0e>SM&G)VolZqV!svSYiwH-uM;L#OJ-UV1atQRg7H-$s7_(D{hR_`S@#=BB`
z!<2i&^M$NnPR&K&zhUAiVdDO`ccu0R8I9tIL>sMDf8&sy-D?~#N*53PE|@45!0Ov9
zU|{l_LO3`gk={K#+x|J$5d9L>0!A*(p8R*Z_t9%b6K)xb9`WZ6@3&P;R91SHnXkdx
zIcVuFXj;wac*czkAzQoxqd<6jbkvmXvb^5~K^-@oiGZ@JC>v~1kzZx0eWilF?kL$n
zG2*nDDo(9n|1PSOehKnHM;fUBL!tI63R_->WmF?sf~C|YoouwBm{LtkS&oV^U38Sf
zM_KfS;=#@guTf7Z`Bg*^R+hp9f3MVOpBIJAv!wc<J;&*ORfDojftd5SFmzwnXFe|$
zA4916vSg=d$5RssM40w8b_bV2PJc+4Amv7uC(4vjCe}zgED6joC^ql!qDyk6Mf(M)
zITX?Zq<->e_I!h))BBDV-zvB}PUGBq#~(CyVfHbi?t+V4=Hzj|_B&$$*n$$2rcJms
zwAS`)NJma&qv^NW25f5TA^Zc$l{aeDvn9;f33jV$*Im+fi-+07*}E{q11D1?eqO!Z
zA_eJ=yw2&c)T6(Gj=X-?u8hB3Ra1^b`n2&!@)Eyw3bbC!b8mpsz#iz`0#y7P05EW_
zqq!E`Yrzg)!`!<)55pjNN)0<Imdc$1Cx_qWNQW$7ep1d?aVVM2d6(aj|Lp~SR24G;
z>r<7tfLWPi@j&5S{@+7KgIAr<T5F%(Olx1jqGE#^Tf1AIu<A>PoA|?8k5rs|Ow(4-
zu++`Y9l1T$z6tq=8POcot^A#^v2u(ECrr$y6;c`N@jR|eVac0hu^17YL_gyE9?HtH
zXsX_$LsNV@c+M<ZsmB|Q@iC;*O0`b6)jdxczaH3e4t1`YT0$Y@0seNieIQer7E0;4
z_QW4cS6$8W*)98x$E~1h^HjsBsct>JYy$RH_lJYy@#4v0W}NK${_@GAFN&$3Kr1)D
zpo~34++eklZceOM8ugH1gRTFi!v4(DslgkZjv>JtX_VTak{7zkQ{7QJ(Jk#HUPnUS
zPtoA_ilMqZhk&xvbYXS>hyiHa2qa3ZIv3n_0ie1)cBu{RWME`N<wnM0Q$tgu-D=8x
zZxUVVy(!N<lboZiRqbsfX(Op&uGK(nLUZxqW^P%B2xlfo@;J+!D;+j|n`D9O;J-3s
zOl~=@;@?exx_B84SZ*WTCvOxnP9;2Q%I>KHn3XlLA-%xlmK$VMIHr1@-*=aN86^3?
zE(ytuncW%NHaV{zkzPKc|C3JAZdMyMddjZLvp?ne@mG`cTR=a{UzbcCLb&X{86ak+
z#di$GXEjh7R_i<Tf=2q+;p@LJcuBmz@uqAc<<)t#9Z+rwMTul7uLv0tFr0&wOqO0C
z{m41S%5zsHPn@=WW=@N>o37H2BpW~Il%2GwMl&tH#B~?oC>vwTg^kf!qsP5heu_oD
zqEq`Nf4S>=<3J+AiX#^$v(1L0a5R>F$BzBz86n1!c@fie8S3sPMfJ3-uV9;`H960i
z7Oixdo@8f=L;i}whj!|MbYb#ydCt3YbBZ@#+@}@AN7*or{<|PPCQ$*X!HUX;b48wS
zMZRu9lKsV;?AJ$5GQoIB7#;?-9i`g3ToWYO0c9HtgiTHnj{N{TL8kXg@h1{9wVWQL
zT5JPo9@+HgL&yDryxg<Q`sYCl_D_E2FM?8j)%OcgwzTe;-M4P5i49Ew&(H6j`sG~r
z{|v{UJ@57uzYg!%6mS9I3i5U#_TP?)=8lz6f0e-268^hr2@pfuSoZLS(m;Wf=G5U?
zusHA#Y};Qt{__6DAg@CPiz2ukPw$miU|{2nS4Zk!bJZB<uMtw$*iJvM8J>PZAA|7#
zz-p@eS0z#HZAhHAA@+#T*dK^mP_Ff&z)m4HO&YCgLO-B=p^}M~MdsI8eQZ?QU%|qF
z&xG$U)W>flkjYou*#~SyA53Ztc8|#2$8r8SXF-L`scR(1Feu1Cuol1%0JsYHHC(t=
zr|E8=C>D?fGJ2J5vYWttKse?TA_Xx#CJy%W+#S}I#F6DWv{Chh459b%t1A6yLkU?H
z>1xz~PQ646h_glCe$+Bz@o$C;?}9w{&ko=d=ljwEUr-9dYa%L#{s{<mygmfoJjVa~
zyf@HT3_s2AleejJK>ZQBl>s@@(+Qa`$mIY}IKh}ZZEQj=Sg4BLBVmb}5k5s9epVO9
zn7XGRAgBp;2|ir(1Jh@UX{_o@Rn+I$$0Ug*nz4!IAE_=?8D|#52lX>i%ePu3ExwW3
z=LGEBSZo(39(!dj7Fg&rflHS^uEgo<sU+7k_9ChAp^Z;41juoo{ar0$SKd(XJ&t|)
zV7<)U+0tjw_ck79uM07TzI<Q2zlWp5sQSe6#PP|gV)N|1xhT|7r^lDg7aTy+&7;b{
zgE_@d7`*MLtzN?q2zhtzV9?-V`24-$2e$p5M@np0mOf!lPPQI_JE$wmhyUL}5NVVC
z`w9rxDY;F|t_0_77h;3VkRkdj1RHMe$}8;j3%xS9(FqbPkU^QJw}*u9^XPTrkn@F}
zeinWr(8Bttt!s{J8JB&-D<PApt+~Q<ab1BM*<J9Sf8gtYIYuOkGUYoH+48m9E-J#9
zgeh4U>FcinxPe!|1E&a%WV5VyMDa-TeL%7cT8!n8^rN8Kn9DV1iMl-O_qOFyt>sS=
zTfDj61tzyiQo^r)>G_fo;OZ^(M?*d-2R_tV2YP2Z?jPDn0AP3j3)XI!6mCHI__HM$
zxZ)Juw%9GA;mDZ-4b&I%Wy;CU*#ZiQ^>M&h<PS(;Q&kMq9-kILo-AT-`4<apHqYIS
z{a1$TIU@+Evf(J#z;v*WMH6qRKM0@QS?>Lbm*H5DgZxI_Xx-pKKoPs}qQZJy)X$Vc
z9%Ok=uyo(J;{wNuTSR0;hjis021&U;ojhG{4$c-%R+#hH_W7`Qk`#=eGXpxu&=Rh$
zz@6aEAm5Zf#`*-=Xu+qO0`_>5l?*{BLZh&d{;xGl{ZzU-cH5ASff*E_Ui`3>19s>b
znS)3Pi;z#!)ADz|SO3c3{b+1q#8hQ?-Ee4^Lmjwa8(cBKC#jcZo7j}(H@w#&qlZ}h
z&$~)&2G~z7{1`XvPcAF`Pv$*yqIYJuP3q9Gnz=pdjAhqN0Dx38N>;BWVEa5;BVy?*
zlJTumsDXj_W}E(|ZWb!;a|=d!0-@j`eV*+WePOy&LQ4PBoLJWfw9mHPaJIx&l5|@y
z^nv2?Qmlbyyddhm`e3aMdi?8vDhyF$Y=k*`jgkQl5p7O3EDo?wo9)TzFjggbZ`g%J
z85C0&0S*3x-nvmIl27+2PFTA76OvT1Uz}Jzc{4iPU!7aU#7C?olpTD`tnoDed}sIx
zVb2vJ`17l{jJ3q$*%K#kc(OJ1grWA7)JLjW`=h@WE2hkAwg8{koeyl;^<5CXAM{{r
zJV7;xD`xCZpb_V=usCqt!0EUMRiJ*-_mRWM8QO1yRi9wE9XoZvh*0v8VS^}L^(}M<
z7q_u;nO)%#O^hvMO)NcR7I0u-b2!+RYna|ba@){pf6{m85_(=}do&08^v!V&`zfjB
zW#sUGV4>3iKDC$P#7zP4kVMLOo9D9nKic!l&Ng{Qs3FfI#*V?z2g)k~{c4C-QEl?;
zd-L<dd~8GkE&74)YiQm`d3gy|D-!ewKl(I8MVJtU=iK2V%!27X*SzD59GI%nzUbZv
zKY|~{Jccr%h;H$6$^BV;_(M2b&L~@={=)8L?*@WwGy=d~7|105j-0o<afAp4x^cv6
z)aHGe`yp9;plDTTNdws(F#Yd9W9+@(9EA1$yhIT`?75VU`PuqgV2ZD8Ck1G(P0oZB
zDD-&w1Q2kGN3zx~4I)fajK!`ml#I?<V9&d>0e(1x+5FYy!M2W^avMOc-}qMcMnQ*5
zZ;KLI1-)%}Mg2;4e%E>i?Kb&WvzJyksEM!=XdvCWsH~M6wC}no@rO@-o)N}O6yf9O
z)7$;_V2|&bIuA}^{(wPLH~<O(2%1!E{U8_vuUh8w7#3-;!UN2megN!$dIcXc371T1
zevuz-)BxRsZ-ncM<uPU<C$_MS8MQZSAErlZqk{)0sr9J#T*>PqI%0XM@PL({$e)om
zO+QNz|4KjisWUePz`n!~#`zOH!b20?@1Uvd+t*h;yo8z(AoKP-aBYI!3-|+b5u2E$
z3^A#mDrb%sVhpy!^{R{#vjrtGb+;Y&K3|r){cqgn?rOz;ZEt*%ETQ0-$53}^pDMvT
zW1=k;=iMT|!^6Po<n7KkBVCiyQHlTgFR2PpvZ=}HX7P!v2IT9GJIS1b;@sKM<B}*+
zqM+Ol5Uzp!IKKBY?ZJZwgmC|yh;aj;Nb+Yi|7tmb&53Kdrp-)Y%z@kM+XVFdFMBH3
zL`;@GRw?F4xd12r-V3+b4;n-km__hm^Pd*}mDi`e(4HHNa6i}12>JE$Z2_T-|8#JK
z*!-8<fOnz~0=FCo6Y>R<RA8B1PVyc-W{A@4gNgxzmN#({oC<}&`hEBa`9=H-(Lyyn
z8v&a<jFqdJbA})xZMlMTWFQ%yS+Pv^dtqv@_m>@XyxOegfnQD-K*_h+Y3X#(KoiCj
zh8xT!<|b$kE`EE2tY$DRfkEGfziCCQhWxh5SD-4kPORMJ(E{BbB}#Ww9S2Q>wqbV1
ztknz;ANlJaNRD@3Sy5Oq-2zWtY9u@LV1Hk3?LY)q6}4r8zKMYnjw~6&DNPpw-G36&
zx~(sj&s<907?e``(@(r4h8*81NWcJ4JwyrRegTWNgmqar-(U=IlpgYwN{xD&u1!*}
z4;|~NMceTZs}0mLT*({0giAGRf-cGXWdh*`N0i(1;0IqufWab;Ql8~lU-c`h36Zg0
zPZS+2AcnRPJ<lDEtx_dVq-#ohE&2gOqGTdFj${EqOU=*isn^nmQ57S_m^&cvQkwMa
zDtabdc@d)HyU9FzRTQ!>w1@McthK885j`*k(3ZuER&!P{eP4ppW9>q#W9dprN9b)<
zqHtb@UAx6C!1+0hp<LZmuA-54!3I(-RGke&f!tCgegRv3zbrLMyP#-P?mKXEacd(K
zK^)q%kM|f}LEgHDOr1W4%L#yhG5H6^T1iH-X5*A+8lpG;kUs?`5cxXBiHhRbMkBhF
zQo<E#lFtqIptWo++V5O>3YVgZ=JDilp{LgGQsd$yT-l~u30QkqI4`CFl@0Wd7>e^(
zq@e(-vWwlf?MWgG+^i~PJ%03i^*>DwN%Gs*t?#5wm`d~Ob*CZxDPNtR_QY)y#AjT@
zr0%U|`^h+39SqGkUZr)k>7OgLtrXf+acV0V#`OmEKILG^%H4-c+rV&13w?2|mxy%j
zu!r0XgJ$#{Cr{hL3P_P;E5a*`8W{FVkS%@?_aAm@uk$(Lr0ozH*WSh6r!W2&2IofM
zkz&B*`nME8^a!<~U>#MVhazi8chNkG#n<43dh-I72qupZvRFVwl>Igt<PI)PW`I>=
zYReDVV7j1)Vh27F(i|O*DA@wWAK^$mT+X96&bk|ZPU7z{H0lOTZd(HU<YqSCdWYs2
z89v13Zh&4;{#eN(=0=iXabtC1^wgeksNx#5!p1+p9_kY;@gVVAsQ(Ea7Cghc<y{=M
zs}3BNq<;LHb|>1^D(hx~`;$*zlG+zLlgo$&vcE*qZvA3#*a{eU^TOT_B~RHVCOT7W
z7p+|no1j170!d*4<Z`}C>_SM*lds0G0$@`Sn%E92H~_?gpZcHji|9pv`jQAUyK-%s
ztW`y#Z%F_p4FYq6oY--U%?j8Ho||ek*Yl6j64rP+&}F72SA9qC(U&CYevw<hPg7k2
z0r%m@v)ruEV$VG!ux(GlmWD2o5tltp%b7K9#OPD5xU%Lx;mRs4E%i0D4bo0@n!QEi
z9Gki}5$NbJ#pH*uw(`WlO}LB5(Q5}X`hkFkzL=|uMlJU36kqgb;W9wk+~yt@|Ana+
zFczeKK5~-fq258i6dQ(>+~L`BdELAs;IB%}dmY<De1qEc57n>Td&&*UPovc}Sb^6d
zAwDMa${zF&2tU}=Nm-B3R5Vz-z+wVPJ_R1S4(B1|bBu<{*7;7Dna{M;4@Z?WAsDuB
z+v=ZIHA7bg@&^0{foiM=*hB+b1=zHH63xZ@^+&*ZK3+;J+#(w$=}Yk>uA8X?73l5@
z`D?-<!x3L*$I?Pv4Lo}+rPE2#Wa8SvMqUss<HcC)As-ijn;_IqO<Zhel~UfWgkD2N
zcY+xU8&+!!aMZ@Hq$$S<-tZXl1&iGbWKmL6$T$L-Nh=Ud_xb8Dhi(iKbCFp2$-PXZ
zi2?Gx1WUtT;TwrNH9)pNAk(g9-gF62e43Qp*B2K42R+Yh<!{oMA#!=!Sqwzf(A_rg
zZ}>L2d*`7@(r^&KFqH0H6q2x4tr3|0Cp7XMNekjzy(;g!%rZMxAGla1hW(YxAR4C;
zFBrusRH5&Mh1!lx*7<7|(|&5NVRqr<V5Km%N?;8U^y8$K*S8SPD{xmVqtTVbIsJ~s
zn0_t=8LMOv$2Hju*d86oO~!Z0kip_9mL!uIaPYy%GB#7P6!ViWGHKJtiDwSKhcj6b
zNe{ua!Iy|bEN%Gsg$KlsGb<4FEuF#8c$qi<7kSK90emH>xhUuiq4kM-0SQ@M!TvuX
zX58|R>z8B5cL0ykH_>*&<nLr&M}awnaUvxus$6X6v=+Sz89%ww3RIfR3UFp;a2jk=
ziT&=V+E6iWmdhk>8HjTU4MNliPp9+3uHvBuiHXojC-J24&^yjx6cbFT8EdCIM3TgR
z1dxcJ_kw&V#2FB>2iE;1rTl!PX9&H2j6=gC-S+^RyqE3<Y#b-=FUiSqa`!FZa$?>1
zQ<a78tHY=9Qm;DX8xeqv@&zZ(uX-I}m;<j*dy9OF!s^CQbb^6*QHgMb;(a>$ih<}V
zBDF21>+t;h#!G!RGlF2}@0tBEcZpF`fqnz$L2d5S&EfKR27p33F>3F2C)1b-VH-bW
zQdN%8XkVyD<&LqY^ep}kZgXAI)rBe_zzVy#ew@EQ)O1xONJ2mIT%9HF5^dH2iB-48
zsAMZrJMy1c9(NBwG%O}Jwr(6sQ@!#mIJ#1&vJ3NrJn)-k*AY~T`b=&Q5>1KLRS(}6
zqO~`7o9NXCf=*B^T&huPB!xcTj-L<nt!SMr*MO!|ZMJI)@95C6%DeVcv5G$TaZh(r
zsqZt^V_Aw10-Sl^PU$^5;?uHrEAhi`LQ{A6li}b9nFP{gt&a|u?&|<_EPms^N6F3h
z*GrLOxHyziBby9nGPF%IK&}ElfDGwCYWv1m!=Oww&M)fyx4AQc{47F{43KF`iCK|1
zl^SPDk%<?_uuIQXoMjxv+T`fMtZAr{aLcu{wietLDZ*m`y;>00o_GOE@S=qX`APUo
z+i(gQ8ahZV+)^w^xhwy{ukztAe0Rh6+u{p%BCB^tRdupg+;1p|i}i@4Vh8!_jfV5q
zM10^N$3MCaK7$nv5QnaP!0JSLM?xW^M{9ir|4u1!rgbwaZ#1vW5fmRuerP5pAM^Z}
zp!8Bi6AKU5ae)p=4E-1^N1o*0XM22|npj^xdGK;F97~-&w}%RI<4_&8d37%B1POz5
z#y&G1EaHl*O!ddpR^t>ln5bP0W;-XxjezYWEFa$>#yDr?2r9IG*eD9!^=f}^bY>wn
zN)BkqPZ`ZEb>aav`_y4EOnP->fxEvbxBVs_3sMxy_Wif6&9Tu}&tgi>Q|L#G@&d5}
zhoLSoPB`@o!gRMLBt*f*;)_?UjIjgbd-;C<t@-2NeSi1*bbN4E>cnd#Z2kdDLEuTN
z@Q+j>vimh|Qwyo>LVQf1v31u9vZEa<DNYF-Zw^sVb7{yop>Q}-*nd9zbjpmYy^@ic
z1H;6T2EoGx&i948;f3gqFqs9x9p3%eT*k0}M|`bG0S~S298JrC`KZyYtjKQGX1Ary
z#;-4R5$SW~ku|)uqm`G}xL#7_+A_Dxr7{f|=!E2KT&?wA9KO?#@T%iAD3>WWK8aUl
z%kCrzn(r>gB2f&&5Q+I!20iNP?k)&1*$AEvf8*abEB~d&Z6mz<!LnA~>vfZ99lvMv
z;JzE$bK##n=N=l!?R}cQNB7^5qm4{xO%sGW592PHgG3O1*Oo9KJsIJD?%doA!WxTe
z=X|W9nZab{sc6)_S4>6@=j4>_FM4+yu2lo-X!nlCSG12#@9#!atG^RR>l>4Qbn3GM
zf$|n>@4!u(!{5$fCwXEwXszHe`h+%1!9XFJw;vsqfZ6(*eb_x)^80V@@;hT=vVbo+
zAiCKopW+CEsncffwsdby=5pR>4aUB|ioIddkkmRziRS7utU2@D;k^1Y$R^}E_!S)C
z0eZ463KlWC*+%dS6_6Z3)h-?FO@PrE^V*MDGX&j=m+?udRRCuTX3xbHFt4EuUdZZS
z$*6o%pCcY4XD;A$_uV6$!7jct)8QfZb<kOD9+NQBjy$5QZy!F8oZ0;|?A>rba2JoI
z%;k6m(Y7$|^Xl?qF{7RKqr3fkwe?4LbZ!h6$@QyX!*o2~J;|WH4f_v%;ih4Mejg0%
z?M<4?k?)YRBYVwZZ@Kxyi?2hO$M<2n6H+tZd+u4evLS0{e`m-q<uAi86YX1Iv`<QU
zyix?B7tWc(>+l{k@k$;M$DIxVuH$p%dh^W-pYjYg)?gk^1>cTH%;T<l+r3;rH-<t(
z+C)ADgmAx-+7Z{)`=|jIk8jH-?6_2lk5b=xuKT2JjNTb<+nJ0S>Sq}124$4n5*&Vz
z!G1sgH5Eb1$txawT_db1A&)hLXIs_9aso(${5lQkLf>}~Ap{xcub_VMy?269D1RAd
zq}BCnK8L2gCm{s89JV&TGm_&bytjEm`GJvJpEm;FT)^WPNNT(!&7FcFbK&zEr;h}s
z>q!OUd!yJy3IHUWiE_l)MjWF^{r%<E5JZUXUs^<`q-OlcFIkBF|1SV+K$E|*#VZxw
z=bmR{lM_r-9nKveO89Fy{O~VcMfiJEZ}_L6#Rdo`5WNTg+1T*A&`d7~q0hJuaC_ha
ziA;u-pCOyTLk_#yV&GAI3GX1*ZJ|4aDZw{V3x|h*0xz&_K#=K2hluP!!VNf#72V+f
zod>pkDN4U*6#|A{-UEZbtgvq@qB0|FZ&MI=3rNn3p??P_#vAazBQLK?1^i#*KReZ%
zpo_xjEaU%fu)jp7&mkS~ENQtFhgJ{nCBAX9PcFsZzq*7@_Mzwc@`vZHFFs7uP8|MW
zru7qSA;8uVu<<YiLL=949y=Rqs~c}5kC&kvIFwCkxTNE-TB%ou=ckeUM)xL<WEio&
z(1~Ky@^((Mf+q@>MBaw)@>qztVV-*1h7ZDbf)3CS1P;Y^=!Jm^=mu6FQ4o$S{E*{D
z!VpZAk?e?*;{sCjiS;I4#hcinTilC;FqwxPWW_b`&SPiP6(0D?J$1xZme)orb|VkC
zXJ5VAXjehK7C)B47xw<T0l;^UD0<Nid_pJh0sCY`V-!-8M>7C2aD6H&BvJV80QU!s
zQ9+8bLy$TvkD-x2244C5jg9c6IUdg$9LAxf@hLQqtxE{3Bk>A+Mr6Pjh0s7iQZEsG
z=XjX)S#0UB+erd`b@2B9fz#tm+n)o%U3CIcA`E(lwjHtO&^sdXDimSf;uxJLm}fQC
z8BH3k*0`Yv7l_cSvc^3x<$;Exo5?utS8crqwQvg`qaJn;NSa6ah)EcSKJ;7%Ih2cb
zdG3y)H}41#hK}z6v~dq3i+^9;NZDN3TnU)_UWCEQ%$RFgoX(;Mf54CW*|$<5=r}GF
za`-)Xd}7lRo@VFNDv1srt22s(5u18IsYl-L?DR1m1l_9X4ny;FWTiH3ydzwMcIvwa
zZSFeAz|9aj6j@O$O%$Q|>6FK0N+Bq0MlTNqIpY*%j5!5@ecieK4fNf>v8v!#WDle1
zg1uhos`3!F!Ci@XSE^#cvo#YFDU$0WcF28j(P-#$fKXWFm&osGd*t$h`;O})s~S@+
z>9_=35#fYHR{(c!x=&N05={#@z6Ae2d+*-fHj><p{?AX*hswluLQ)r7vWM^4Jcqj2
z!!wf1Nb=0?nP(ok2{cKpKr|K&NaE}!pZz>tReb|Mit>1p-DEuPn-zgZb@jcvF27pp
z#Q>gQQ{fkG$a3K%ur!`A8$iO?VuJOJD6%!-GK#mNTSl=}$UcL<`DB|qzJPpQh*_G<
z7weWuKtC@;A4@-@1}znD?s-fc(uaa|!fpmMDObrhWUJ&E%+j{I6lyWb6BH^o_l*0X
z&&?Ols1OAvM<fzOIT!Bkk<9!m2DXYpnS$C(4wj-^$oLOYA+!HiPQx}3wdc2>KNp#v
zOQNqysOL5aVSroOf@89Q`Gx=GHpBacj5Z`yQ7nx&{k-5>#s!}^Jnek*)hQQCnO%!=
z(D6R{pud^GC)emgJ!Jb-3*mF1Ab{rqk}Bw$q6Qs!5ZpjUP{ds?@bC-{Lo9eD(-ahB
z0d0r{4V~h^{S%LYCC||lAm(sb6*5gfRweGy6REk!mDkP-Tw?}!)zO1w(zWT!nO^a^
zzG=&11&HuuLb*Dde1t%ulF$9;6t)Gg^u-9%-9U-Sr}OjM$;b2Y$)Di$jv0wKnG2;i
zA^c;=EVa||hqLP&*d3HOwQoONpV6ypGxnny0MM@*BRuGEdZn9|%XpNP$;f-eti*K+
z=C*6=;XB475+9#|>wO|=8uwW#bD7Hd>U*&oG8YIrNaU`*iRqyw)g>UnUz6E-X!V(p
zyAINOs-cIle)mrGd7js%1^DS%(|5Cx`VjT22pN)U$kHUM9(`)1Os%p5Ts~o1cn;2`
zBxg+w7UoG-Dt-A9v!NBJ!g^vEDSe5JL|&?0N2)LG6VO%c0+l|`;=ZeXx8t!g?DX9!
z$<836(`XrVPj~Oc3TKaZnzHVhmP`MJ#m#F_R}4*RAbKc3;2N^-rKFJ-f14CyCJOJt
zrNrSDFZTyWOlIlomAMYz0MJ(=3q9E&U##w@N{N<1G38Elu}jn$7&@ny*Q5<WLBGD*
zwIqJEbx)%ZuKF%&YB$bQKbLWz-tF$dk3K#IEliv#yF3kBBNv=(HweXe9HS=8+w{Dh
zQ#_UhKe5Fj(RhO#ukAX#m{&`@bHMkbV!q{<BD+rt3HfZ<J!M8PRL-*dO+@s{1oy8c
zdWhgh-_g?xyux6fbf@RhAN7}6*^hb2X&S-zsGEW1zPrrIUGKfAXvo&Rxmo36$W9G(
z1-&(i8SP=`Dl25p=ZN~pG{-m6cKN#I-pjOF+P?V#e{Jd?{NTdxoFBYL-lt~FXUW{a
z9IRvo+R|J^$!z7vxrY&aHd2{9_8}?;a(&p#vALBYeS6BesWwaIaPsdkwp>xUJ|D8~
z{=w@v-SF{r$o|&Xj~FY3D%rmG_ks8KYtt)Ex*!vho&Rv~%e)U-=TMT6Q*^X{Y2^Tb
z2`Ma=j0*g|UUk}qm}?PLu(#;J6^~_8WWn7b2hjwIQc0^O8Rhw?Sju8jNC-)xBotOj
z_t_`+nRF6~x5D&>%R?e~LX|LQyPq=X*-XUUr+duu+=0Wlt<87{ZvK)EO83zy5V}xP
zrPx1PrPgy!s$hQZVl+(Oj-x|5RJ$Gf)Jn)$^N`kRlvhLcW^ZqAX%??og6#C>Lt>%o
zG=ISd`_1x)`v(^Zwbf0je>M#bHLmsX)4#6*PCIJNZ26?nQd(35*d{T84VkU7k<ulG
zY|ngfRV&CuD(=CgkQd2)l8U)da2KT?bt}&G*|`=)zHC}50Uv+NNmu~+N-xGCd!hDT
z7-T#G@C5c$9^ICNJU}RZR?C5~orX~i$s-z{z#In=WoT7PK(E4CoXlpT(7g`vwp>Bb
z5=9vkL`S(WdMPY(&yy7F8WhrmMx=qas9pe@x&aZ-IoQk+K@G&)jrVw6pV_X$s}{V2
zbz%feXclbJqGad|4e>6CQi(Li`aV1P?&FV_{wH|&(*;SO{)I)0B#n*px&8M0@%ef9
zDRw=H4NDm(vjk8uJ)m0EW1@@(gMlS;d3JL<I=vWQZlHyCNyQ5OK#ggqb2a*LBS)FO
z-e?(4vE`EI_S^B~<o5jI$@k&MNoJA22YQ!QNeo6h!iJJG&p^pW<@&Qi2ut?*PuI5>
zA5TA>pIO2`650TnQZo4fL3|Fp%YXZCe_)4${e3)W^<B`CG1KCOuHx$K`s1gold~5C
z`+l6^$M4X}@j_Xrwd2WqSaFlHtBa49!5j?u4u|B#g!1!@@w60$zCPbOBrW@eeR6d^
zz8K%!UQVt)o&<yqx0d#?EEk%c_nIHgnr4x%YKq<Iy*$-T@i3bh0nu6-QIYheZu0&9
z;NW1e$3oCmd~rC~^Ll9J7HiMrzZupE<@<(1_uzQ)-clQZ#UxHtR0t4-iWTE%zBHhu
zXnzfq{yC5CxZZF)qx&n{S*N3u+mAn-U0sb&&uSIXx~>^W&-I;%y&RpKt5*;SS4@)<
zbmIuC_G}K`fBf<C?5bI}iB8W8IWPDU-4+af?uYT|^J}_3yZJCaeP&IczObfGRMUpt
z76kErG%sY8f3BTQ2=Af`oWOgx<$_rUbY_~+3n=q~A(ah_>y!B+Qz9#=0#o$lyQ_~M
zZ-PgYo2wD6A810<+612G>8h_*Dk{^yycY%F0;ty3K-p_3`q7qj?Yc7E8^A~6<kPpD
z7Yf7ev9dwT;-vTu+q>p~Oa;#fS*#Di=&enKVt5I^)`eUvFQh81;m@xE?8LnAfJbB|
zEWo1`0X#()oYFodwFQs?qmO$`yAAoPSTa>clNatGq%yFwVb6fl7Gfq5up&_`P3}ax
zG9b=K2mOTv$v?ol-?G7PcYObTcK&{LK5=%EF5lOO5%i=g3to!(s)N6;>8D<*C_`UK
z@Z$LduRDwt{%>5-OaAyNvs@0@fv)c)P*0#2bK~CK>F_%>UCAg*>ds1|@2}bMpFW;k
zjscQm?tGDU*rhD310NW60bT_i<5EG09N%9%7Xk3&1Hl%S3(?g#6RcKm7YM-N)x}<Z
z4j^$pzcLuJgQhoK$LHNY4)r!Sk@3m+^a_(kC^i-4gAf_muSL<>F;D<AdP2X|LN8ek
za5OSw=LZJAi77E(q8h#`C2G4aWh}0Me9bO_$^l^^2UwNMtR9^nLhLL>$zxvffl;T3
z@82n1fh7(7(ipLN2Y%sTtr;jiNa#G*Iy3ZWnYpyph|#!Die$-)6?x_RFU=wF0VEFw
zqQ$;(SwxhvL}ugDAtRUBy?)F8G5-)WL}WZGpY;hkhkd~(=v?=V&nhK~5#cV6DZXs$
zdOJK#rhJMS?i(`$-<{}p>?|C&CzjHbXYoT4mkR<+19?d1WwK0u5$xt<0$cH?(}@Lg
zL5CnvpAz&L7(YS91BWXifdOJ|lEuk=5?4GW{1-hN&rWaH%QIf2iBKgw6*(`;st}zW
zc9Sf{D{y?P<_PuL4OL)bu4hr-a@_@#7pIjRbnL4OY)`$fnhj2}S;19VRFUR_y##lV
zybyHufXZGs^Z5Ac)mk^-QB*=0w=M<U7D+AGmj-56UurZF-3uMYrqd!E4rd2ekUu$<
znP8Wrn>R<hm!q4bHx}$9<K>&9$D=nN@OQm=SMN{W9qb?W^Fkn64S-3dTTF%TlKJ8~
z;;9%<A|5RSl|@$|5<OUw<2$`$KzkN|NTNUMIF~ViS+Qkx^ATsv;Q7W?<V-WFERslz
zK3THVr)L&-cI+fF--s;YxvH#pbHs~c#f*B;iyRzu7PWTNdq~&mxOOcm9m{LaA2&+p
z2QcfZEP@H5I_W|1yIyOf{JM#x1ri1^#Llrj6AyIF_#=xg#5D-_h_<djh%q=OA^}yz
zEEYWOF%Hh~t^g#bMi)P*=9CBy+5Vw2T)_BIu4=|hf~wLr5+N8E;LJRwCcs};`o*c>
zahhae$U?d%1jroIg&<_G84~0voAD%7KDn}3p=-mC9jLa!$Y~q!2ZVI@o5rO1+1hcj
zkZSf;tV9Mu4<8C%R!J!<gb-?@X#v@WtSidJUei(e_`{?#o#%BPk3US9s`6YG0J)jO
zCgsBaVPZK&$aFmjCw`O#e1)Yu^{X5@;y1jt8jUtB7}k9i4Tu(`3(CT#LUI7|&_0(u
zKISRUB2lpM1g{nP0GZOm@x*to3Tmj41i4CgtCsShbdC~VxH>T;L~z)~l_>2FcApgB
zOsl&EWJF`dv$D{A!fj~E@rTJo06-mDn%T+KsT%0PA??&8<yn1O!EI7kV0Qalms%qi
zq0OuirE)j{2?6uj2e{_^2|$ZZFPD4aVgU*XT6tBY=<DIp;nRHK>M)aq-V6eFr`q7$
z5O+qgfZuq;N=ZEX7a@#6o+tOP(s@kE7SD}JpYRl+(&^;OvN}yvB=1GhINTuE<KpHM
zXeXfrst>c6jZZEnY*ug(++lL|^%YuR@+L$MvuU$XfNR_3r}<1*s^xyL9=FVX<Iu!x
zV1T};f?5*WKsWq_$k=B~=(8SQstvd9@GJcq2#T1I)?<f#p60VbA!Yd)n@)xpFwv$f
zz4bsQWVAXdgC|>e!ZOC8@r=T?3^uUGT@Uf-L)=>|4Yna-jVMj?*-ZJ&Q>YhO(GwB-
zoTGWZ=duquI}^ULhrDV3hPK$6^gPskQghd}4hW4P5F9OtM776#W8gH$L$<3{YImk~
zr}?Z?U*&lr`rZa8XG~}+OP*7t5usxynO;Ro;3<aoQC2}D)U-m6Xq1BhA1;el19XKo
z2!$6scQ?(zv%l6X{s>}IRxPKZ0DdgcCIk;Ka6zcYH+()kcysXX-DjNZiwmA#@J9%2
z`qH{|0g`(u#!CxvfJ;P~;ihRzpoPasRNh3tjtz^$EVF*d3$j4`tmWn4=wScN8{}n_
zt!lhH#f3Te!cIXcM)H`Mb5D;5?6m3B^!w4_;p?Mc+33sB%@&=U@$&0*G2#^#+f=EG
z`j!4aDq4so`WB%Q?5C_s(;i-1Me%c^R6u$E==D1oq&D`|)>B09Fot*itGNcAG5bxB
zyK#@x`@zc`{J!wTtHBpF9myHipyh7hW~t=m(Hnp8^p4(Fh^b{DF=>BNYzm=>T5PkX
zecYG^q>u4DPhuG<hu63(vRwtewM#m(T`|pPyPE87bA<K=dwU0mdWe=hKV4;fnMBvg
zFXBpXn(KQQ9hBsZ@%g+EbC+?(Si3V>CNm0!QpofVJWXQjmVtn*ndq@pKJ?g9#E@u`
zhE9J$q(-iWAr)K0RJqC%gS}v{EUgSde6yy(BT$OF-A8#fkLgx5WZgs6ZK)JRD7}4Q
zLW;6T=5tZ63p}Zn5H=+bM(09W4q#Pp|FwWy;^4g|J7is+rmlW8Q_=;ViAT`wr^Yf?
zN)sV4o|t`(wy-lQYTq|bt*MmhD<eLU!C*Y`Q2f0M4xFaV2?Z2!KADe#Eexyh`%nN5
zEQ0D<yARy;)dGwda1XG01}*<<Vjxecl1F#!rIsaLF=?ozm|t}%3&Di`D1kI*;P*~K
z;7j216-#DT)FitFwNSAHfrj;|uRD4{IRD8K0+wy=QcN=nMl&S|tQd0fWTKoUkT8VK
zT;SNs;4K@m?K@raT+Dg2qI}C6yAX1#9#7u)ao4z+Tz&lGpD+V0h%JRk6Ub99op}ra
zhHad<4Mx*_f6iB;U~g$h+r(#?7xHlxFqbAOIHSa)?yjUHNaqI;vmee!mn?~2;1)m4
zXDpTTB%*%9`hME`*^dg<o1^>eAt@JnEO`b_1|{48TloCxXU*h&%Clo24U7g?_Q`t|
zr82r><mQ(ba%wi@aQd(^iSEpej;8~C|2WZ~P6{~{HQiGx!0MKw#A$=y39P)3E)S^n
zv9&f}-zK!<yFu@CcG!=jtIP4_havb`Va7gQi2tht_T}SzhQ{SJ%pfui-S~bLFKoQT
zn_8`2j0${`(H1U$G<Y}Pe>y(v!wl}9j4nr4e+s88_yFX&;IOK?7T*ePrZ5}3;P2~O
z;Mo){)+w*DXi<ll8+3Nqg(UC_@n}OJX8<o|b6YN#Nof%h<cv*)o|luW&d!t3pSyXL
zrn?7w`v<Q(n&J1d_`aHo39cRL1>f%H#{f0+j_Iv!nq<zyCdo)Y>n=zTqKj099*}px
zZ*m}RNm@U{xQ#_s#_}N>INdD4Oe8b5lGO{7vBArMXeXBqXg;;6ZW86=#1l8D0c**e
zs0m?u1mjs5`>2To2-1M*2YP5hEG3&uR%K{OFv6tuc&ML*ZvV0gHXub)u7@6h%U#9*
zHDD9W0~umius%pQ=5PL>`camcpR<%_nMlpgIp&z^-wX1M1vrbMM2A7c#f1!y(-E*?
zjG>_NNiwJ1@zTChasxV2ts^v7TJ~5VgaDQ?G5RL2pK&2E&cK>FFQWxYtpNj+_AgNZ
zO9RxffWru#I8_F!6)$yQMd`+LJyWg{<;AV6O}{rl=m)T+qB#=Mjh2inRV{^Wo0TZ!
zEa>O~8!5mpL6b?umFU&K0lHe!#o@#AKOlX>3qW$PWd`1e;Y)waF8G}t6->h3$e_+X
zhlxZ!dzs^<yQ^ZdnL=o(onY#{oB)k3gH`bPU+AuIJLPwuy|G3JA4p39_CJI0V)8yP
z%#F~P{AMYhn3($=nkRa@(DE%P?;iCYklc&fZdAKf$hk|Es;eNd9h_H%C^1c`xw*+1
zd&^?JB9XytF8V{DV!ocP^t_-1V-RUBQUvN*=H<$hP(VzU^Y=+AhAyK<Es{S=2C1Ce
z7F^#YIV8U^Nx#}QR?;;2epe)TKJ_J-fiQPC<}GpZK4~`zl?Jjn>F!*=m4P?9mP6>c
z*pTVg=r6S(3gl%rqj;lWVs2RrohfU{Q|7oK1K4g&eVSyhiz(vAr|c(JMp2i?cuu$@
z3y`ke1b4kZt5Q0)*aOEMjZ(O+WL2y=iDXrRu2U~_A5g{%7o%ae0Z3+7LVys+5=_g$
zB}jdtCzJ)=dg0|+#4JH`V~@4d#T}nvPE*K%1SudfAp>a&czlv2I59AktdSR00nV1C
zF-Wq!DsAt>-W>zPN8Ixu!eHY@RV{`&K$^4|Pe8qsJ3AN8(1;19wY(67Him537(4i8
zU6xgoU@AfIln2sI`$Mf*m3!lM!SkW6qaV;)Ghy$<%FqAoST|Fvbk=djq`Ne>r}#EY
z253M8uVdtiB}1uWq}R2M8&BOH*bFpfy=z@~VT0u|-`%$PwaTB^8=U=vMzx(OJ=t_M
zr%7>94`*!OM6Sswp$HPmL?szbARNE`MFrx=O&F35wl?8UtQP*nyzr;}JsbUGv8!C4
zEaU^50V&WM%y}`@yF(<?loaM9N69Fv3I|GU(8zY$bn8ZkSx4vEQ{B%UT^<U4IPug@
z4ZyE<JtwhBvA&pZr@=9vFdJDzS8~LR!7*?qv`8-Vsti+0+j=`Ym>r&j_<%9cxJF;J
zH0%Z8$b_dN0n5Ox+x0!Ts^|-Bm9r|tlhb;TSer0x{5SIbzn@;BZ~*QlUey=;v87u*
zDZlQgY7Asi=*73gPDNgb$av+=_`QVd@-&|ftc}h%-3{1{^g(ZujO`Eh4}mkR?h0#b
zSg6}-H(*LNPD%Q?MzxjMfGvz(R3wuAq|1m$a){5?PcriVunGKqL`VQkO=e(oCv|S=
z^wo`Nez?@ryomKp{|4!LLvh2C6o6>iLdrX8DrTkx9SVhF=ut&Uho@=7OQhVINYk7g
zgK}forsUOoqVa||vjemz?lOf5q#zwzMWRf%CP20+khx(G&+Zw^%{{Uvdk|y>si_nR
zH7=QJqF9&0k(WFl2Jy{34+x1Kbq9d3smz=KdN^--ObPP55^2tCj4<5Gsw9m~)U>Lm
zlpV6wxfR6#@4AV(BpV2k?x?&r;iT@WL>fcvu#eOU;5f@|m$_!^Q=HPh(Vjy677Kf+
z#Vp*VWQwl<+R9@VcO@g^n7(E&#bYFLo1YjJ_c9Z&Yz8u^w@o`nzy$~s5FddO?v9f~
z^_@?7S=RB^H%(=9*J!Hy^mt_ky9XCNsD;qlyk_bh$2bibj$lknD>ZiYn(vyl-xPi7
zFc4`NtXQU5XdefEq}tivVx)8v^v2OLTH}mvn-8*x6^s_oR&<al>S(77<h4aZD&1i8
zJktx<o*<;ws2~WlEF3NU|L{4~zji|E^X$2UrEfm1{pJ+a=I(>ruhFVlA2mEZO>A|b
zZT5420t6*58K=~S3{s53smZ}t10#>UB*Esk<EigVKXrCI+fK}0>TltLyee5Nz_31^
z+`j=_bfMHMT4$nGrl>F}X=lf5%%mvN)4}?u^sG)E%>e;OQ7lR=X&^zGPz!#qNpety
zpvoHzNYo#0N2<`oYOszpWu!;fZeXKItkg!ec!!obt;J(5iUi!5to_K#R8l$#EE5kP
zDOok9lNgEoz+AYnN#61dZ3zIbo=O-3P0^V89843q5p{`B*JAf+>d@+PA(b!{^}u>Y
zl>&4SXq0rP#}O}Lyn^o7e8k|kI_TgjN>a=ze12-$TQfr}c!C-zTu#{Oq<#gHix3d3
zRRP+{j@iY=r2T&nudno5Zv+4q)x~n50SrCQ!*uMrUh5WWfR1!ESlA_lx6Y%@fwo#C
zn{sB!i#r%-0{ur5C6L8D^HlJH7k2?(7ZLQ-2xsJdaGmP4VO%2<mx49G1`Vu~wz}`%
zsenvdl}N6&HZz<pMeJBYXg&d?)TA%-nJu6tLnzbw26irk=ZHpCuo4=q$?1xAfASb;
z6WX?R(6j<9LJM4<UjIfOnypQ(IcpjX=x^byIcNeg5~H0?lEGXj*Vwcfa6vA7RL;1^
zrlP1>1j0?&x$hz#rV$XiVh<usH;!AmzD{!cEqy8XDaO)`1ksPc<$^^cvMmT;TMAM|
zQ-yVYPiuVCe8r5hpm7z$__eslVi6}Usj(Kp=LOHIloy829y7+4nbfid?7|-W4Jl3y
z2S)oriWqq4`2zVq+<gokLstG~Iq7vmS8ud1IY!+SnMo~9fw2?gNu+|)77Qik#JD-X
z#urJ(#>5W^bCF#7K}V$oS|A;Y%*82`RgtmRd++eAC<?gr#=;l@v}6E|Db}+y$=Cuy
z9dN1vpWlH^HZ(RE*W^MzuJr#cWkjJqT1Fe2K_!0Fz`N4i>J#&pO~Oy>p)Yy~=A}co
zMe)%n1ME5gDib17pJT+v`LPdrWWvDROn@^VkpCFP4=H2*)P+qd0&+m{XAsZgU43F%
zP^6rYzsSyN`hnE<=X#FY-~f^`K#S1eb3%*^*-tO1;9x3BJ_rKCUi6rK+js#nbA!2*
zb5KYxU;Nxye2wi9{8x}0Z&?rYJQ<X!`swEZegbI6B&O2>zqT)EliyI;*QsatH4iPl
z*uK`m<t^5=CzSz6H&diO6q^p8x^q5#t5#WLCN5eO_?=*oOhhkAzlAWTrz=}KWCmYl
z6rWaa_W&VKtv@}9lW{Mgxg>=3B~LQK(KiM*GzT)MqPCIfHPN5e)&v9Vy53wZ&Xc=B
za;B1O4mQcQPwRV-hxN)#A#WfllLE6Kph1_@9CgK8@XyTUgcv?Q_Et6_iW&qm<7u!4
zgKaaVCgg9e34mX<nFc!F`Y}r0l=f6<R%e>Y7_v;ziiOZa!M?k>nb;lM;AFK{Xg;|l
zItWy|b&Xzq*V|PXR>z*MFZDVD&_CDGw|N|uf7#d{9K8A0S2oNmAoaZ3$CJ%XtCd|t
zJh6deMd=5v!6nxN*{KnK4p?jpgsFut4HhNnNi`#0@CeRjiudqmq8T&P*ihi_Xfm!#
z*1l4J!hs<ZNs_r-1;34i{daZ9cun8xpz*uvf8Alz2w9x*G@bJ3jzvLwFD28;n&qrv
z{IR?x06z3<?(FDesY+oA03aXSEMmg(p$NRXC6k@MWraY~FBl9l$1bYua#5tK0lOB0
z#WJdFI3H!pDtVH^#zZ_hQ=jRcq31lgHj2UJ%-TiY##=AiU+wMy@N^#=X*3vryt#(9
zzo#BET`IDuSmg$0J1`v;JX4t3)oNK?=?yFF%obvZPd{KM*h-Or`Xb4dh!~^{D#X0v
z1>6MiP=j~%`-!WTaz_;=21e5V8Z{GZ<{$&j9vWc5%|v&-*A6&tT^5h7<*938Yg~Ia
zI}-hv6yk&al1*fMFp;rE2O!}Ge_jx<OxVOHKW^)8!^ZgZ%Ffd*2t`R;peoPFGKiap
z(Jm~N@~+A;ZPZfV_@I-0oC5sN$a3~X!g*a~nE(Z*$y^{C!3^dN#Z_Vj&<_2?L`#EZ
zAjJ?sGPzs<L;8>zTXwu2f$1}BZkxuV1$<{b_lzJp7wm{G&kLk+a~Bw7;!dp487}C)
z33-b+4;7;3Rb{+RO-!o?XdTe<S#D*oBv(w(fV-7(Css5tj^`R_3yd%$C7MA|Co+h*
zVOCNY_}^`wA*NHo_f-^waG&Q|W`}fO)EMWu#imAD$wVZS;^_aTX%$8|w%z?BQg57y
z7v$;@Taz$WGoI+(#iunO40&;%$Vws00T;&hz-J|RoAMG<m02FHh?0Yw=pLf^+HMz(
zC0#qANO@2xQS?d9FcBu!WszajvVQCK=~^H==_(a0^f@kcQ7BN+l-~=H^Hgthxc?16
zp|}V46B-$;CvSc-WP8fH?YH`Lc>5--v;i%LwQe0?2LHNi@K<i|$alwE$$H^DyWw{A
zZfyGV_l2+3Iv*}yl+kW@u5Q~(ujjWN;V;>;zE-3Cjn7>D^}GHT4YA$*Hn#nFd+OI}
zX>DgVfx6!bo|cP~g#aJ6hB1TO-0m?2t}e<VDr=)d4cv$!8Csc|)-xMCtV&*1V5hu>
zzeuzll5cvCYV3LT2h{@ycYWmVY9Rr9h|m$|fSGtR6CSJkm6ECsY=g0?VH;2h@)PzC
zf#B8pMN^hD=0`jmG(JLz15t=X7ZYvi!ohAyy>F&Vi)eiJPF<o5O$k6Y+=jn@r&v(9
zIRK&wiFlTBRVI=7(u4eYd3HH|Rfpbd$8|yAMnGX3#XQ%ip+UblkxOSM2m12aVPsZ6
zJ2{}DV0r!_;rg;4U|C!VgoGMTT*gF?Ao!N^2Svrs9<@j?o~Rmcrk$5#((mgtn!=!w
zz!}*R^vhHGu1*H|cO#8UR(DBsFq({wkryV8k((ftSt2~IImt8ekglx1<=N#J;g^yd
z2vBy(yo{G6jBUFYYL)S_gf#U)2TyH%8QD|a+R@$WL&(@X3Y<BORPPdkl)4GFmQq4R
zmiy_7jv<O0;n^GncqrsTm`XmkmYrHl$bc6x_t$PB2VtxT1{K8JVOLL(o?igX`2CD8
zMR(Z!zX1#YJw-(PZ{7dERyI0!MnO2^(FH3c1<Dvzs>zY*@^zPhx<j_XKkFNb^<1Dd
z&M+@cG~|Qw@;cG+f?YI<0ZY&tpFjnIwQ@@Lnan7L0{Ztmky7to3(*!J$sg1%U-DmM
z))#k}NyzZle-P7!ly`dL=gTWe_YdlW_h``qNvWD<qGaP!<?D3fBm(D5e1v7lST4yE
z#9<$s{F<3~Fq3+RjhA|N;u*mEiXk3iR*eb*v*6JJoma9*fZsFEV6jrhT5As_9?e{I
z!3)N%L$O%osa%N|ZWJq7kxvo@rWlMW(-1x4Fj4LFw$m9ixElNMnotVzVNvWQ1fJNi
zp#UEgD;u9G>}{8_DCmD!WiRjkaR2J}{{JodUoZcS12FpW8g}@x>4<Gcr2Y~1`S#;u
zdcDS7$EY&(Syn&A+$+0pkPOg{-)PXmZcKcFfrkUXLi5&zFL<aFzV>p^Ldpmg^ScJz
z<OeW2hfZ1ZBooiTXx$`q4myiaVD;t8o0AC(+y*J37?K!G#sjN=f}MRKTyfgJv8<^D
z4Oid3d;4u`qID4BW=SC)c$yA6`saK4)e4tKZWRXR4?Z`M7N*-n_tTc1g4|@9uUf~O
z=i5z=5P}tT+~>y~{OkO<A#B<bYjwCLa+HduQ$l*r`h}Dw%arSUvo4Sl8>=#rR#+zA
zMMmf();xe2*V-EpiGsjl1f%q%M)Qk_QR@LH<EIj%_Q*Y&j(Fn^(s3B{-V8s%Z~W~d
z2>LC=yh?cif?#Kdy)48llSCDqu|4*2X4*KwCC@4}Y<LM;Z4%IW8qj7U(6g(X4`-Jy
z6R4L9lwSGCKwWlEuK?xu>>6d0N%3hDy*`;j6isL{)8Y@P%UoQ2B$s(Av^@D|Ii+k>
z*n3)1M-j0sQ~G?QzkZ)&iCXCSxBqU>CcJ7-PevJQO<LR>!HC05WlxyqNp!DKBD`~^
zM_u1VPi#6}-&hab^Jh7=R(qOUe!Z<}J^}d;ptEtW$Xb$oKF@Nyb(&A+GlPdx^J-wa
z!R9VxteL&=sn1LX!{A##hoK=5q>V)qx}!~gSje1)<5S<ZXz>HIkrpxNs`08tLGko7
z2=fYJh1+Bl#FDQ%Eh&+y(&K7269rSrFIFcOEdbcUv;gv6K^Sc$62PZKKrTT3P!_?#
zg&<kqdr>0%=3gpN39Q0PK=1j58j`LcZo*K-zw3wB$uCx|k8{^T!)d;<lFcB;q_^z?
zbak{41LF(^t$4Hdt<iRdkRN)VH97b8d+c?Oz3s96!ybFR-(yFwdu;#UZI2xs9`@Mb
z{(g_`?;X7EQTc<tH*b4Dy2sw_f2-dfy?*z)$6g=2J$l;%%)vv~BJA@Mp7RJMQCENI
znnwIDMOh?~ssRx+?quuju2X#)W2%wWE>YXvq1}XjV?2#fUg<5d5DSq(h<j)g=2Kaf
zHQqpVi+>JV+(J<DFwsM%Js^|AEga?!VmRpI8o>D+Uq-4mHX38bJ9~t1cdC#cx;14V
z^jVy#;a@6Ito{#%ER05@k^j1ox%ab-{9k%Hc|VhA>A%&TAJqRRS%C&oc~A%ShFcxd
zLZnM}az3s%q2JeQgM<Uq#ni4pbpP7coStq(uZ;4ZX1J%>>}lrc%-ji0vH#h$`iMs@
zr~$rhIPH>*eauC6VVIZ2l9#?|*L&M$_VJ_BwP@&0GOB`M@_F*tRm>Qbauj^OJvw~a
zdCi@(hHc}SN~T5lQO_#sy}H1i$E9;}9x&HIiCQ%Kq>x%@6P41v1jyb4OQU|@1(#)0
z9HMQh4JOvseHxsqp1Q>mut?&q&!(xI?k;(f?Fw8bZKe8A5%1ETtM4_DEQD0Lo?Ge`
zdZ`90zD!LPw1yJ4#X*tBFetUY!!e>SYR-x6BfJHjHrGTV_GdW-mJB6N%hpQDlqWrv
zr4uMaRaEdi*!rx|85NoPdn)+)N<dQquMF0M147uuOkqFs^1k;e8nT%WUcbA&U5b+5
zIw|Znm+`HZ+itx)^C*HBb5T-bGYohz{|b?(9IuE&_D_G^54zOs1I3p$3VZF!Yns0q
zeJJ>hXPm`cEvAweF$E|%3Oj60W%MqafP%>{Zt+%O<At%;vN0U(ZLWsi(jvmUdROj8
z3tp6Jw=9IfWke6C(2h!C5%B^b>s<ACf3ZJ@n-)xpeNO~$?N{{Ly2qIgqAz}+WcB;q
zHPhc3MY80P#ZohGGq{pn7k6613CZmBG>CA(PskKoLr|iVNf&8=br&M$5u77Riw|HP
zOfoz*0P?923NsN~cuJ7iAmkpt9k#g*=|_6Zf(^P^=clW421g@%`Qhy5m6t-?ZLNXa
zV2(ycS=Ai__@s$*?%ss_;J>O!|6SJ~7Pp1k!~>h(xLqs=ISfPtWY<Xsy2|bog*DRy
z!)5r1<Gr!5H+#BLn8ru;m>A3lJ(hE&9%Mn@R8y{!2*J=v+45gC07?|&Y$pHC2Y|S&
z4L}?37!l=d^%O6QG9@^}QxUo#%7>wSqOV_8h3+K-;!!DLjEfqw&+rju(*7KaZ1ov-
z2rz|HL_d1b%5o7T11OWF=n-f_CX7=kt?+@zaBalf#(L9ew~e<O@s<uU|FAb&UVxlm
z@JOJi=%x~2-CtASMBgj><lE%Rc%{E+zCClMJu%m)e+JMQ`b*pFo@-z)Xo{mu^9igL
zTTDMadxmbtnK%FYW*&6Jnprcd%7rW_PvM#}5L(z@Q}XX~e(5Ivp&PK=YiWj~ij#$=
z)*YYS@h49A?{%3M3LGKs#OgOVQEFV^Kb|K5{q}cypa9PUWHS81FdiC7Mwz|~8GR^W
zd(;$WRzfs-rqV~;><-@?ym`|#(2KmF#C3X%h=!K%S3Sm+58_J6g?BuO6DuNEUJ&Lr
zX~6G<H#UbQ)oB{>BcaU`B?1G<3o)bg(v;4MjVJd<Ocnu<2_`<nO{J(^zmdc^zdx#Z
z;1F6nz=Tq*sQE;Vc$M8{@*$&i-7JY!)3Zd6&1WrJ-zE7cEPn!-ILD_3gC`fFxLzA4
zIPndO6X606y^s~Fam9ELa*l`aBTktxAy^pt`ps+I6F2AAp7f92?UE=$xp#XQ*;Sf)
zs9Lm5zT0!05`^wrMtc}M11E&13K|5X{lcpoYsBj+R;TBISD}ZcLAM?9W-KLL1#~qu
zVnLs=aY+-0$W0A;ZNyWHbq(+6$0<}WwC|v#b+<aduKNktHPvCPOjR>}0s%$gQ$Qc_
zdjb5Z9M~<Y)Juu85)nzkK$*-J=?c?xRR#F%5c)E;S?`u)%u`-+iCh8-ugz_}<6YQH
z;EcYR+0?lhWQ3YR?~;wl5b%Rq#E0E5>mi61j1c<Fw>&z_DMe3Ir3_AmQB}&mwOsn&
zy5rzSOw@tqg`yI@S{R-)e6o`fCg<~c@G_~Bb$F@yG_Iy*%R#NB{@UO3tXl<IM34(h
z55|ttNQ$Biwp}8K`PL=MGh~8wz{i#n&+|g&MWUNQh6_NlAJlaY!5K$b9e_Crwr1EX
z*LP_v8X=K_Q*CHv76PdPqF^feP9J)u^m;o@*9=(SStZ+P@itR8;A46=?Ao#I{;jud
zPggd)LCcqZlIyk93>3CyT@)qdwH-EChqrw%&#z_ppE1y*eGVgmA#|}ncpvEN+Kj#D
zX%Z*p%0-nVnFZ7~J@5k+@{*74eR~*84e}PSR!&<%Av~9cmxY+~B2M*2f~LZx(7Qrn
z0A_h9Ub!9uEK-8XHa!C{hd7K~SSMMM_7Ku40}EqS02cY5<<wpt$m`P)9;2UC&!Aul
zeHZAfg)HGa&m%18c(eFy<9KOF23gL7fwo0_BjPfNvt+)ou|fz)7jwY26Ob%%Caa=c
zu%*n(1%WlLvXVanJfkJLjs4svgWmOA(RXz(_WvxWYInytd-SmeB5s}zS$B`^v3>S0
zyKmUPP+XL*`zMl~f3{C_?@%h|u~L;NuEfk2iszU;+@IQmM0y48k}MwD^hH3zdrP6d
zyq|<``oUUa_!egl=#<uZ%eZg+>E37nDMzWMDOcj?4HH=;^+qr`yRfdbB({XxvhUsl
z!F~nip1u>f?_jZ^$AD)<xYJU2Xi_+PEDO#~FRxM4>+D#5MF_1{zEH47+bL{x#Ne}V
znql~|cS-ju7*9N*_lxTo=OaVJxJ4BDuxko5!BOZS3ux%fy#~@ewW)a>y(^if%(FBj
z#aza!c9;YID0eM+4%$WooTrKDb@H()Co)#eN|1IR+TsE7f^!qa5;{Mprl(WG*Xg@Y
z$H(Vqw^wK9qd)l$PoB%u_<a27qUQ00TY$$)AAO+crE!R=(I=-Ur#n2g<vv}X(d%pT
zexrw!chh(Rx!dQ`_%iv}-QgnhoiiZWmI8>&R${nUFRlK@d@*GEe#Ecuh-1IcQ;w_9
zI^>vE%Xn0K#BAK}DdfAjwr)vdga^gPXOAMPOn^E5>$6hkGL`cc+^WO9T8qIo8ynbb
zt_h+rG}XcVr_F}P*xftT=Xq{I!TfMt5Z90crg8v_i)5zC0=%)pE-^h~KDdVRC$4z7
zU$7;AyuK3;y0_g<9kkc{2*I9qe?c&6^NC)LpEAYEM9lzpcF0cUr7VqX;m-~k3j<%(
z^f;q(zskJ~sX<UeCS$R?11@YdB2a;TP#>bO7O92|pb6@nf0@JFuWr*im$_D_Io9xh
z3)Y;M^1{LdlgtSF{#kZkr}RAEG^%H74>c^0M?;HY^Jym9_b19q-%f3#+h&uH=e9{S
zCNe%vR8fJ}@3@NRfXj=~0p_cEf#6O{x6Bqgw$#>B#z~2q>D|~8RJ-+?VZ+LIkz`)F
z)!keak;qEQlLkjG#B7*sjsk7V#>KdH{|1o)6j4k5_$l-9pAveC@#oT)u+L$cAvl43
zHkY9!8-;HIrh^=@Yndj{<|U5>t6WW{idyyiHTZ$NNMxap9R!#3;$<5ft|<x_Of6^z
zo=cP{mIkJIUhqh;Toj3nJ-R4nvD4bw=zaM?e>j2f$U`~gKA6WS88LkXlwywj;<Iad
zWacHpnrI;`$>tbeX+$3XnLE5T_29bg$8+6nci!FVd*{Qu!Hc)8H}r-Lh+QzSm^9F=
z*K2xyf{#r*XX*pqeU1(fUmvU^>?Fxn@~WLS=J?UK<tr)6_cjG!pu#DtY@{w_b_H3}
z>n}bjQ5fF5#{tjyJmNWegeJn1K;lB?zPvL!KVR2I6XDVDO0D7C;kUSoAS~R=+Kmyl
zP6LKAKB_2t26o3K!IcFwFkORSn%W|b8qwnrSF1%-Qa)szb40Gw&Ma!&>-~e*Z~SY6
zRAp!-vGDFZBS%(DiU6ldlDYHI54)#1i&QktIy?(89~fgydE~77=HSg?fR(aA361@W
z8%U~x6X@yNa5%wJ$fWwzotPOP$UCvhc~U?QG_=v;Asb$?t>zRRk#Ekgowl<o7a}W7
zx?a*mhX6jFdcasR5=EIz9XDP;ji+hVQ^3Tzu%sE7;}L{Y(<&OEBixdy-TPZ_{?F{|
zE%gs|4Me*hoFolBOIoG|k?<(IOvDhifzVK8<Kl2?dukFSFq({CIrDp~q|wHhiAqzx
zL8PW{_c<iIGiBKFE&lJpJc8MVGnw^0inZ+E!4xHIi<ZnsWE~6L&*8|^tEkbouRX<{
zoK!}Le1<~F>3ZB)t<fa~)VJ0qt*fA}NOE-;#w}nU<f-A&oxt6b#?H(-CvSOUNcgPF
zJQaX$#|udP%a!}2rui)di>ji)>|hIC#JDC)$voQsGVm9qi?Q&_tci|qOCS91?cTRL
zaiXG1sYGVC#s2HJ`)|KJIDB*DPh(lI58t1$Q(p2s<(XhV9H1f4OICy{2-$+f$&@r$
z-A9AEjS~MsS&~YtWKF~T1LZWKMEtTUTgCxxr3(|_Xu_9Wlu$0nPtZ7kz7&J`fOTK*
zsV;35al%uZNa{bmx{rBuCucKf)d0F>v1-|d+8IeQ$OWr~ju}r<Ep<2R2a>G}T<}M_
zR{#ZwEb`M5O(B4XgcwEf6O^PH(;O>Gw2LWgK)H@*=gV9aCdu6^VrqYHk66;QFgoa5
zWEcD~Wa~#G$>gHw6Aj`{e@JYZ@T(cb({MEA>W!=*$jW<B7}GE0!a}eNlPOFeuNW8q
zQu^8COkzGjAp&T70Hil<=<eHob&WXHRkrr<#1qiW@pt#mMVG@40Q*7XLjK?F^WYlc
z@aRo&$I?a1)HETPm!S!u!VoIgsJnLkxF<(&qbIoylsWPwfo4og$gJsL8{tvkOrI0C
z!d|NO{qOG~TxEkCvUSKxKRj<5p)2i*sb^4Z4`N|kho7tqKnc|Pt9sD51NFt^cwRJ<
zc+4?*q-3)si#>Annd41ne-e2C40TcExdAb?zABp0BW}n3!tj(@6|G?^@OCb9)#9cI
z&)XG38+<XGE(kuSi=M@UXdy*w{oS{(k)1p*<gAS!c=04d4Hcl{2ni5NzL#JNJ#M`8
z;1pg+Rc=A^>1H179f6LeN`}GV2YLaA-Qe9qK8@Fd&T5e$=BdmA%>*5$a63u}=Mygv
zUP`N=25>j%*}M@JiY^wp$YPO2iSODnE-3(la#eHdt;W+r@OTAR4$5`oITIDmnJ6^}
z)Jj(D&z0A?fNkR#!(G|J;MDZ7mehU1!Lg+0H}TWh6D(ty2`Kg%JXfoHUhr6;pY}tO
zn8TFQ(hd1>e5NNPlF?Z8`&II}eHI#(PFjz3pgd~2Ri20GCjeb{gW4lQOX?1F?|xgL
zKWb9?dIPT-OrLU}#Da0sD^fUgmD!AuO|^##Z)plukHHQO0!1PJ42WRE;IU0Bg1LJ3
z-t6tw-Ulg>-QzxidexsZ>s>)>s!ICEG@wSPmf}e%mJRw0>VRvezMn=#*;0T(JlT+X
zWlbTEiqlkVpweE5s6_k;RstJ3m3BKv&847UC125>V0(?4MPza}sg@mZJIz_m<?vT2
z&hQebM+%iJe}`H$ctA>lpts$K8kK?P!%_3%X!GM(=gIMDe0w}P`Tp$kG<4^14js*c
z4c`tQ(WY5Ez_wv)@NL*u9vo{sqi%*6*o#7FiLge^wT2gu=mz6)oB4Pfl7T^Jok?hW
zLcV2aqiu+>G`Sa<P-;@hsc643nIe$KRCtGrU$Jv}a_{yA`v?EJ_BPTn^N+{L6CBtw
zzYPl{n^U@7d(VdiWdx^6BJ>NY>xF0PA{WRPb}(KvTzcw`LZ(_q^uxd#lktCV89a80
z{}0|=cyA29?L^vX9KE?nu=TS-FM+kYih2F@ww3o+A1`mV+E;AJEjJch{<qv&Y=?Z+
zt;JIPihGNt`KvdV8l`9KF3(t5rjq{=OUq1!x?##s2oRvZhyrtc<@Zh(u7CIfY6CRO
z^V7(h4u^6U-jJ~8Hu@Mo)5obwp5fqBCBNRgi3C?v0DQ4)Q;o{+eog<&{F>TaX)9c_
zA+8;B%KEJxP>Im*-lxBNpKj+sM-%2L?>V=3)qL3~5zTM!%ywN9c<Q^WJ8bOky2jzl
zbJ^P8+uQe_lE;?!cosZs>yYPpWIdS&)V0IU)VK+5Yda^ePvgH+53fVt>Mdsaq6JzU
zRuv{Uv(4}7dL5Em8v)6hBuh|>n2wDWJey+%7O+MqGn@B2SOJ<<&oYP-gpy0aR5k4z
zFlNxe6g&a7?dRRkjpUk$MGh*l9utoP_Ss~}>@Rt~`<b*TN_;BPA?xn8uP-m}dVM<4
ztBpp<^#-kQ%dxr6F=c5sPqN3gh09d+c?6q+k8=<On*}~wNKas8tj_?zt54>|z$>C*
z%>%z4?|icQR?5-iQ|gzg@&(|a-knXA*I+);evdGW2uPa~!nT?2W>PNsBSFv;SgWkc
zyejb-c^@Ptn~PFWj48=5y1)g0yiR@*7gN2HtRe2CXnoJG@?D|=1XMul7z(H%JM?H>
zmk`{IEf7W96xwMNN)(%dyN(vK0W&>KW+GZe1{P7l2OB4yW@-~;*)Cz#rgCn-5NUkD
z)m=>>DU+oqLNc42-#mzgD#-)edwMU5IEjpO3udJAL|?Z9+AsdvrGnkzPu<h2kCVyS
zX}8xsySn;#)&2QDUQpRsWUKbik)7LI#+riX`LpYNPGvn#H-13VfO09CVQF3eJ1xaX
z4lRVYff*ASM<ubG(ZEuMJ(@}6t+8=nk!W~@^pXxbbv=kXp#!WhCiAoee;ssCvUW+=
z4E=qQF|LncfF%KreKQYybiwl=Uzc9Ishm?j-#VK&MFpEa7}JdDtT6Wt%FIBifR`q3
zB(0K%1duW;>;posn4}g;q%)g_mO_v*dqEihAz>XShW7@>5wLmIKIZz^`qSv*Jb-?s
zt|$Y&eV>d^JWaj(dfO6XaEe4}6$?x~p=vM1<A#@RnRlOD=br0<VXs>XRqpK_1o%dE
znyH-c5~{_n9^Jlvkn>&ownjQ^C9Thab%E&in0W?(oO}t7yrmhI^<VfOm~F#%oUHew
z|H^D!df{un$lSOa5?}~qa|@zY_@Ynp*M3N~wx?*)MsKwXCwTwcw};<;dlbKk`fnGD
zd5z-@gR9?W@sM>7_6}b6_xJjH-`*U&9v*%>Jp8u5_jb6q*QLx07Z$(5+$3yHBroy!
z%g<2}f7XKK=ev7V%0hg8HRza<BU=zHu-&ML4gHts!T*ZgfNz{+4?HQ&@rv1-GV$Ol
zm6=P<WgnvCH|R9-U#aeA%f$&4@&bAA&O@$0uv@TkUJ@Esl_Ctgx=V7FiE@T%WSnoa
z%cdeT5LR;;cXn(#zim?axtuy?8%#3Fh1=P&Su%JQgL5JKesYC*dfA06guE9;51k3A
z7Ki3$EP!4uot;`e+~%M1Je7QfupVk%ELxx=<H@DIqm)%X=+NeRDNkgUK|h#|yVCt;
z4IW9(m&0a0<ne@&e=<Y(0I1KTAg*1V*8;AaZNpxqb#1$l-4Z7m<qXRuBJBn09t1Nf
zz5Eo|O>pTa$=)a#YsTrw7R3AP6=Y=Z?jM3TnDL_XTxkFk3o;f1M0ug7A*x6r3myEO
zWN~tz#1&6Tp)dn5t<gmQj5Lul)zl_3*7Qhf>F)0h;J@8>v;owrU2=7YQtYp)Rd2hP
z7~tSdP|eX-ZQW6=b+dSHZ#dlD-+NPQ-O<-<-H~hE{=uGK57QG!Sp*-FBa)0QtF%mD
zdI420hqf+=u;w_cCNdsRbVcD^p7tvL8k6MrZ)*DgBrfVV9oA?2dxL!%^x)mHK1lk7
zEEl4vRdcjeHPHF{FaYoN)>QQEQK*Dk(i)pqg(`7mU?YMx2X+$J)+|Jp$%Ms5ld-+q
zk5VNWV!csdK`HM<#-<fuEJu{h!4wbn{ewNcd>g`}$r#d49&3h>=l^VH`7f0y5}_d5
zr-C@ojjR)qumLTs6Vrv5C20!8dbIPn6iH5Pm{0^8eO2Yg`QGc$jqQIkSknRjKDh=D
zOWSUqCw<LMAKK;}Bz{gaebPJ>2~2vsqHJC^vYMItn^AFL-$gvd#pGo-9>H~GG#Phz
zp6KlXBRky06qt3KhUpE&@#K9U0mzfQzvSvKeYibzlKg_JzW}k8oUc2cN4RD>lbJ4F
ziGs&MZzQU-<6VGuS_;^-a=Oy<B)dD85l?*p!{CM9RlGD-2_2E=GP)xtecfxI4uF6~
zBYSlFeJuoa&2W$_;Jv&vnNdwT&Q_vBrsW=e_~KULyEed?(3UL>jeKTXsC{zuj09tT
zhGzshiNZP2xqBC6V<MfJcdXg$b-EYyoPoTzj;`lK2)Kv%6-o|p`WR<P-vwKr>*hcw
zA){Vz9l_I;IQnnm?5NHe@b$eAIjuRHtJ>H*jH%@zbmpXmcFM(4X4j$|bnb-6U9M|m
zm3*oiaEN)5dW|@^+Bo8%l&Es+fCH78u%U8M2(^$Ys4=J{){3Ix{@x*bWCu#i*_lcS
zNDxuUz^Qh@?-N;BV}9M2=jHyvp2Gb7>|fdIJ@&|6t5+Rn7`QR@4|P?BJLB|kgC)Tm
z+3tM-pMWkJ-~=3W8g5VP+Z?(-tzm3Sz8bV@jJ@9LH2tC0vsUZNR^DE3$y$?Elef0b
zA9QMYAs<(M{tPXR(IoV9Dt2}lpz&FxU|tAPY4=zcrX#2U$dcS;FWpps)nnb97iGfJ
z#&dmTjmq$`-i)7jZ*e+z_!An{pA|yvc6Rgw0Cm3dlY|h<)G?U1@)zUT0rBsC0Kxk1
z(!AbSzkWqXl@|H*1zjhG`+En6M=z{3Mjt4h9X~WRi}3>b;-}&8=a%9}uCT82*rsJO
z5o9*lx2?gLul|?gB#ZTR5wGj%!KFy%i_=6!S}tkiN<TkfnJzGu1%kB#JRoW9P)=w@
ziU5I+<X7fOzEGB5OH=REDIiwq;nwq>W-eydfG1YH@On>m!-S_M8Ha&>#q{@sPWl#F
z-<CrkWC?a9P%*$J<_rDUJT-1*cK^PSMq#Dz@uUetJS@mkX#vMvLTjf^5qc`%VZCF`
zHmEB}<@}>rOevUBR<gp2mzHGo`#I=Du+V^s`7roQ|6-)$9I`(vnFXy?)SF4<NX-~3
z(OD{a+)3s98h)NjzE%oZ@_8!m!D|8>o=UdhYLR5~4!-dP5LlJhlr0aobN%;Ao703{
zyt3=bMoPoT$QeVw2p6p-vJ#>_cO2QF6(}?h*MeNV9iVdmLC?CHC%Y1!k=QV==@=rz
zTE8ugtV(?bq8@3ZSSt9v39kTw1IFDb($t`XD}rwMB=fdR#@1?%zMz_;=Tt)nJZWRh
z2_mbKf?1zeyQ}$1leh+|ZP|$_ee&`61Ed=^Nt5Z~mPLi&3Qc)%cZ9+pu0QU6xccb(
z8=~$3z$9d>yq-QDf4DiBtgZRzIW-?Wr{<$t%>r!0A9yJqczr`v4BxUjzDAo4?M0gO
z_2uXW@8>iOU<lG<f%h69=b?Nz3{T_<U}a2a&hk(AOz1l|FW|;Y`bQW)RigxYWFvHx
zMKYg@0>qA5J0Kqiny2*shc<NB!~G{WNMLNEKKE5!mFUd4dht_!=UQdB&9f!X>6-Y6
zJN6lVF@yw`Z#td(Qsl#MCj9Wn^U)={sUSz_nNfYe{Nd(o@(My$=LRo$DoXy!W~b@w
zkVw=wdS3KqldR<F9j>XQh?y30R!oy)vCw;%f(yTqr%I@J?Zt1zFtAk#y<h6#Giew-
zicVuco~Ry7O|sFm?*0J&V@&_g!2t4Ync{HhJfj-8q_@)F+dX(gHRwOP9aMO^3V;lJ
z&n~#S!%58ZJWYg2_~VtS)p2lmI57WzPt#t4f$Dk8UyM#X(F(>_KYLZH>v3rRV{A3_
z{=<qR&#GZ<D<eFrLD!b2NtBf7DoCZ_bj7f5aIjI30YXb|h$KUxrE$+p4wG?$q#1J~
z2AL43VLX**tL9nU(Pvl|E4yK!nadt`+*2ZJ-p-S(db9$QDtUBg_J|Guw5KaHldNDb
z((EFBcZ!YVny;Q|E)=b`ka%6vXlo9rff3gt5Qdx@Pyz54!aBWnBVVPYb1Bz?LTT=%
zNdZ)xwNcAw63`>K7E+=@l){X0k0mqDG~{(28sRi4+<tuvQ9VyN^*#xKv5|mV8r~z-
z7@)I*cWo40xu8Lml9)#e*hZ{VnT<n}1)HuqJ4P>vLUdKiKJp5#nSCNPOZj{N`l(A`
z=L)$&O~;qb-lN}V@9(qszj*c@ZJNF0v0_qfQzFYjXX(&F{7asT?QVYZq|Vh`KJ@*F
zO?k?*NZ%Ip&tv!{TzxK*+bT0jg=HR}zd1i9Q8Sj5$-xEDc8t4VpXUihu;LBK#r@ax
zs63s^A}JS3bMMK>p9leke4f3sdO6W`i*8sc8QuW^r{GyEmwMpvMh9i=*F$=5d06WE
z09B7BT1^R_%2}NWuv&<vEbWC4g+8cQWxVXMSQS0CSWSxrxkH<?e&?DUMZ)-MyQ&Sq
zl6~ujPwy+>ZF-+@_Q%r+5E|tWJL4rzN9)Yc1wg!vB@9xfg#PSR&#aS|e>|PA<H>s<
zloxVdaN})2i%?Jf%H~z@HiWoH?nUuJF~N&;WniX|5HA<6daz`KD*IwK(|41Xx^}7;
zx>eU5bb-u_fQk2Ghy|gWO@fK~{qnAXwnt-CoF*!Vq(+g;dj3FA72}ENU$FCzC;BqY
zb5*5g41ka^Yvo)4kQw#<ctSU&g3!MF@rMt+>W8`}%NLQjF)<rvVSWEjG5c`zzze~?
zg9r{XUpbHO9d}J-=xJiE`!(A2wRQfMoqNl?!&v&ZnJ(b`?V3FTrkcp^<%)rp&^kUZ
zZ2TNdRv#?Nm@XIGGx0b-WLhPZ{K+Xm(`i3_+avlW*~m;554<3keupn+)GVmEMDK2o
zaaY`_UF;<vE10DEip*@HvRD#Kl(Lz2JlAPIC4bWm(^#bIE78w=4}CcF`umA~M)x3u
zK?!gXlqhNb^r1ZYIx?=<gGkeXSEpGYLw1UPwbVOZu?NhPV!FyTdq5uQ80YVno1Hx-
z{iN<NQWaX4e+*>^ST||`is75ed%J$DRX=l(wvgZo{in=npaj)r=Eu4U488YBCi-(i
zTBCd|#(d4AMI!DoKnxwp{25d42B_Ei$eHK_(EXktyMx7BA92fT>K7Y~LA5EfW{5Qk
zVU9&c5R62&$sEDGtyxZeTk)&4lav8E<82|QN!DX}S(LZ5w0q{11fLb}>~vo=WR1)I
zb$}eF=bIBbY^X<zctb*=i4L(807!BvGB+B{xcMCmVrPYG<BnLTrv}d63M%-$y}jP+
zgSSU-yOz?mhlvU{Tky=p`+h`Q!ZgW@^3iY#b3~KZ?<R#TQ6O<4vUuIkLEg4}S&ozZ
z7PhzBLV(~D-{NFXW)NDjK(A_%FT_&I|9IG93B_Vj+L^Cc1y!$WxWc9eOi;h0jR;I{
zHVnrYj9NR-_C6Y4PV|@Uq{#_}M2FUj=*r<AP~*vfT?#=0)mgnNT0b-a+L#H6c@i<I
z*hW>H5YCS;E8iHCj?H0Pl`P3h>1{q>>=Z^-M^L%eGZ73IwB&n?rw@FEs?|(@2)wQJ
z&jhLMVm-Tw-m`Xh@K@if72qCKCnr6jeNHa4#EQ9YU@?6MxzO^-1&O=ds+z#GV=sv0
zr;jo<Zjo^3GHwK5A%w6mr4qZDKt3^0Dt8B+mKukhjs;3<2T7wVPQwltXmGaxN2}3k
z1xDKn6s<<c0-`mo&n>W%Yf&a0zGR3k*=VoDlsxFP<4OA6*p4OnKMO~)B`l>DV&9JT
zSR2Piv{_p$=9ZM&LhOLtpXC(TGPLx3dWx9&#)i<5`}q^dlWnMzc#?e;#K|qtCfkrE
z32$Rt2*^ff_z067<8g{szGl*<KD)hLijv<tzlmE2+K{oh4N^j37F+6O{o1}Md~b?>
z`s=<on9oPFY&548&C-n&${d)T7)}m|QvyjBR4j1*;YFln&FtRq<65TB2<v?XHIzlA
zO8xrm5xk~D!O67EhhOlb1kh80u>4FeZ6n=cqhQ}e!RiJai&RNDYOTCK^$i@;mA+Z)
z$ueLs{}pN6&ZKm3lBhLtFM6y`zor~-Y;>n_PhUMJIzUeKl*Z&6E3+L#bO8QINTV2z
zM;ok5_=vd|1AJjOD(==xp%t)zswsLYs6o(0?gVa7hXsYDfg*`~q~?(`*5zs1g{jib
zWG1@czhp14^rff~2O3@l2A_If@q%Zi2P21048~MS;`zNOltJ!yL?I}irV%d6J_DEF
zev~EsSwct{eWq4f)Yk`aKgpH<ES>h3JXd`!<M!{~slJss@u2-s@EOlIi@91%B`@NZ
zgI>1_OKB-CS;A@SeSlgOI+bA+Lgzt;)&(^0)FYz1dOh|bgjnsCg%Ehc(E}>9Lt5GX
zOcs4tb;teLdd{b~84;0NTe`#iZS_A*$saVwdau{}Yy-lk9!;alM3Sn+xZQN%CwQLJ
z(XH#|_9SC7elN*@eJ@u7_r<^o;%oCwZ%axKmc40XTj~6mS1E_gwpxY*wX7B>aR*-J
zyaWLhTS>jo68#Gu+t9xtOe%?;szoX+Kh_Vg#9TZMS(ic>fy6D403q6SD6NDuP}kTV
zMGa3)vc)psx)s8t`mVNZ7ur<LhhYc;x<q*iZOjEX<zTIW!~mcno3o`*N;lKy43{%x
zg@VS(yQ=%sH-GAXv+REpvu|z&--w@o`lkH(r*G1qfBGi-nf>(5eE7}I&+MCf?=+wA
za)BB@vzb#Hb+vk(gMEi*t3i;VcQ+RIyQ++3MS-gb6xwxHZg9)cU4#yvjL%9@kXD3)
zmx~u#$IDVI^Af_tm2Nq1M*1~5xqHsFhI2g#7yR*xKq4lhIB^tJkZ^O!AB_$~-R7dW
z_3AbzAl>!QbTF&8lO3`>U!{OO_1(>lRYdEG9PL}1VS#$Vb|TwjFX_O0h4r~gOd@I9
z<d!<CT$P33ORPMJ@i4QIiWF^NYK8Aljco^PkRDPhh{vFc$OWoEEbfM7_h?VAE?p0e
zM}x^D%caXs3Q~%Q*+S-!>zWs_QOiB{ttz+=4y0KOqL?lYZCVH(i^2(G1~=pUZQG5V
z<}87oL5m+}v&(9EgDiX}b9Md}eQ?GEv%!92j>Xqv_{{R_b|d|DOJ-dUI<XF$Sc6QY
zjJao*KYR>w>ee#q;`<OHaU-rF3-J>JG68a89W~La(;P;iZJ?JG#{<R2UI;hd$Fkrj
z_A`T+R3|KI{l|-WwKRYPKx0(QxBhx9s$v~cv7L~Xo?shZTI56c@H=|$;U3bqZNR9t
z*tN{czCIGHodBp1T8A#NyUfbnpoFP#$kxBRf%x=OP`^u?&xF}rdVy46DlKHr=VZ*&
z+}}t$6ziMs;YYS%M{fG)BJ8j>n8<oa!KU1hBzubHwAv;yB%XRF6Q^r(dQvu;0D?aL
znozQVx9{wCLDkK4l3xVq=cluep*2dByE{NV$>x3Dw@*9m5MS#6zFOhE>fm1Xptktn
zv~0;N_DqQIc7X7WkXsF4$)K0Fz?SsOziN}rSq;04kjR>|$t2cUmjcrm5=O;R7L!5(
z+=z){F>~p&e>p;xLXst=w@sq{DkKx4wRJyb(8HOCyIb_1<G!;F6SJnS+w^sah3TDS
zHu9dFng7{}AkUlpfi-s*{b2iceEY7Wb~|mzt~&v$>y80qePa<_cRVE4Hy;uk!t3L>
z?ldr5{jU!94-gx<9u>DK5UUXv$9~Jmxb?Ad?2Dq~TH@ncfx({<Beyn6ZaWTJ=ryC!
z+Ofl*6D_wcUT!-k+vv5#%&mbzgc?36bcQG@%4;Uk+uqDu2bAdb-BqnH6REhTV9?|~
zNyS{4G+OktslC5GLpR8EI~Z&XpWVg<Un&6~*|;IxwqWNTvKMO40dQRrstK^C^60i?
zD#;?j9t2zPdjZZo_aY|Sh+)$MY|vD6%h9_E;bd4szAteC>F2T%feyK1sm$gS+rPpZ
zj13<=o1m06wvaxGas~#w?+aiS8`7347^M~O#dbZ%m{nGIjf<&M=-5StQKf{kSKjet
za`o}%<L!8|JD%L$T#YWTC!?#g%bSi<!e5@<+>TB!#+M%P9|a<hB_)NOJg{k1vSl(~
zlyJrL-~QVl*x_J*->5uOKfR=d=f3{a_3hQ!^~X<FCuc8wpssO-1m5X#g?OQCexKvX
zdpH6oXIB>=FN5y%*w=*X>>tZ=p+9@Cztbc%DQi!=)2B<StL%9)eo<u}b{(joili?!
zbNBm$gM+~ylZ7iE(~HBwUeKDEn<qWTn=w+;wDrE|8$SI<$CLL?_VLk%{W$`D0|sxH
z^l<SgE0a<1kXek&)2c|a`LzY79nUjqAD=yn2!bG;-6nt$4i9C0i3lt-pyaG0@}kgK
zMvJEHhq1eNs?YO$7_`YY;~%jJ@Gg_F_&VH&D91OVSk|m(z}J~oveuY0seh~`C6j#v
z%^ei<5RTZTEXP^xt?wG=leb8ss9}+@aF_*cbG3=tyaBP<(X8V&qsZwXmi3O_hS>ZY
z;Whhc%^lqhuJgcBr|cCTbMM@VRoBXhu59=0FBMP!hM%|s_hcr3|8<WMWo*d0m(l=o
z|7`-Ekluq!iBm|t+#ehPI@v2vS-TNRx;|7bVA9sM1__5r-=)7jso(if8F{sJ=abc_
z?|hYa<4ghiH@(~4fggQ*tZVKt7H7(+sQ$A>4-lyQJ!84m{_8I;WhuypDwm$iqE(<$
zRDpjjW3BzwVv*UL+_bUlHH|Ut*+`%EANil=K@yG>rgA3v#*62h>N7vMlHc+yzHJ)y
z(ObD((A=PYx9LdMCPUcLVa1JT3qbO-omPBm>jA{KNp#wt=JYGNoNVQE((ZQhrH&_l
z@9ePf+`+}_4Rn*07H^eJ{wmM$SlQ&Wvd(Me*ZQse%HDX&*`>JOYBO8oL+2TayWf6$
z^rnWQQ7H!lfN>fS?{5Gsw(!Qh-ygi)r7-ecO1!zdW0j44B#UuhhHPi2Elj-zL$g2F
zKZF1|C%@C<qd^C$YC&a8G}{0_toG|Kl`J{sod`~2lirZR;%s!i`SRc4!&XlO>;;^t
z3to7cxDM|~GWr*G;MCoUy*zPQQ|a!Ay`3ec*>ZDG!*=)g?wS~wVJ-WI7Mb%QiAC2O
zy&vftR0KmJgHet6A<TkH@?eQ&1U4GusnpqN{Ojx}6n3qM9XJJ_V%StsS?3p;_kj54
z>lC6?@QkomKVgnpu$StCs}!l88C6EJ$wimiM7OGxxp|CH6eTZg>>~k6>L)WEm8!F2
z!yQ3Cp;968(X153I7`YlxCrtc^MX7~3M`(@g<>zGswhNOrmG&}(CY5>9jRXpI_f?`
zBn<E-5B$DyMX$1GQOGR$rGZ`s8#}@NVhoiiX0lkalgkPFa5Cs9_wD!Z)FpUR`?Q@L
zc5{B+M8&pvJcACU|0E&Rk1thhAs_rW0|K{~Jf;XoNG(7M=jQyn&mka-U|&(11Q9Wz
z0JWETi%wU;#~?)uh(MaIoEa#aYsPicWs%I?Bl1|A1YXqC0)0N1^a%Lt?wvyQov!NG
zgyn=;435|4J2kug$;i)~i{nuw_xkTUu`)h<i3(62x$ep3QfB(|QnEROAeSOY!iz<x
zE0b#&CND1KrBDl44>B`mQ<IZ9BdOTt&d6kel+eB-ijoj23J(p_aR3`!EfsLYJ;@mr
zggiAZAF%O^@TCZhFLpVnO@pT^vzJ-qO<SX0#1bWWzh3rHKYK`&=rNwTI1OEIqU`5%
zLfYi2?Tq?E@^`^+koy%q@=Sqn65R7NiS<bodrLItE9J+u`7uzu@`f{JCnMKEKM*bB
zJu+nbd*2?m*=ccNgF6PBR#}{S6%cq?5>uS%tTAVRU@GoK0YE5gr|<xw0_f0$Q7~>3
z%7`g|CWUnX*%z1q`2|ALJF!IN1oiDR(nD+(<6m?#!ptFn@~ID+OrL8HS-(t{0w?-0
zG`4wBq?mV8U#)Z2r)Ni1i5GxvvlSR^rEzd+C7Jo@7z!!NX8z~1tSnYvM%_<89hfZ`
zXV<VV0`!mInB~Gzr?gZ`V5wS*$1_%CdVhnw&OJJDRgFQwSx?fG&g~Lm!7Xe=nC)T5
zUtJ-cL=m!takMoWYRW9F*UR8aK!EDt(%f#sSW}bpf&I;Db^7|>@!5y*B|AC0x*5M8
zpNwwK;HfP$7!1PlXP2kzOMg9z6l4WZL3)7mLY6X;snHtgL)^ZE=y2$4y*b4Fg^cJe
zfCM%UOFSF_Oh^B5|Cj=-h5lRbD)*uR`wvCBpF2o(Ld<yJ477$YT)l7LBoGatsIj^Y
zPe_P<;O7md@NxHZhpMAEu5LpHLck~8K_8%bM35l>Z%7ux?B2b3djOpYU-t0f(cZg#
zc!)$yU%-{B8Qk=Mx)R*CWTu1{CIEqwh;;%ZW`#_112Py1nz?Qv{w$)hi*lxxsUS=W
zjVOwYKYLmXWvP4+g?;lN^qNhlghSGe3z>J<^?jdVHS8tz#VdTOKk5*Bmy$%ND{9h^
zK5E4kZNj3ki<?g&`ZWTAP#mUyJ?LEAd~)4sqOfsmrWBGWUs~L*ldID~hde#a!;`C1
zyJ0<uH2pr44;ft$6QSB-X=&%zrTd69p4jqj4#%R5;yNAu4ClN#L`leA8-Qyr?qw8P
z9o?_-HM}`Fz5O^jyBghmyxQb*7?cZr4_jOdgVGya4A~Y*nV+E#_q(NCE$;b4`)-YG
z-TI}@h^@q)=~K6X#<nhYt;U#Ey1(0Io@blcCOhn!8ToXY*p?)*&rT7$ZGu=gPrUT7
zty83tGxj&m82fzN<JK;RVZ*lYISfA7%IR=T!qjy=tJ>WVebO6R_XO4F`3F8htnM!O
zMB?nVX|sWYCz57=#gy6WLYluuy6mr<EPG9=Y-IP>C(3Tk_q$%Q_+RJ+`m0xR-TBWo
zBJl3p*zZk$^RM9yeq9xFFU8&ZxiFrgXqqTC6$?PM4-jV%uim9SGe9m%`rwC%*d-0T
zoq;VP-&hDT3!TlaIp;4`QXtOa>E$){eTO<Q13*b|<sqY5T|}k~$}E<!T-P0GpxeQs
zr%-ZejX0sc*FZ2qk2s95m&U8ks8JE%h>(8&p!?(1z(dltLAz$XoP0OB{BYL4I2#_k
ze*0}5+l8(dH|N*8*VpIR3JMOp*Augpz|erbggcQ5Bu{39ZtQWP=cKYZayq_gsD7!T
zj`Boc(kJWl5tYZUT9VeV*06$bWqhT`f;#Chzx&t=%JJy>Y{T6ryzT5*xw8)n)g<cU
z1qj~KBXh<1r@z`tKAc^iU5!u7ZKzI*|56pgrvwjL=#2iqPgiGasXVBF#)E33@Z<H`
z@6%+;r#wn!6$ga8=WP_v$H$}N(aHJ8Pp1KC@3!|(fBkfA_`d#+r|*5bfU0J*<gs<k
zu0OqhKmMb4KXd_ug#ZXCW!$XI)w(`&5Wa!LS@Y459X#*Kx%F+c-3u#NBLDS{SRQ}%
z?)goRpo7D2)*M2Id*5vIr1kpyAJ~^Rk>m@p3+|}4QD1Pw{D-_;{sY}BH>pv6*Pwi%
z2BoR#`dV5yOXrJ2fa`?**9HUEJL1b!m|v*9d~O8ka}+wYPriam=c{XTzLp~AcOB0E
zLLJUOi27!~ReiJnMe3XVgLltY-~39=P2j_A^XtrcG1bEv$&}FYeJ#L;6PL%Rd$@$;
zbZz8(FVA+0`qc(%*LO({-hV(smAtGJIZ;+Q<E6WKP;juOsqT{e<Z^NirLXb%iT<X3
z3lDg;N$c7fHLn9^_d{+?GTwmPLhz!T3XaExdHkJu>T>PA-ZR83_GzfvXrP~ZLi75a
zWqT0RfLtpQ>SmI4EYyIW1w`Gi>xecxce@jD9Y!jUvpA{EsF-Giiv>%?py}TOUX1tk
zuZ}_qhWu*;qSOd(h(*~RM72h<fu!2DJ3KqM<=H_cHLi+gKm_}hff}_MS_3c4+T4ty
z=u!GrP>PM?`zwPfG8V!qw$AVkkctgZ#Wq;Q4PrN(UV0M%M?sUvzS)UzVqKk{P^tPk
zbp_!cM%e~OA>5=f2B7IguSG8a6W|04wDN5kxr}`i1jd$J%2?cxmL<@J!$YGBfOssI
zlgY}T5T#Ec5I`6AMS{auMl#t!hNl9sPwmG}*HELcDf$qyCzoU6*-W{Dd>1ywmw>5I
zZxDz?rQg8+4DkCwH4@1TuY8O=_<g~-l<WnJ$P4GrSqQFVhK{?)@mPJzUwG*<*AIj4
zkAY*0YD9U(b$^wS{bM5IA0gka59NI&K;nUXUwT9_&tM^-(@dhq>B?sK$2|qUsRM7C
zjjrdxD)vCYglLdth7burovKqoeMD+at!9&Ss8)v^$nTJ3No#%w8x)lAH2DSBjY|o?
z)~O6btg@v171or?kEdtj%kj+yLy9f(l>eA5_+Q~VX8H}<Pt$9&Cf{|}m+Qz|^d**w
zFV<XH3eVKk)V|wVMbo05H>7;^yuY#6^}&A6|061bE&so3fS;)W-d4Y7dw6@rp7~^x
zVsAtJZhd<ganIAfwURjZW%^K0(SlOfO5)ce)mgG%5v|S+(SNhPiH;{<YgE@6c^ad=
zy=Q2Q{C!Fd)<Jx=<8S?rqNV$>0fm)hEXhke-1Gv_HxW$wc#kQ`u-#fxGUfWSLO8Q4
zLP=eGJpFWjRwoX7vl3c>^2#@nv)bUO@Y%_CS06v#)E-W5u0|(kcGgU#EcM}^zt>BS
z5=^Et3Zmd(Iii5Bf7)*lTD#=S+@wW(D3Y?Y3CX-o#FycMI)|*gTP}06@!5BSxbX-A
z+T8wYAORtXtYVZ_KB`nHm&q><GSEBViX<=D%iKg5OQlzX0wLm+gHMEU&I@r3<&A1U
zmkyo)6S<bF<$5N}`|X*aFScT$lNVx^Ci6u@mNu7-LiDkK+hm+06wEQgEqJwFxNg$=
zav^(rCnXwv&xa?rjyUwmS8~+ZUdp!Jy`7ltihorx+mZcZIopwVrl4K_@YhJ%mR74L
z%s+$|OdXDG-6bKIIRA*Z1lNGSpKAi#1_0h7tRj<TAA)63>qmmV6YIl|`-M#F6qa0>
zWA{rwCy?xZo^tXydWy;b922d6D<oHCRv}`tsI-xDR~>_rM-`kD3HYpz;#g+tV@7D1
z{>>@4GyS99v)mlr{-R~S`86&S!RlUj(b@9q7Sj5Xn_K%q^}E-^|6s2PH{5^U{u2Lv
z;VzA3^-NC*lhO!-xIrD!@0W7+7w}6iL_gxuLVU)nQYj(71HPRU;zYj-B*QI}M>wue
zt*bZO8on%%#PQ0SQyy$^K4qaL>=QwGaR7x%#O&m9VzUL}O~K@pCpEu^*Rteyf+-se
zuS9{*&8-}r#}lE*aou8%0X+&`@vJOX+*oqmOv9mODMUPb%r)IIHOPuyGQyfbKj`eR
zfschf_`aHoA23}Vgm7ef3xqF|jD3deissPx%p#tqs@K_JNvYc)vKWC0-YJ$Q(}EYe
zag_WH*YkIfo)M9e@<jJ2pL5;4m>kyyAOWNc?B&8W$27uVPnL}v3graXECKA%tU{Z0
zA@q3%_F=G=!o&HUg?UrDc|5-7StJG>>^37OO#DlY>uC!(a4%QXW0-CkRXT)iV-rw9
zxmwC{WU#ZNJ8d*7qQ%i0(%s-qQn47})GXE*Q;Q^L+;*zVQMR*=AA5cEFnR3t7}t>x
z*VE^D;w7{8-gMwrIhu?Ch_I+77{0+2VBV$<DHKijmeM3ygq}7rT^9fl1OxBP;1LKO
zx`R;N1vYbo9cL)^VBu?tCm2GXFa}Q1ndLdlI2;<jBnXTF`vDQZ{*4_R9^yKUMN|l`
zgk6%Rd3tU}99IQZ-Urv98eqf@yEb_x4WJk=1XQ4TKiuCR1bN9sOw6mHF7ySSvmS8R
zHZou9sB6~R%U~C7k_=Bg2F$t*vF9iS<}8`F!!K<|VZ9h+lBva+^5X^Tq(_r6rEE9W
z6qtia4Fgh-zS)S$3ycO)Pf&v_Mig|%jVJh8Q$a>!3Pl7cEDM+E7&gI({z{qZQ%@9*
z5%?H&v37=7?{xc!e&emxL!+Vs_Bum&Q}}e>|7t{@aN&nNQ2Ic4Xfk6fSrOP%3?Wd3
zh$Q*MSW@1{Yr5SbAX)D^!_c6$t0;=5C~M3;NgqAjAR^PFqz7s%LfH6am6k~kDsyzs
z$Sg74A8@4GGMctto0!ah{nT?jCb=i$_1XU0gTem0!NK9-;9xHppy`uPg{C!8nm}rP
z2b9+H0rC)~&BrvX$^{&A16$t>AaMf(8(JS;>W@%PdZj0+TqY&uD2-^NBp^Js;ClM<
zsE|t889HENk^^+{o;6MA%DRZ-+TF~gy^7Gnz-`wq(L&UMQfV~<yqW9nGWELKgB5g-
z404}Wh@W`qgLb?0cCq$BcFN&EJ=|0fH&w*vpRRAtt}f25zq{3^?%CB3X91+o6FOsW
zZwR+|Ux^&3ky|VDwaQQFm7mruGiG3u%(hFQNz)|b#Y)eeB#Y82ZXoft_G=F#)afY4
zJhk9h#i#Nf3^;{wdohD#Cn%``;vfwHOH}rvbXlN#Y$_sNDX~T{N)#&v<gg^^6?0MQ
zW*ET?uqSP$(<(_3|8CH+4=wDs$)M^^YVbeT<h=BggxPACuydw<*JKnn6dFxw66@>Z
zfis=rQ*(tpI6S&Yyf^-xHK5@9{M$(cO?=98zqN<M#+#08yQKPcrO8Z0tH`?{*gT;D
zJ!7yn#eG7?6YDvn6x!U^4ORPKwGUUlyO*`+q0QTW7Y^F<=!DJo%p5jw53=pAA2M)5
zaH(|~A%5-DTg^6KP?KliVFo+d+;&(^*8Kj5YyBGUAKniJiVM1fWtj9?ujfLPMI!En
z1KPJ){Ru7IzlOM@iROnY@n%WfwqS@hyT#`!h@4#8wVNocwT-oRAG5BNgnCUA6pmz4
zrkTYRbYE?at()@g6TW?#nn`-}CYbAOGrh4rg%tMp4&GdB(_3|Gp6#SIi=HLsQ>gEI
zYql`UCMY~6#slO`MLZ20piQ|pXAJ!>F33o3|Ml7E{Cvy(anlgCY?Bl?5iBfyl7oMV
z2bu2hirw`Rq~g%o<Wk0BVlosEIScFzIs-C1lX3*SVr_`cI@&vy+>fKH%kkxhp|6sY
zP9qRF(imR!G8Q~qSm6?YSdiXbH5HgBKg?919Lh0Qp7XX--*7Phpyr%2K$-M}ggJY;
zbMWTq+k;n#reb)(JLQ6BF)7_)$R<}TS>`F!{r|J~wasnYT-wiP{|byV^Th5-w3DX0
zU2X5qx{llRHZQ&{_wI*IX9G!)#D*fZ1nF4)u)lo==LI|<L0O8O&TJ;?OlM+(2f)D#
z56-!89XuIB?lV@tmm9h}eE$pttT1Uyuw{V*ptG+5%d(fr<fVd|9XG@jP(Q&*1mr;~
z4))niixN3e$$N@2eao2bx->Jm4o$8OY92A84k&eaM(5QJO9OP>67DoJwqj>8%$bSF
zihSX7c%ndB0%3P~66MsWk^0&nAtP>?*6Az!VELDREK2p$&lf?O06bqd4iyEV&ty>)
zi_F07kF3zM;e?703A6`5^;~C%f$)o;$J>R|+(;&-(yg$n{$Ph;RVmdmQl|<0cXCR#
zMf^X(K49+f%^RF1cp%toV~9!^bt>W}etbny38JEZM~{0m^FjZ=<#m<~l&#7%U;N%%
zI0$WMNSwe!bB_LZE_vqt-P3?WxATg>{I_+cz52mxKpxJ=Oxfl3X-wkes+3d4i#YOE
z`NXZ7XUX#y|8&gF?lewb&w5P75n=c=sPXb@yZU-x`_w9osps-4$mJ6uHwu`IqIPe?
zZ^U<4nBwS}V0Q2S$TyP0PkiJ950bV9(sphu$h#*dhe>w3CRvY%Iy8nOrtofZwwT0S
zgLpTQ0zMW8knJZ(8lYRu&j%c|TW9Rv6ZQkDpa}Ce6v+L7j{8MNP$64!A@@rR5h6Qa
zM7E$rcEgE0DpF+I9p=YCi#$4Bq!%&rc$kqM)W|-k-FwziE2_}DEe@2er%R<d{-jjr
z;sgFsb+9A&i!g3b4}-(5eAdO2grfQ+`GfZZwRE6*J(e+lW!oFj;|pke0-}C^9xp%y
zj4LwNgbmj%2yPEQ-Nz>z-VdF-1)sYGp(`=E(IINovJ+)p?=as_U5CNQ7I~f8pT17*
zOkk&a(8z5J@?P8U$Doj7IOMHJWVH>895i3iS+|WsesG`qaL6GNIkZXQn_w6HAIJaq
zlTr52QEuPe?_vM!oyonI8blzmb7pA=u5?{3O<tvRlPJ93)rN@(nJP02J>87p-)9o-
zLgD4mZ2@($yV-`WAF){EueR>|yE5u1O-wQ%fyW8x%SUBp6qY{gJ@T5YWKjG0o4-*L
z)44}XsFluZon@Ou?gZ(AGnU~!{FRxdP@kLi{*sOxGrXgN9w$_gu;_Z)1;J}Ly4{-6
z>f<Ikm^Yjf4)s9r7*ds?31xd^!YDJJ1%3F}rW~^Ci*<{*G<PJc(kw$_>1`r0ZD5fb
zPWC3|&OHOuBX(l;8yI!O91^JCV>wdPJ(!di(npGO()d{!L_cUcYOj@^reb^+Zwy9)
z{N1@a{Eksr?%DUEsp0Rw3EiuqRs}ucqx0L7m%}7Zty&qKr}<)DXOzy#S<v?^(HN#8
zK)$VYgNtdfLJDRM=ETBLJm_(-FlGXCh04r?q!N$20%wc#2%VQj{-4F9Ni(@LB8y_)
zWJ3<bO868zv;iTjD@NNwrH%K9lJ`-sidKjg&LQNAsmj_6S~!rVMNXM5Sc&EQk0_4L
zXe+0SiK#vqllM6y@|ky3Dn5=i^F0wlFX!AmIExK@Iz<oo650^C)yraC!X`*CpNYwe
z4<hc_A@suPAjvS!hH6=$|Gch>VKfJ6()$6z<-Ro8Y9v+>%wiB*yR{COUYT7Kre-U<
zsMtJk!i;*P>Dc7znN;1Cq8>EOV)Ep~qYjv|qU5ThP6xu=t5PffAJbBH6R+YAMT|h%
z;oROkXXt^{MNc}=pa!;)(GZfAl&0AL)KM65sg@=!mAPA|^xT<Z$5K~sa}U9qvyM`$
z4rvM;Lcl6dGguAIY*nS1)+OMy|0pIt5JYgpU_BwGi*hf!aV>H)w9BG`H&X$s-<J3m
zIrCVkoD%JU7sX!Ih9gKtT@8!*aN>4?S!$~?oz!d$2m~Gh*;_k>6~QVe7q|JN(j0rW
z1NJ%FIQ?NZ+h9g(3w%o13YV>q++osV7HcWVr)@s&Gn1K6p|X1jp|yCQF*k`i=QN+n
zZt_assYQBgtXieB9PgL$z4+2rZVEzjjayU7bviHV5-6ARYMDT=3S|wHHBt%tdA{gs
zVP;Bu;%3$Gk78m^p0KBCh;>M1(36omJXNRanfmJFh5G7Hf>VCGKr+GK#oyc@zQ#p;
zX>D!FYcmg#2aB?(-Jx16e+I8|k@smn8?ixvVuI&{%hkiQ{cITQItri5gwHXjMN(xp
zal3wkOYd(&M7T$Ede-6-+!=M+`aZI6Y<uc#tmYTmCZ4($Kjo=T-#0EMF_)^1+*B>x
zrf>emT~%V@8L-8L3s^MlgZE^Hxs{twt&{RHhZCT5Vg!|3UP+wz$JcYYK4USVzvSZw
zL(f)e{)l4%@^&7I2Q|HmWqx4WQQ%+G`0#-Kh@C*eJ9L6vAo1p1btz|q>lW}bJ&6G6
ztTO<LlFU^W%97Gty<MC9b;D)5(p3iqCv4Y<7X|S@LHH8I^Y((2yH+(v6i;gVocHwz
z8nCw;5(~9cNBYe0t-a~i(%&D^qZiyG38U`q3Z|odNFO{kB;GJ8=4xgton{UAmBjxW
zMcX&(sWWtPo8FqIZu28JH}?+UL5u6FbG1xuRV+%qYE#K7I4qCcic6;lyC_pMWG5|t
zeIPz4UB2T$pKZotX@!1Xl*c^*!%h^nhoyK6nj%7f91r<^jOaKKvXa<sLd*$vSmv@N
z9w)I2n!7bzoO4I@G@k{AbVz+I?i9*NA$W2R4_m0`Ekw%dsIz}I0~2Rg_5rz_*^i^2
zfNd2=xtBQ}yFdH#-u3q}GvhD1t?#1h$R2+z1oWx<u@rt!^*u^|Y_;FhitVZozdyU^
zTz)P7N@e%e`xj}sull%pTVJ_|&wy?z9q^-H`AM7ejPF~+m%1az;}6t7UR!kp8@`%&
zMug*7%KBF0rf}v34S{zmFdOlqYm>8K0kPD*@e4;FNM!^L6L{r0kVZ&OLV}sR^Mc+5
zQ0wk%;OlS&&5Rv9Pt-dsmn;igT^B|5POWvd<QN0ojm|c1m|X#)(rmEIh~<W4{>&jm
zZrvKl8JU_uG;)B)Jp7&*qNT>tcwZD-$kutc7aENlLNS_IqzecW8?fgm7gs9rk@umo
zKDKnqSEyG8l+(Iu-KNS;E9KKosdJnRXLVKJfNrH;>4SmvBRQf#4#*M1f8Q5E!f*G?
z>Y}K~IM_bHXad2k0qag@wix-bYUYDm{5*0abyC(ju`Zop(c9<k1!gyPT4l{O#hJ0w
zGM(Vn$S2QFPygk4a)5>A>0OLJyd@#QmE@NW-f{{quOW2_jG%k!%*!b|_@IxR5*SEd
zeC6*{U8NaB)^)B7(pPm8%eFe`LHh+qU0_F;naWJjt;o31d;uwMOpuz#9z1cHD9Rbi
z;2jT$W9D@xVW-UM@$<L#rV)BUk^%yiX#46Mf;%GVXIZ<$7W34&>g=+vX2pm6;7OB`
z^A~vUZ9b-FeVZxxZOw*NjY$pCd<IcpxHsX`Fta}ZNZok;0d3mBlOPhN$uA5<o}PyG
zT?#m)AykoYWYa0$PIcCyTYEQ<SJ+{JV>z5EC`_~&F27neGt<;Mn|y#*oBZ7mlH-QU
ziBa`BIe;zbO;KID9zkjXK>i#e7aTJIoItUm=d(LJH~>PS;%+l)=N&p~`1_C9M_SnC
z0tzNxE^;5?bAN`xg=;<RNw3$oDve(8jeQZvI~}w|r4}l2%X3B8g>0jaK<PK<SL%9v
zb1WqcpKTGL?Ixct%OWpon{D`p&O}e&yUilUqzT3Jy{TTM`NEVwdD62}nV=T$*;rS}
z%n%jMAFi@|LC<m197tMVVw%>aQBQw!$C-<=gg584HM8HJCYW>f8YEp)4d-xXr!t<p
z#0`B*w*b;#txH6&;L8{w@u|3dMukk55Jy|;Tz&KGx%y$_PH$v?UA%lVKBd+UF#K*T
zq2qC}zs&79RRy6h`hrE!q;B02Z-YBsyQ!?!rc^)v{pA~k9Kgn-r%T^VnFZ{%zPnss
znesmfr8iRFoXRPwW&rvl`k!=`8ORf|F3oL<1FWZ2dMoDw!6hKRMpPSFQM|9$I53DL
znG(ygn=n~=izKwO%$$2M0&YK2r}p07m!@LUlvveBWbNu6c3VtzHZRTGl%<(9jd%(1
zCX0~F(||IFfXG$q%$QcvjoRY8ndwTS)m^ypu%0=~ttOBbtX21lcfMA2>87%vDq$Fk
zT^6O=iEeIQ4P;Un_pt<CGxX@(+`M8O6|)p2YU~-P_;0Sgf10uYfCtWC!3##rUqwz+
z_vYr6rN)WKbhiVb(KNrQvXKhbHC$6h#b`?159TbUnsJ{TG)>UB6B*&wl7EdO%vmwv
zo0dgRlN4=(Aqr?#FG0f5y_R^sol{q{R&U2cgd$Q-GOV$<+u$9#(->Qn8~WB3u`IHg
zRhnqPJkbnoWyHT`2_=+PN@qpBNYu68O*B5Q-1){9P7gSkPGPJkN>AT_<Z|;tU0%s+
z-@f@Q`L&zfnZ_IQD;uN&hnAxYjv;>P$n7{M1o<dR<Wu9R&0G-;Aq5@2;GD=nl$%oL
zcCAa3R|w@1mdg12=E~a;SS|8c9oT8LZX1M9nrx&*y?J|cF;eGzHFXd?R<nZO6a0tL
zxHaMQy@ng9MTvwr%VI^@le(wHuw}4-H){jnffgQ8Bv3z^m`WcXgaz7NX}#`@RJX_H
z3;1%!(-uBaZwi0_=*oR8_)@}v?K$Jdov!l2a>Xrnk`+MeMp$=vom{?cWFA!VLtQaX
zgwu~}QrK88iu?#xAnBoAB0r-}k)2-Rq({kAnhMe)=~~;QvmfgD96axTHk43Ho#!TF
zo!9gQF3r@qJ-yXpN?qj{58MLRnObSsQU1F&wHc>>8bsEAe62DxCSWD9cGobv2#u)+
z5mPg}^u%j_@3bc7o9fOGo|LXv%H&l^ByNjoCnG0p>z%2Mor0S%;1(KI#n5|<>#EjS
zTde>C1<0N2kzMNd%p2EC)QV`y+)&SJcQkY5c~QEp%UQeb$cbYQQJ;KTZr0o>TcGi>
zLeaF~gF?dI`!y}iqSociE%3{$v6&7ebzYjw7jbC-)ed~9pqIkSb44E%h~B|>1P|14
zbu>!wMmfA>y$@q;O4kwcnP4>M#q)1Yn;K=>Q8rAFnOj`(hO6MtAV>Qd-loFdivET%
z^Yo?1)jGbqyvEEF)|o~zVi70;KFtNgrf@?ew`uQ{tesi@pz2-t{h%OM+?OuW_Yd#R
zR%MZ)bCdcZ5K#b|?8Jr@7m7#Ex^g-JG#FmQaq0JlD6&27skO)A+)1Es3274unPk**
zTPzdW)5L!uLJ5s?gVq3cL==a(v7yTC!gPjba^zM3Gm#Ogt}B3)Bm)X)JptD?plosI
z#iO*5%@BC$lI<q7ZqVK|ZHxr$+N?w?x+#ZZaXkW|TNqAruU$%_G8H8&Q(eL`5d2^5
zoN@SLrZQ2c%~qzu)N!I@kTni}vD|U^+sZ)JC`f7{HmMap>x4Mud!SMo$!M#sPjNk}
zJNxP4O+<HX?P0N)`XUO%!VwK_)8UR<jHraaczQZ5>bw#~>B$*B2(^R@A<_&yOT)^;
zlgPHZ#TF-u^@WEc0x(D|N<^a8!D}3QQD;?UY*mzShbuFcv+dE82{t@TZ~8Nq`G+Xd
z>3XMa^43>;zJl@DP+F(%D@e2m?9`V+=tM*_xw0mk2cq!1L*AQn87hD;dTJ^AYQf)5
z2;93CCxM(#bm<I#tt1%y+cg;m|9TQgbcEfL9OE&>b(3Z6D|OH089RyZCevtD+>=y;
ze?7@HdgeOcwC$bfK_<#Ag5)jBEvp8m=qJALiNE05XRPt}Ff5?$=OcDDTxu<L1#+Xf
zMv>*n(shMMbz{k>gZpNUt-zcH`>o_k+xJbX1OwXeGEcbjA$9HKi8a-*TAE?|38b#p
z?sfTDkCR6{Kz|MO#pkTWHk+I3VfkpDg%ImtRY~gAN3?rl)VBBw4Ie7EqvaFw*M3UV
zN5I`bk?qs6(W8SBN&HE}lc$vr)Q8aZn4kxkQH;IZ(T<90uWy@faSqD5B_)#w=R{<O
zQw#2v^KFc)uGlRH@|`N^*H{Npxwq{53{xJ;hkr;((*M0Lscijj#`9lhskT>O(AJr*
zv^z?mdotcuS7wZ5BI_aWya=g^#D->H9J=n+DBQQZ3AE^Y{V9#CD5NZa$jDwY@m@KG
zKdz0Q{aU7#d7DpT4aV1rD{rrci#G%EA+?`%A(*5-XT##tnP(kpvd>wK``TyCesO-*
zyFW~I>@&%4y*C^9`n8Ij{W=csGSn89>Gk+5Q5WY5-2TO))a&JjLlT}cKalm_Y;KUI
zw6uEo;`Cqt`EW~f#x=OI!?lQiYjYQY`2?opFXO}3v!Yz+JpGg0DTg4wT?VHBak!9A
zgWC~Y_6onElobW;TTV9Y40%guT7J*Je>sN~SZtQOd^5%XHAb4jy-TnQCQUdp$s$qT
zapVYCCX(;G=lA=>-cFB_uZ~CGxwnV-_V;v!=Xl_2ZnX?O>!q<pc548Y#a)?f0MU`=
z3stWrF6;6N18v-RjxKabmFbo&GX|(<ND}*O^zG@l&jx|rnn(}2>kE`Q;K}ZaoN*SI
z|7i`wk3U|xPm`@UosZz`nVV|51Z1|j(oOHfJ1;5uj$NnoIU~s;;|y^i1W+`2z46)1
zWM%<40liMyTV@IW(9pQRZOAdmxzg2=@SV`%6BKVxpiJWawO<oFvqZOcLCUdSXDP;0
zfznxc?asWbzcpn+-hGXBW$^z!O&9RB3d3gyyxRDI537BBY7hS3m*1D)m*1D)m*402
S``-Wn0RR6W9x^fj{1O0w-n_a1

literal 0
HcmV?d00001

diff --git a/vendor/github.com/cilium/charts/cilium-1.16.3.tgz b/vendor/github.com/cilium/charts/cilium-1.16.3.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..eaca333a4751cd3ce9cb43aa026a62aaf626ada3
GIT binary patch
literal 204585
zcmV(~K+nG)iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ{cN;l!Fq)tFSKw0jMD~WHNa|sWxtkMNl0E!Jk{L;!**%**
zHrNf4ST!3x4YVXq9)J5is4Ae*&89?oJiC)GJGu8;iwzVCg;%{Rl8G#qd#4MYo8F2q
zlYjX3|MmO*{?Wk!{BOVCul?`fXn%0@4}*g@{o(%b&G2CVANqsg!O_t_u>P-r%i4d1
zHa!1_{x2S@KDqxP|M4_ch8w9;J!&z=b0cRwGK*r`lWH%@V?AQ+F1wRyJYuJ?S+0b6
zQ2E_NB{Ew5d&=0o$hB1Ih}{qEpDAC85yOp@V%yBNl|uLM*Pc}Wp0*fc?B7`|b(Zke
z6?DP@7>&TnA!4DUTxJG_`A_=`Yiulq2Dn+S?qw_(k7H>&@r2EaG{S#Mvtm=RQfbT{
z7Th2-sa>a-O;=1Cp2j?n+4sd%<f$+OxH5UBi)g{PW@aH6pGpfEp&7+^lBfq}az2~M
zh)uZ`F;gjf|8Hkky2Dh?i~@)=nHZ5XZrBB1iJZOZ{d-y^_-RsTBk~6si>+u6V3E>M
z+4YH~V2!H~3>!{;yHyD~udNW%MV6`DAf76n$$62>bj}DxM>GV82-|Kv%9Tc9i`2+m
zFq&S6$uvreSf+D;$+Ik30YDWCHj}w{;7Ov_2z&l$M4s~GN0r|tipN_JR8W@(>aqnL
z-6$*^CL|qzuaa-AkE5Bc5G>etY^HMNu=A&ju~enqat||)x80(DQ8EP>M8`D(U8smB
z*CLj=h>Tlz0{z6PPi(iGx^2DT04|Kk+>qPtwZ=Yp{_xNOKFlEmQ=bY?ND(8n2Wb{E
zWgK^nQI6!S(1Jx=3(XRFM`uCBqKo66UESEz{Qdaka*ckr*>g9finqTP3EWe+p~XEH
zSuV6lji%WE%q36x9B(&l++$;7sbIKFHRA|JXCjg_8Nr)isbCxADq;6Lm#WZ69oMRI
zgs}^^-;73RJdGK*m#HZ<(;{*}J%+IT=)0QPzW}5iWR05R*dBZH+?yk@+4j#(2=@un
zx@NSqn6z|($x4ObWombgh>F}cEAe2)KQjc&f`~XA$c2m+)ONOFS{NWi!lxp^-D^8D
zo(smcmh)7^%qV)Z(pcWhxZnvBX`Cr(SNxeHeNGLxImaI87MENd>=T4^ZNq(9-3GzL
zG8H2kR1UksPLST%a+X9zOQf}39y|_Aq%)OAVkuI5d~n1L!W&O4yO0a5ZBq{1fiMe^
z!$|Zt*-z5GU{NHro)t;5Vk#53_jzK;4Un5iev`<kejV^6Tkyd~!rLC(ZeveYKh8F5
z0F43a#?_eTs>tA9b}{@yxINgs5Y1Q4hQ-)&AzE(Pw_l9vLd-4D58Q|czS{md6VPpr
z-Cp*b;fRce-0nGR?BkeI?QUGSlhr-#PTLUfi3;nK2!1bgWqpvEc8#<u@<=#J6JVp@
zwX?iL2<|DC^gO*+t5bLa)-GnEZAi?3BNetMJ|17ej>5RC9C%A+H0<V{F`7Jn$^}wJ
z1FgP)Yu~N>UPkt6$ugPFwP*3C0++>3Sj2e!(~t|Ljgv$kS4^f>porl1@@rvNQ9PQ4
zEBZwgeHj^_B3lz9+DNV!kjgWn&(o`kR(7H~<B<rdwRXe4`!JaZVOiov$*B2~ozAli
zJH1dmefMF)Xt?c8bkG67(vh|k%?rzrQaj6S<${}%zk;rWC4#IlTY3{UXva5hqK(v`
zec7;;o*@Q}w%uV2IsjPOTWiF?iyY+SMye3DFQJNEgO`!SlK$oNu;Xk+j0#RIQbTYS
zspV3omKU^-uG<3jNdouIQ+uj%F%!8+BM~zMKV7k9kr<gJcv;&1n$2>x+^|R1E}?fH
zCMWT|$c@zSM28dukWWyJhaI=Lliq!p0LZlgpQK!+wIy7kfj4Hcn8_69O^+N=v4R)l
znmvdlvHuGnjmhP-usnHq!TUZj2#CajC~dDYF_VvCU9Ir$!^DbVFWYIBrF!{J195N5
zomS%Hc3LiY%v74JszMzeuW+-$UX!4Ez*8FXbpE9Fg4=#<*n_mhO|)_{CXRx_xE;bW
zeS%5L1}<@!Cn@>yUgWv767V|9wgp)gb$?<%wrbZ@KwVajzBQR$7i8J+q`E!ouz8m9
z>na%@zvGF0AoKBLqExayJrc#^DfN|Erc|;eG3=nsjcWOG9JiSgXZH93=ib=8MJ&Dr
z(f9<Sn9If!P}GF;WjDxPtRK1XylqR34JU3hGaqaRTAimiLx~h#>xtBGp;s0d-zl-`
z-t(joEaNiQ?zr(ROJpGLJNY-35vL=_QB%OQNJNBZaQ*2!9iLr)utMBcmr*3+97Vn@
zFCq(`dH9>@;n66`fs*|UK%knW;Ys7RwUq@ERQ#G%_>zSxaVeVL{)^#BnyMm2Y4Zg<
zVlw1G#~1R67ef{fyA`k4glWkbWXL$802d1*@}*3@63H>&_T<3jYo9NIR&F9I4Z<Ca
zs`6ZLCr)?lhC)!V(>lP`-%IY4RH+g9j5nRXiHcu(8D%Pd_6`b9-$cdF-8?m1h!L>T
ziS22}@>>i*y8GCQyY{QFBb;2aSF$I1Kqz3My3iB8ELALC_x?R?w|FLhD5u!sS?2#7
z^ae-0{Z<7-@ow_Ii$<U;ue|868&Vb`sXtEb5|To{wNRD<3u7`p+S~Iq+H1+kLi8Wv
zwD%Vsi$vb%y;PXJ`GOkL|NQHc%XIHdMOIWqTi>2s^10A^iJGgfR*CBA`+4h5tR7Sz
z>rt!A-c8=Ox`1`78`{9S0s5`3$G_FBA>U=UxhkfK&<mxEZG2Zug(uPOzx<vJdc#4l
z-|g?V!fnwak<udJrZ|^ikc`x_I<wY&jpTo8YwG{J|A?OO_~>8B0pLmd|H1Ih!O^g8
z|9`W8@OS(FU*o?W_Fg7}%|&W?c;qQS0h1(qcmCM#UGh6IlZp6ecJ`57eY|DoXXD#m
zYlqz~q-OSueW1LNy8!}iwBH3gt!I{5(rdL^JM3R|v=B?)+F@pui4pr#S|mw_X_L!z
z{^v@AZkH9=Jm;3TT4vlxvVSf_l7S4EYia-%QpH57i(HUCbK&fMmprrgerw0Q*6?Dc
z%CKm`)45<#E{(LJ3St~Uvf_+P3p-V(Z1$8$I52w_PA+~bWKPdZDjpnFNPKVYu=ilH
z<;yG)Bepx}z1i*9|9Ol5bG+MXn&^mG+O%RZE#{U<2a24he3}RbKe9y4=csBD@N+z3
zGoEMxjU6HFzZ+>?Z`AF2o>$mceX6u2cOvdZqG4|JQHd4`p1x2p7a^8Qp|yR40E8!`
z6-pD>h+u$?764Bd)2?1=BbMIf;+5#ld+hFB8<mR=10`sO#oX|Wn+1ax-7-tB@oAkU
z>VZiO(7;k|QL!7OhKyKBV@J<K4htx>>A0@|C{k&PCchp4yCgM>+a|=mYGHtL;taHx
zT`e+>2Mp;<__sa6FoE`K01ALlEb|`$!4NbpHcW;7Nz<pl00jNp!KFVl$4KG=iV^$o
zRzBrXeFK4_&90i7v1`)qcHhCVJ^>?(-3wrPs7k3VMmo9?GkGCewQU3J2Fr@X3Mx@9
z46eHU!P0{C10u(Ux&{9;DU##{TaVbE>?P182C@y`yS955;k8>h<SV4^>wsk;Oc_vP
zhy80TX1qv@ZT+SF-+MiKN9|#o_7~t%5bp^$ixF$LHv@M3Ht4RqU^r>>!l*V(&i-r3
zjf_~L)LoIG%o5mQx-y+9B9gt0UfHpEyd*Y}T4_+wyl&mS)g=9Xr?er&)~-#&vIDI8
zT;yvv=Tp-Fmz;8#iONkm|8gyH1`@1xG8WA4YL>{QG-NgsjL$*8md0K+)Y@t7u<;DP
zE>)3&AWR1g?pFIHK<Z>N2E>HDAtNDT9o*eTF5=csFmh+Zuz0E47vA6)xiTgZ<-pSw
zi$%g$_Tt*HK$fgXjkI!t$ni}p;<+%4W=0*EkxQYODooE(>=ejx&5gLQ*o>aOX#LtW
z+_bM`YF@M3g<#q;CNdSVA2Ua7S&6*8qqK-r8sk+IZtX)@jJvn?Ewob~^oB=0Ht74G
ziFLLg-uzRGv7a*iP4J!;xi;J5Y`c`}C~~JYwAZy>sN5hx4a!%>*+R}2_G;!vtWP?a
zUO4OF=2-*qQH#!+zYVSMN$x1#k%E0plU4OmcXp3Up%<|4mW3&JVvqhpq{cbX0O~iB
z@%1^PJT`1u0Fl6Z1V))DJ7u~IwaK|m4K2v;d<UmT<%TWoowGl*%u3E9dr$mxt?^XM
zZPPSnB8?sS67?W*aAsm4m8Zp0<T5J3gi!d(kN9jqGy%q3FN9`OVIG7?%N1_ZBDLWH
zw{N6nkev7}k<gBs<1>5iVmSi^kimPiZ-L?MPq3<6?^7y&DunG@U$#pm1}m@yIT7+C
zaZkC30hGUQ?L^3{AqP%S&Dg;1rs3h?bGx7epe*I4g7xjpDtm-DLpy6b9~qBWAMaOC
znhJLppF|PdkzoCVK_a!xR0`&l+9P)AzU*p-E)YKzJdragV(8y%Re{2;LT;QK8^ebi
z)Qq7x4oV{Xl-a&PqtJ1f{l|Z`P&+A8y#5-X25d%b31P%CQ#sF9bmKlJ?02I??n$i+
zq4x&+$43^1w5;<|qz36}2XQ*di!qCp(CMym)<e6XHz!C=i)+^+YhR86-<AiJ-|<`(
zY20JqiDc<ki_d0)EFLt5vFt6N(!;9)+}s?I91B>!RUNw#L^*ZK9NOn7FN8z;qkV85
zq!#d$t-zH@&Qq0(xaX<nRijIF4}w;NvjS8Y2x5<QN_5?_u(KPy7{DYm6=CBwIib1<
zJd79Y24F_F*kE19wQdX8z3tn;_Uy;@;ImxJ5;<RN+Qt?5SuVQR`UN9c0q1GTEQ;wg
z5nX6l2VAbuI^;rb1GbPaK$dRBrO=C$Od?12G-b*TUG93kU_j(HOCXWR&0LgXq@0CA
z^!yM#ljxouqPG-gq2k|1xk~?!npWpP&|W@+uG5foEeQS634I5oZ<q_N$rH#g!k*hK
z?^hyP=kmd{fc(om=T<xrxm5V#(e6in`;3dFN^gYewSrC`Y@Z2qxdC=hkJtbQ8KW8m
zUuklO1xVhVsMmrYLRs<zT9kq!zHF733ff((B(Z#X6*BlOdV!4FNAh7IQo5p-94t~r
z7ISz=a+M?>3*)T`+MT*aOh6Xxp~(6S2i>e<ai(A^lY<wg($c7WHDc|b3ci9kobVxR
zw-_^gK4R^ARD0VWtSpSyq7iG4XIIKh(3!K1%nhzsEaw7@ZupN8YwHCc9v+R3hVhX1
zkEc^HdwbC52S@$mV;&tuN5==lL3G@oy*-!>-^TsH+xXzk@tcF={=sp7FxVd+bN*&F
zd}~K3v^XQM!Me?6_TgBq?VDbU(<e)`OvNXukte}V%yU_15bSUhEks--GM$g{UBsWy
zA4OD@-fN6?nNgWa)O_{5SdCbzg0zIRqPpEQ)Rv+3^oES5BmXmFOKzgY1$beHKQk*v
zba|Flw;h;<oej2OuJ!>9N2y|^^oS)gEgl14MkQV)2I>UZcG?rcG7xAF2G-tyz+i=9
zF)M9D)nQ^4>AlEu4Vlq<C8(~rm!Q$w11Mdd#@%xGy;gvV#l2fT!R-7|YPw`VA7v@t
zz7wl9{S-XctbJ}7)BnUSWdl%d+0AVKxBOWE*EM48D@7|W{&NCG;oyfWh08Bq4SGkY
zC?S1?l{&IqD)7XQ60UXV+ge>5*Y4CdL%X9>dz@X}IHN1D`t?i2GUL}<Q=GgPx~2Q_
zUYzP~rs6Jr+uMOZy7)8b?BZ1WgH2eSlu>Q|9@31*F{(|2i#52M#iPmjsc-I7Y87bq
z@SSc0QG1BvN|#2cymn*qd|seu7=k#-=i7A@>AlQV3dZz%o=eNLIw0ri{Sz?kxu0;e
zVDJpOKHt%=mnauim5jDacbS@Q%nfhZEeU;5EeIFM-ZC|N{;L~e#F~G<g_qzALXcFx
zf^WItu@xx&jp+u-RmSHWO~)3?Tjgoo+Azg?l@v=)jvw%^CrE<rFGG6#5d2j3bQ@<T
z=PvYRr3%o`gWJ+7jIyl80%bhsO94_fc+<6Z$p2q>5!(rO2;V=*<$j&XIWZ_~xuSMm
zK4R^`aQ~oP{dqcK|JemHG9$DBj>G+X82o$R5wT=~yt^N5dEih~)&)C9mE%#<zd#t-
ztJ43uNMn(MNSpA|+J)_3w;FjZXF3Osx_C6}oE2U$8E{b0lv;W<)k&6}<V%%Las?(h
zw76)mhy4<Q`$CEh8JsA4bMq<?eC&{IX@5$Au&IdK&lAk!+=AD<VaoWNKHZU?T;J!U
z!WyEQP_uvZ8pW49d6mt%hruabzlhzEEPE~gtJ`}t@(6bki?U+G4*LE6l73i<CGczq
zA0!=Z#IMp}u-^V~Fuats9n1ank8Yw>m3n>k?BCZFO!bDX@<|Kuq|OUGcA4`2tULC{
z6Kz|JSl@NHt~F#L5%*xg%5r%x6ETOV3I9jM$Y{6s`Gw_ZzHU!y0i8c)p6Os{a2&B+
z-QOi9;krn{&k)elS@hX3Ez?M_2f-HnzEqSLWCjRPaN==Fl22eSj(F<Kz7kY3JkUSd
zv%t7!iAv`b?7c$xE?RMi+T3%QfEi68?a*Y|3r^H7plK%%@eF-sq@W3+1Qz_fiDsTu
zC=J3lI3|u!g=xVBEez8tx)a8VZ%e7Q^Ek9@-0628f4mC2;9E~ZoIn*0ixx7mi>@M}
zweS1=_~N446-iHA!cxT;D3Ytf0JjQnb%zNP^?E%I=IZ?R^U2xe`05E*DDG;O^9Pzt
zGo0&_AD_f1wNjO30X17LdFK0$C#Rn;KAwJG?JQF!GsL=QuV^h}FbOZ!y`7JueFl0u
zYS*3RLU^z@f4up8`SI-2#kmK3B?R4h`azm#;RD`%l#6DsyhqwX@B|FQ7^&Bx$#*Z_
zz3zFCKMIx#i>@KP<^!7+hAriMVL*Ese*Kr<v%}tCfbX`If;||w({?S^*XK7MKV6@m
z@0P=iQ|$Z}4P(2S@x(GOEB0>k9uD#3{QC0aRb^XONKswoQ&l7}`X@4;K+w98_rl}h
zd-z|jFUFVS+s{{%>yM`uzz$mv`<*fii_UwCk44R*NV246clLEi>{L1dXPFnNkzOp^
zVNou-%1-%y&>IeWeWvoVbxa=)d;Neyv-13R0{p8wTi?FxFf4y~H+k=&oqz!>mO9D>
za8~(>aWufY*gte2s8}L09^G+!hXsx%uRXEOPEJ36{NeoidVF?X8;Guonu-6y3To`t
z$?1iDZLc(*Po)8ky=4^i%Q1NW@yDz4>-Dh(3UT(5ndf{-PMUBZYxZG$_VST#&Tl`A
z&t5pvr>`986OHu51rA(&Hv+fnFSQ2``a*+K_+H-PU~BUC!7jAfWeDYo!}ZDaNVP~^
zn3ZdK`rY-%kGGYdCb!oobbeq8QR5UKsYX|?bYzmQx)=FFE{)KQvw^lZ(Db8kS<dU)
zkyoZn<uP(5w7spkw5!>kFwq_k){9vz^Ivhk8{XVR@U%-WFNCTzP8FJ=Uf{+yDrb4A
z(A^)ToNx$mE#Txzp~2Lg3a1iIJy#Lv?cm|x)xm`|6%jA&BfpU0&($as52i?I^MY7I
zS`5!^qK6b*>@$@E3nVeuMS@Yq9uE4*31X=<+H%X8^?p5$;MaJL|NeIVU-fq4Sq?RH
zsL^NI<lKn)s)c{w(4Y3CB3FK`zz^*cd~Pw8hkrZfyj0i+dVTVV303>`woCr_DfQDE
zfgYj~M8tkT&%wI<-{N<Ax>8Xp>t1>%-`}uzfBblQHAbhL(g|;eT`A*zUBODtWEzqG
zXd+Nnvi-fg1Gu~biw&oY;9408hqbrN$<N@$SB}MAec|@E9$AjRyoTpda9E|9Ik~}4
zZK{;LH#d6t(nP~2*IuO)6+^I*y+cYr6R_NiytU&3q-OLB{jC>}J;jC9UJO0ot;Kwa
zwur(gRLxzfSX=}6iq(e@(svR9+h2r?b1v`*!7Y_mgv=(SFkR6#-j_FbGW(R~f=3J7
zN1;gyl`R5XoFJgE$iNF*8p#v+bKr)A=VMp1r7%3^hWDIyN__uT+sQk~u)b?Muf7q!
za?@?taCWny^K0V{x4X`riLG`X?cYf*mposcV5*Doqk97(ENz6DP6p29*oW_o&qj>=
z`up96|Hu7@7C({l)V!z*x>J5d7j%z(LAOGS{Djg7xqL=jkING|<x?Ids)*M%27WuW
z-`II|*_v*Ivgeei@q>)bg0jT`GpI5nm-1)9Zciuh4t+YC1i8z=-^TLvEqs2#-VGWv
z;4CQT9ypE#se~pfCTrRG*)4l@&htbHZP=N}cy5Z^;&m&R;x#ym7V`z1+;&x?h{<5O
z9_uy)rj;7rUdw;F#QD@owLW2)&T@`{u=aSp0uP-m7xeIgy~9rP-Mj18&70g_0+EsT
z_7Zsa?i$DzDJ#{$xp6Y11v0^eO4DgxS&h>4kEst6l?rxsa(i&JcXe`mbigS8O)KT*
z;OOz_fb!GSXLtSn^zCqP*rn+B*seyZljk?WcXGbCiFhK$lZZ!<;}6(4WHpiNVlu;T
zOGxaea_|Rb+IDM|E_^*O|GBo1I3zVbBr+Fq5tVi=`vOIl>r3U*at>*1pDEfxu8&9~
zp6S9zCPX~XS52wDdaXrm9(4lQF-xq=nV1sg#y7OGMi)aC2Bzv(HBeR82VHBwX%|^m
zj3t6=QHHUk;(-LLKd_jX7WBA|iX2|AL~zTFQ-%P`nv0mlg2x@kA@rqekjdzdJT76F
zGXgkbgG24GfaSBI+&xbiHxz#gk*f#@)&($gztR-oU)T1-nc#6EQ!!#yxRzH{h4Jro
zE=(@*p$33FVKXih9fC9Y3Vm5dY^WR7BBLuHTn{pWJhde2-8L?Z3%xDX0a~OG;q)Qr
zrjSMznw?xv8e#gt-4SaGv*@q+^uPNsX-(%@9YsjeKuHiKtSj*k|IEa4Dq>Bmdm2Vm
zK`(6Gs*A7~L9^zYw>D=tfj}`%C{f}(NHmyMXKHye7t2t|8Ze%?G>~QbgYhJErK^lk
z0}1?;rK)B2pmm0fU*%|G^q1gpfooy>?R776@Cmn60ZuXZ`6r17x|iHXq16)^vD51_
z-Lq>$O1VkG)B2TyS0ts5fO|f(tv2vOXnM?r0apjitt1gdnQRFUT)6&p;_O+u7iAPr
zuE4&bYY;<=2IcOd9_1Kruh5rX#kZ}tHn)VG)2Cpc0GLsPb0`2Jr#+YVaLjp3I;Oy9
z&c5vwS=P#yrZ|&2QuiWXd)6RE>+<#!=wzV<DoxXvjZZHpY?kx653lZ~sOZl{mO%PP
zg`A;}oM~8^X*Pod%!N^4fN$9PKA^}4&{*jlbg?)CQfn+k%D#9&U+n7AV0dd+d)dzb
zP{fQ>Jv;2nG@JEurOX$cIT^IT%#EpaA?OLMcW^PRdGlq;dm@i#6qgxG4O0oQ>o93{
zH4~2+I$47hfvv&DMyL^_X*Qeb5P6E}beYNG5Oef!@Y=03u-D-y|Gc~TKQR|SlHG-t
zCN<A#a;$6!mcrG-Y>V!pUt2hf@rdo|mEN1_y=gY9AMq>~-Qe<5GYHOSOP*19U=Qyg
znc5?S`TTas%FGG~Uz`@`n~n?+v&>8yt$OJ6>@t#G@=R|PFZz5qP>l@y5g4qrSWZO_
z6G-XhO(9~2f!jwtrsvDy@L>4%?H4>7i%Xte@<()){A(d+8xTXCx)ioKkM3NwE2tZv
z#5^*$(O(&Fx6@LUcB{zas5F6%$PbT(gM$M^{v=%m$m0fwcShX9EnA5mhfp3oJY{g}
zW2VTwd|EZf+Ovty(Qqf;J5GtQI9GuwB#3d&RYnb+MzDSeDQWoX2a(4zGEGp(sqY?J
zJPXf~OEkfO56^V}%JqJ3r5&$R-Kog7DjqY(>ezDyxFu6}dX5ec_mBSCJMrq|c8jBu
za`QJjC_>H`Q~SsBINGMa2+IoK!O{L(IB8AT>#fhZeYhOz_OI$yxy6PGHj;BXaOcE6
zGp{mm!Nd=*dtWtk1m`e=i9Zbov1?xDS)#Z(ItZ8A@)cbzf3`Opcugk>qh~TmPf<GR
z;QQDkU0~ow7ON=8OSC7_Jq^U&BQ5Qom}av*3wCdPLHoUae|TtDbjh=`Rmzt#x{*JN
zYx{O@ToCj$R5Qls^IV|!CrrZKm8mj5GrLBdf8dFXy^odUc2kv#4olQShb=`6DVJ%b
zZ4Ux<QjRd9X3aR6RR%dQtkCQw=0<!VnTCbIBd|u5?~M)y9+OZ%V(mlSULO;Ac>7+>
z5<b_=<Z?b2^`RhkLt9j6_XD7r%qcP(mFv|^4TQjZ3wFfXJW2fU=pEp)^12!d&LC~y
zEc`T{xI34wQ&*+If8UC6BHKsvp0*!fyT^qLd*caPa{W^wavqC7AjkAfYr79nz|H46
zJ$q4Yfm66hm=>MtEjWWNXtMMItdk(=dM%oja4j&98MNWi9eZWp#@9?aD9H)~s8ueQ
zu$`=!l&m0>hXkEhFtOK6&b%~521#EVLmE{5CEVDhTu^Bixr9_2$hlehLI&9>0oZhv
zajjV@43%Rcwhu7&Qf9-W;E8QpUWhr5R%EdGwls&LCuI(?+sXCEKl~9ZDF8E{i$vPj
z9<uL{0i5MUBFdB}K3LW+7S)=e3;C&u8OX}~>}+_R^HuX)5~(Ziv3Ru0Az{t!(GxNI
z;o{_q$#@svvuQSCiJHrZ)&<e~Q~%Flb^v>|m)#zuS=hb8(-l?Jk?Fi)T7UYpozs27
z({}(mxQ&VCXC$M#!);HWG?MP)SEoOmcZdC9zx(#^@Zj|mbR$`}1as-3)YLIF@QE=z
zS_Dro`Y35uKpuP(JvvJl6o`Pm#!SQ(O5JHjd_5fn5!2bw4K%Pv?~B(!+@AiSD!uv~
zA(u`yJy9`>1zdcd--zr<^$h;2dtnwGdw%YuasS&*h8>nnyO_Xa4Gr4`2t`0H!2)Q1
zt=Na`(T@@p-MM7GS+1t;eXrgZ%*g1@DXDnUYfZD+sqH$+)wF6dJ+(&<_7I5Cej=EY
z)~9Nz1jKk}p3q3Y6UNx=w078!C)Zcws}Cda!3Aqm#B=fgw7^m5T{c56p=Mk#H!g`t
zzX%mJUZU=)HY~=RKa1x&l0R~Cg!%r{yYntwKi$)ltCQ<LR__~d<;pU_;SOy-aA~?T
zm3KkY23JWNqCi4NDmF#Oql6b}w16ZSl>n_BcByio0p7WV%v4ckYKYWwDUHw6q-Ja?
z>@6|5ZtXmqT3|0Ll4Nh#9}M?f7UB0Q|Gt=t30{0igwPEmj9@*z8rKWpq%oVywDgmN
zJok{~!)tsX`vXF$9=>bvb=elO{SD&+7lnz{L)t5?OqA?O&e%#7ySXTxrD%WE^AYv@
z)dxm=1189OSEJ|jYK-dq3Puoi0)VE%f_5JFG1jMYZa9#|tV7%#INNh)=|_(Uqu5-r
zB1Ma+lVZHv+P6z!7A-g?Cx$vincXM~m>Em$EGgzP)jc**TFZLoE!G9*+Wnh9=x&rs
z_vb9(X(|%;C#XbZ)P?JeezO-dI-WZ$@XCAUWqo2^CxCY7MGogd1qL%(Y@C{7&wTg|
zq}By&L`-d5))q-gWSyU(i$Sr_xrr7iUsVvmNL1T1M5%`wY49o}W~4|#6)np=wP4mF
zc5TYF)Iq%Eu5LIBcIWjlr4)Fa;Oi$$#}34`E|$X2&2y(}R#})HJAu@~WL%E87M*$@
zfNO;^TyEqgE1++AKF3V`)TS4#Fn$cUj7xs!7sc3rtA|wNdLgs2n#&jPevMLTrOjUa
zg?MC@uSgN^PfmyB!itwEgyw;=&m};qQw$E-m*0_4`+3Umz648+sSPzt6}m~dG<Fne
z8xs?<c2?X;_lbIUXq(vE$jV}%)_b&9jJy|5smT*Hr|U%F2$WC|cU3No<y=+jG!kmY
z-msXjh{17Jm+c5pT<<B=)Iz@y%vC88Oh&lO%qrkTL8Mdj_c9S9ws+6-y}U^4DQHsJ
zOVr%k(e7l%9&+?Lp%;0L?xdFwJ#$Hdd9Ejz%SAp@`4UyDrD#f~Aj-T~Xrq>vnl;9<
zN?_n`=p|YotG>lRpaJMAol#tCWmj%D2t8LDp-*K>z*S}d_*ABzz7$^?0_FkkDF5&n
zU!d|aG(0!K-Y!W$D-wDT*#pPB3|}1kQ@-JiQ-uMmkUijGin<^gnbz2cySn=b^MNI+
z@&vd$Qm|dSnS3tN-Lf-^us9WaJ^H;;KFs|?a!dyRm{&f<c^8?}X7TtmmAES~T)DD*
zd;P<%hSZ}TMo*?$VOoy*aBE`<?YI+UO@%8PjanF3M^#fXfj!rOI{;5{n}7pCmJ3S2
zifH)|Zs^l^!DG29n7YJ-Uk_x*3zu3m2#44yaU9t(y45`U&HMFEtQ-qzQ7BP&Tg#Ll
zM4G8m_0WJY*}^>*kbj~?<mm(R08s&ULwd@V$OLxDigDEfwiniA5Seb4+1~o>w;B7H
zd!e)w)0#HpWVf0f=1k_7^?>=t3*^REmBI{*E(X?1n)cNVg&)Y0;?sn)O0X?jV9H=y
z{M!ZF4*Hj}RW;zCrt0$c6J>#qE$`xVj6e>@4N%q|FF1pj@a65N_bNZV8lO_LiqPam
z>5}dX^}uF;FX*@CJfGV8CsIj5wngI6R1_7tCxXxCy3=Habc+9adegpce`(qF(D1`)
zpnk3AHElKy5T=y=!hUH$nCf;ug&Br2VJ0;ym+ZY6BDKs4Q>wc`QgY+AcHj<Ja9~X^
zDG093Zo|BGDZ5(r&82i}peraz5B`Ey@Gde|r1&nE6+4}C4!kV4>ixf+T`^z&AtdP~
zf836$<aQ?0s-p_rrsC0Z$20KuAuYZstrTm^dbqU9n#WcqzeTv^*tc9-RyIjUF$7@+
zz#*Wj!>N^eE#ez^lB_wWnXQ4WIkLo{gBUgG_U$d>f{!q0gp?emSOWQs;U38g;tbj~
zW~}`U#6a$5<7%>GPU5S*{jN+8T{py32$zJ??zc82pIGv2RLN%139{$WPwgHg{q|Zq
zfQLe6hiO6Hp(4qcPYD4MQ6ZDq<;c**G*ZhYcPUhB&iD8X2ZA2xM)+C=>hh_&arpzj
zUJxZcZnf@_ZYq0Y$z)&MYPA=lb6h43<v?4bnC7bvMp5|5;URZCiCY`?N<2m)Gp;Z;
z+JjUoUQ@x39jtZb*A%dT#~;GokRjbE`9>?Af#XdiVgb5!E1*pi72T~(we0$C<u*qL
zWHK0qGJ*!vWVgz@L;2EF9lWcE%WJ196>Ua#HOfy=W<jQ9^K6twp?MvC$;viQcZ-#^
zQ>HAh_0=7xBuGNJ5m;TGuIL@nv@oR-k=G6->47V&9asRt018POoN|E@X;xR){(ty8
zjK6UML#m?}F0K`98tG<Nq9WQ*xgAoMlofW+QHyeLR8-XTwk-uuHRP=3hH(f|7KUk`
zFqZ=_gQ+ZpHZGT+6J|_Uvlq$K+6gR%F?(hELWis{r2c2)$^C&V8T-29f}5&s@*>s5
z5YRJ08X&tHyrW*n>+#X1Q%TMj3uE7TXLEo#F8I9#$wA3M72PcdM)W8zyaKKKF2|pR
zjPOXL1~dxkStc3<UeH#>=T1CkBA4LS>5YsfN9JLw8F)ckKE>-lOLmRG_nbV1QwmOV
z)c^ry`4R<7U?Dn-bD5qH{3+W6sO|H~TIeuqtWHSZJ78j^K_RCdR%UyUNgVM!MhSC=
z^3{^-J{kzZA`X`SnhL<*-iPpvfb%C-nD45r*CMVMANDgC^32gFObPg2<&h|vz;1<*
z9&K?iQoFx=X*@RxUbP_FJ4nPWC?&l%XlP_vK$Ux==+xupApJ6!lZ1ef;sSDt?YPT%
zOva7(@cG()4R#9TdoLr7(Kw4CLgitiY<>Q4m&MvzJJk5nA3X2rzrG>8B1^hT^h=)K
z!G^^1;HouSu+YPWcwO@Rj+USTFwkaHij;d#c9}YcO;*xsS4{4HxbNTU3YexL8%m=4
z(O#9itHUykLMgP*e^cq?<Nusd^tIc84I_9XPQ#}f=Uc0fUO{lPNBsr8gh4R`=ahra
z{yuD@)X7(eAlLmw<oHIO^Jqbt#+-rzo?A%a?6MC9Y2!h!NqjumR7UL7xrtNMsgI*k
zn4kgWZI3aI3;!H_MF|4v;^fAhJDzkc8MeJM4*NJ5rr&>I-GItK*lqJjgFXzEyV?w-
zBIr6A^+`iO(;m3L3A16p+I-Njb$C;4KRB$mKdiSuthMjAL|N^-c`pX#z^#A?Z5qD-
z1zdJ-^m&0R(q$f>u88fTt@%p=M7$V_NuqAfZhoZ*k;a+Uf<>x1=D%sING}K$ak)Sc
z&(au7acZ6<b`^{f%M3)AC5LRTEVsKi0s{w^b~%DM>7FZ&5(m2fpGB@Zq!cr#fQtpE
zFi(_`?eC@fVQ{EhGKB}_)L$oSC4T5W$9BQJQ?vV3IkGaO2@|$EVU&s}Ked(2<{{~F
zG@(HK9A3$j08yRiJXxJrkZ%ZyV6}i0$T(mP-Lo1RHBV}15WMkjHe?~jBm;4W#e%A{
zLOUz$&vTv@3C|sx9p((G<?S70h;$Ybhk;Xd;ySkJ=fF2L3~TFR7`;cL&0eV-vOMP^
z#_CdG^UG@Ma;E@0g?<wlW~=bk0jsFvB5yBl@Pka*n9w5mE>g=d65A+%h0I!7#&4P;
zPuYI|Eq)bw4yi(7;cR|TA4T3{!BRXHDO*4YDDF7G^E+_wsF)U=mw&DvSN8ukDx&ab
zE47W?;u1Q#7bsCaTPFH5n^e2j1A^`CkeRXw0}7OM1j^F@P$mRqEv6H&xOf*P)pTir
z$_)X0HWvAH6~~<?g>CF=tC8PgxRH1o?^)i^XWh&wtt`20I5LpAu3F@o<PPvtS;KQe
zh>X~uc9W^h__ExOyB)R*^&-}OC6K+TFuYfZst>=eeSmxey}43zuvIO0*Yy<JDl^>a
zUV9S2KN9B|TpK;R|9U3TfBJI|yFj%M(g@H6a^pYvckP=Y_igYReZyznp80R}v<G*_
zrnlS`VscxxzHm=I&(*tty6ROLx$}dTOnzrs-5g?zEAxY+HC_3^?Qyf+DTQNg);%mq
z;3FPMevCU6m{gjHExAmIxpr24bU|P+MD;eaC$l@PolFMqJoaAq2~A7QmamtcG<L0D
zghAy6<{Aa7NEP9j&zxT&IPK4}c|)3CC;1S<7w>}mg_7{QdKu2OX+x&rry;GE->6Li
z616@J1J7$1LH<+*sI_pH^_DfugV$)-TXN!5N-~9P5`ukqdpq&ZjY}lkh^XswMQ~8f
z`>SIb;CZthqF;gL=6qV4u}p#`gIxX_v0|@$PP0G-GUyEt{^_+(6;J{7S3!C_d76&Z
zwp*bT1Q|Solk}+$aucRm0EJ|b4zq^SODaw@)Iacb4=NWGn9M99LC7<nZ;Db5Pp8{g
z!5Rf2stff{O$g+jsGQkIVot&`BTOZEM6f?@g4>fsM|Xj)-^I*FXHj8T`+Bq~Qm73~
zUHd{sJZbl~q$3o+5NYIN&@BBZy+l`LdT+-~txFT``m(RgPx}@>xsnou5Ii2=SzeyX
zyZbV{bvF{r@Kc*n(>8L!L6(pp;g(!>prdyI!72>1L8u!ml5IXiuw@%SAwxg+Z+Y$B
zcZkum3qM}aZ+KC??Z55Q*r6{P)m`ykGi&n1`b_cJ1f@_IMI1sUKAp4{Upod`s&IgY
z8a6v@bMcu?EnLx@5xbLV+@%C}<XIC8VIN$|5_K{e*Yyse{e*HyL6ujTmZb)N1^vU*
zlHdoA?%!A#bipn>x)W*4Tq`mafYp=e_v*v>q&qks3|_C15(-Xdnd@ARd{X|{JnqTG
z<jNDJ++u+)6(sUtupaior6O&YWeN6%9kfLOA2a9;8l4n;^qs2-{w2Wsi<@hwY5{}p
z4^l5&DIXj!%u1^u-&^Fh&z2%)A!J@1AfQZ=)x)tsf9QjvgW4v+X2I>WP?;{nD00Xf
z>s&?cFF*oRS5Uo2P0mZPz%={LS3%`+ZVv)vhuPI^JaJZ5i|XTSc2z8IZFdoWr!pPX
zY50}jxgcL~FnzZVz<id1b#wc-ZiB~4%~+3g`Vu@h&f>#<|9g;*zBGhwf8%HK*+-ME
zJ7f{pM9#39`iG#Um$#@#=uqT6Tz2gRxJ#01EF$nn;8CP<XHd+b!drx44G6wh&arp*
z7Km^^*sF}~0;VYFhfsj}qoo&Au#UTy*1NEXyKqi+E8??|(32+*e5IMnSt{;D9@bn9
zNACnmJtyxv$=}ZRH>#-!@4YRw72%!yzffcGo983{&dY7Z%dMrDoAD%>^5~Aa+`clA
zX2rBh3h%w^9rPc~XDU5|k;ttbD;pIFoMk9Q19p#?(#=!Kw7S1DyLiKLfllb)SF9in
zEczB@B2QL5b|VCfRaE%=YXBt{hRXzW0EAQN5$tyQC<qSSnDGM>6-t%rJq+Ib9OPxy
zdpkhzE>6<<ApGI>2Il^rC`PA4q*1=gT(!zt9-&lc9I|OT>7{J_6npF1Ff1M0W2ZPr
zx|n6AMP%>g2bqg`!E<0pQAYsZYKWABqC<R<yWBF0{?|E~cy^t9gzUf4WJONe5bI*;
z9?SxiZ)N@KwnwS$a@Lg7c`}sgN12Ncwj-OUcsNn9&*DnbH~x7^NzAJ=e75rw(&zZ>
z+HcV<;6yUc!HuU>Yhqy+%n8F1rS1v{Le0g}GDSe)Fq^Dn5KyG>iWuC{MVg8v2u&!{
zY51fZ?hEC>!vSC#_7|7d5_}gEOut4>q}PDZm5QAckrY8*IM_L(^_S0u)Ijh~5Frw9
zm-MOyqJ?GBOEU)Ia3@w6iFYSf!OJ+Ih?O!(hQI}5xrkSne=scDC``2Hc6|ftjc6KP
z^6A0pu!!}Xded22yiVMX(XHa{liJS63Bgq(C7_rq*`2Lw*4FmgE_RfLSX`0!st-7~
ze3s$4FF;a;ld-AW(5Z-o)*OTKEUet=&ixwvh|ued&Lw%@cy9$7WjwK$O$e$-l~~2S
zRE0*2D@ZtxNj@|1+H=EVk?@sA;hG?oiGtgQ%XNC-&?PBxN0aW${rVAqEcda$f!3~x
z+KWdbQ=vuPB?i=`Q=!BlrSBS*=Yk}bwrTkYtShsu?54x3MC2N{0`t8P8BgpriuY>|
zTq*is4WWg`akBL;Bi7d~mq_G0s3Uf|5D<{F<_<zJJNNb_r;=k4we=aFToPLcvg$fS
zPaA%s+6kMiplgL68VsR?nLQqA#=@*)uGT`32gO}<F2_)r72`AcCeSHrcth{rYGOf2
zvU@^h_5EATDvcW`uvVz!JmK2N$TP!b8s}H%SL4_9LJG}KJeDDWr1~c@&+IXA#UY*Q
z;rw)Hg^d;?FX8jkAvFc3w;v=wnT+d+CeXifJVB3WRFHar5DCj4G&MVav{%J=qMOx6
z7B_TGu!om2iy?q>QhnKvXZ~9q4B}s|Gv1DtB+>9>GIp+#bQ4mX(_9CxjCej%@sO;1
z@Yea&7*lG?TgduV*5mh1TXt!iL)wazLqZ;cgU8QuEq&dtox#TVEXL+hB{Ix$0Hs37
z*eUo?jDmqY_R|$TWfbAg(>Xl$(5OtcVEEkYPHHnDkDdy0|IwDJSB+}N5a_r)YTFIc
z2^*l2plc<D_Ne{;1^(J1{+ITD;VjpPJELp?<C9C4D+=j%TBVaHf&#;&wo`@~NTy6d
zrRebL9GpoH0sGSBgn7_`Ohb<^lISFc+7RAz24r3wmE)*P&M4v===+^Wh`LsWXh;*o
zAM_qy@}E`O6?a&v+u_!I5YvTHca|IC%WIX0aFySqI}Wfm#WWR$jn8x_#K$s%&^P=E
z+mH{UBK=NT$jhlyQt{w6^$r^^?d8N%s8uCK$Rv8ZCcLDAM+>i{11El-!eNE&!%J5#
z!qM%;GSu36e`^+tEKw^F1E;Z41%+5p7`@9p?j~Ya95$-o-hMlG0J`&m+YtCouI`$>
zf-rfX;h<9O1qU0SX{0uktX`)-oU&JUzrTO|cl!St^tZ?V$ptw1@dj@Au_MGbD^l--
zG~a%G9Mx;s37?K_E#|e%)TaHlK^#D1K@OMl{nmv#yOjSBB;~%Ak<dZn#!$o2YXC)0
z_55xvJmCYl!Bqn{<}wxA*V}oD;p?>)Rc0{=+qpfRuu1?FRn|ucU=ea+DqQLdQ8uTm
z8{4`;(8PND_RVp<9EDfq&15bfc#`y5_Rsh9S7Z4D@&$EO8=$)j*mfkZ#?h^l2}<=_
ztZGDezi+iIs<m`b19tJQh5x#Ex5i`o7Mu7#m)eF}CR3_bn09le3`=!Mcy}Dgs5aI{
zD$gNPWD}!AoL&w5F-=y@Y@I6wZF^@b4s*H!2P6^!@x(-xDH<<n3|~ijqT<uCW4NV)
zv|J*m1h2wn6L%UY%nn{<l|fy-z_j5e(LKwT^icox`zTlG|54Kp#gYb=49MP4)@uyT
z&?)u_Z=*``BP%2(JO@6rwZmTJ;<d|p4w0(?`ndajQj{f63sjWbHgf@rKe^=dr|Swn
z=TGD!hMmhxE;6O1fg~60p9;R}N#%1F;lL;|8$KVg_I<xM?Dg@NSk8sEoV8x?;o;F}
zaC96W@6Y15v*GNx-#?D0`_tq2FpA>+H_>qV=5RmmAHO{o1Mwz`-_FFF<Js}xs2?31
z9t$x$n6;hodq#lEr0hkKI1^fXJiAh60v0UO4$M9(wLBas1Ii?3k+Q<J-D`hQQz}W1
zYeajn#h5V(bw9Da-^*0$g*{Azw|#FdZE#IAigr?$2xZ|zX?qo4gpP?%x+RkQQG-Mk
z_?X>WJdNExYgHW;fjECrQ}3}zTR0r|3RSR)Q$_o1B^;``;kB1KO9Kc8T&5JIvb~2E
z?s%EbyW(ELf!zZ*U7p6>a`-(<?-H5t-4DbYM+GdlfjWanlk*?&@2z@43YmIW{ISx1
zHnX(GG$jPVQki}RO5)no?_auJARn>ikw{j0y{_SSeg{BKNR@RllQ)h>F?`xy8qN|A
zWmK3E%Pg@s#vZnO-D>h*g)!e1vzf@5mOpz{Wwd~NgARWvYmZSzLPFUT%+XDi30$JQ
zGT(%cgcb&4jD9LaA#jLNMIT1yIFMySyy#(wf3rW{$e&RN^1If%QCPfE!)A$k(BZWX
zwbY`8=sEXyn8iW=_z;0l)-BSMjgbvHY`??ablBjq!}bRqcC_DNgW;PF8y+5Z*x_K%
zVT1l~zeDYZ{ew3h0Nr742gmm7(f-^04%;8TIeOE9q6mlOjF9H1JmV4UptkK<PL1$i
z3X{u7*HXT%iIkg-OH=!LV%gu-9zomNp?ie>#^eSr-L1V0bFmO9<P)nJzW7uXriL42
zKgWM=@#gqE&QH6G>M|l#%{&!A5CPQ#>^MxZXPFfMUCzd_@=jsx>>THhkdchgY&jFA
zJBR*<E{jt=`l%54>YveH<mBY!B>bGKEcnwz;a_$W27k(E8Gf}(RvG_~ssOv84(+?O
ziF?J_LL^IedNHm~q1&}5idYu6Ff^~<xBsJQIvqQSj)}64MYv<p>{#Ufs~y1hSJZ#6
zE3n0*Wm2J7Q+2b-lzq%Zdg+i?`I4K^@)dl2!UNN@_~pw-LjX$%dP;2sgtU>W8d?71
zBMgHzp)K3-+Er8u(Cx)dk6Jd^<`~-vGi*Hv0e^8LH<*EL8f`xzk7^%tuyYYF`CZeP
zy<mj#EKGf2L3tQZ4H%uC${ylTYAE|l6<)~#<k6jSEshSDNF!w*pUL^9*OfhmQe_hB
zCJO}rNsHR}q0o>2SvcPgD@%r7g3X;+ts`@883uNCb%V|~<ue`90JA`tT@CI>WhJ9v
zAxzHCQuLZ3mSb&@(p~SDjWf<p9GLZ?${oJEy|~$S>n(#r#>)C|?tQmh4~fp2(p7@@
zkF)#`^vmjcq1%Qge?{G^z<+PgB_-*%QfdITRurV{Q_nS0%k^gaN?m&{p12MeN+9m=
z)IY5q_%hRC?aZH^SSsD~M1l<l=UWx`_?+AQSe?&!hKp3X0h0xu<n%PS3|uh^$7dni
zRRIS@=T1*bFZO2-cZI&_@blkw3Y@1VUu{8x5EPuWi1(u01WpZ`S>h@q<5UICZVrE(
zG{kJtr%PlxD{fZgsCQFoQA-;+$<<Prg($Rr=%CDKuT|M=fu0te!(DU8z(;d%`S;4M
z6+tR66O;gaS<}Yfriq&FExAnh1adk}t-4Vj?-8>t(|Ipaxlr1U^O?v(A9ZiVm&xm=
z-^Gg1%VSuS8trh6s7EapuX%;HfYTI-N5KA~rht-z6j+BELAmz96~Au8(^1Z|3eU@&
z4+R?F27O)WeJx<BP;CH{F!(F=DP(frEx1;@<YZm-&vV~Ce_jg1KbL~{=S;<)t*HLl
zM^xf}2C{|IWK&Ew;Qq@+mT**Xj@bYEAA^#lA(#FXKi|~0+x2&Q{&fUFieCq0@i$G#
zm4#1M6<m3|u9Sf)0U{*>qU{99ngdT`=jc!Dcsc7t<7hn>7kP6hvmZomd3L)&h<)dD
zsTbNGY~QsSGx{OtGoEr5bG?`<p2w66p`85=n^PMrAV@F>h0T4%G4B%!&j9d5t*5UP
z0=#Dhif**vxzT$j7Xq&j`hgnlXc>!$=TK;)93Its{?E}<7e#`5jsSl4y|&wAp`voV
zvG;v0cLogigC&DKneB~t20B2b@{z^LPTVQMUFKpGFerzy=T@r0H`s+7z-oEjNg%UL
z>PCfJ#5@A&Nn24H92#YcvJ&K>N8P0rrd%;4&~9K}7Tb5!+CXl*+zrJf!!bWyUoa2|
z*{cudx3A0W;JQ366=^y26|N$Hzcf{~bYH6Y;D1G){F@!W+T1s45{g~Ms|~_%6~l@^
zjOdo~upP4fOk<05&tX~ZQsTb$7Oqpe&`|DcraDaY=DiNfxYiFUCnw7(*D}KTv}9oU
zYb}5l`8b`a-}nL$mbC?F!W{#lbWQGdnbU$;DNVXm^)T|kq{@`ma;N-9L_~}cdn5J*
zI(>mV_Dd|%)fc!R!0nq-kz#~|GK)$*XCs%QL)l?d;k?A@gonatZN;0``l;1!TJLhj
z8wlk7Luxd90PR-JBZ0o-Pqlzl%NrV;@@OHt<d0ak30i;EetY3gduFc@eR@C)+tW|G
zQ%<l`nMw(n_ETM`-n9Mf?irOk&VBjcxATAy8+Oe}VHPTvKbP_O>un(DwY#C^Z*zay
zDgVA*LAlc~jS?zu7TQ{Oe0Im5dELLaZFV*IJl=`bukfPOu)zO#CZQ(9Z}dR{oO_65
zwTDBz;-qkrhQYa{f2-M+Jb&m+GA677)E*rS4-VR{Bn)JhwFuiKA{bV#S#=oKVOc4&
z;8=~M<Tr63Dl7(KfCUZt*5C{2^+s+?H;Er9%#9#X99RZHtMCk_sVY*;ynJNEm@osg
z&=z&PQ}UX^0zr(k`=f7FloqNT5uQ}|9SqGydY7t)ltuGg6&aJUUiUh6B`5Wr%syfJ
z(+{@!_>APmOo;quW9Fer=y)^{Wh$c}e9>DoF`$fMY#@688p%;^#Kk$-x1?)Q(J6um
z?cVk=FN$&F(6BB&M2RU?0o#aZ2LmbLMF|Why~_634aUY1Q6qrE*^Ltn7-Zum;fP{N
zj3Ut?P!CrCV?dn0XvW5db{c`3x)NLwPpXl@^v4+tF!JA^rT4@}&2H#I=nr8lu=0dv
z_dqEO`HMp;fU9*`u?x-BM&UNb(n=QCLe3Y-ip5e#s>s2mmkP+yoGDQM-bGGRuDeV@
zDKWb-{GvJm&xPJuNscXr;W0PdWxC!z*t8lgQ!P)9MNfccp&GgLdZHk#!l=qCa#9%8
z^<GC!s@`?gey5g2qjXwgrzbG23J$dQEhO?FTQ=AN0vkYhNruS)#xugg!-KW!csp9<
zo+f}!u`>;7N|n{yJS3iFxyo{Br$NRgDD}B!AFRBIl!?@ikA7lsxo#%udWO#u6ug2X
z&*M-!egFz?7~k1PGBEOhUr6(UbxU8LW>~z*P0h|C^gpXT^W}e={nDl@AJ1g@QObiJ
zvS;hiTsc3Fy2uSW)90f#)Zr_I7UUIb{38a3HSb{rFai>Xi}%49%&Kz&%ZxOuAa8E!
zs{%R-{6LM$2(m%{_^`4y$kWfe5BULd5x671%Eg@LabhnLG@HoW-U`yy%Hl@6E-3^x
zkEr0EqYTuG!DVd2IZ0(g2~$$=-YIgZr}!5&^}+@Pgp`2CX#ecEeE-7A4qd%a2Koig
z;uXTzjM$oS<3WZSpt{h$N$8-nlyM5_PRM$Ml{aDz<|J`%AD@{ja<gDdm6`=ry;-G(
zKSG@w4|E%^G<(4&ipTI1CHmESmWtiKsHxuDagLf@9D#tlUq`InXMHwczuP-tzbl#0
zKM}KCsx2*XE^)_>wJt<{EoLDP4Ghkxva@?q1r6?G8vFDh2qO4ONgsGuR=;#BM~UHA
z+&G|u+T`e3_6c|U+5{>(?c4HsZ14zxnBW}pOIx`Fx>da;zMZc`)lmIX4~dQb5ij#Y
z*wQOv8!v>KN5og*vB?i&oAIkY5Z}xLVw3;FxAcD4;QNqUwql)itS}vAB1bwUPU5t$
z|LZDOR&!*!R!PDFcR2)@saV&zCcqvU+$GOI4eV;MSYY--`dFBWir1Z`5Of!264W~f
z2XKn=E`7m&p_!%b6aKVU_#(i}Z5nb8AM^%Cz5Q}0g-yHYE>7R-zT-17J?e{D{O0J5
z=!-XRkM{ZT!O`2}*#UnWPY;iHpGVP~Xb=yl`~5eu5JyJ`!=c!Zqv0X%zda80$7|l>
z&-jnCFbT`%Vv^xpoTGPGPO@@YhVH9bA|tM$BvT_Sd~ugvYv+25*q{VhaZ~o)GZ&}s
z-Id*hReVzWiTNB5XHa<g#(Qj!@q)yk&mTopxI827zb-Q>Q;C|dK$+5<7$#^>X1W`y
zR#P==v!;wR<$rf?b(d$^sLbt0B$xo}jc72PL8*mErP}1+uU@5$BaG{C1MN@C=KexL
z-_0d|ytxw(CC$UmsQRKms%ggee#XM?u8TeKpHj_@)HA59HezS$N*Tu|wt_vPVxR73
z-6x;g{UQf^ga)yvsfxwk4mkPKqQC(5hx#f#l^E!kMil(wDQ$`=Xo@OeYY_sKa~D)$
z_LcC6`-f-cJiV_0dYS(|4YRcuKeor0XJa<%=N+bM7nHpTHUWDwrez(@MLpT}M8#)P
z=LP6`-xcv3>d0aEr|VR2P+<p2SI_{*x7vEQl)S#hc`x<=^<G`RuiAE>d^joT^>Z&M
zy2Hp6a+_cZ$h}PDkw^`nV=@ZM9YAO=X=-zUZV4__tfq?ro(GhYOaAyN^%`2ARn56H
zT7mpawap0J=D#?>Sf(e{FTcXnDXq&hQ>S`|P}rs@@pXvSCNZcAA6YI{Zl6G`#S)~!
zS-bUJQ^*{M>2<<HIDsR&i&Io7o98?dEEBm@aR3&XNp@CyrGuUyY{v=oqd2k(?v?X|
z{GTN$H)4+1;%_(flRF@|7M9hN=^Qh8IOZ(;Ei`CV7baNH4NKY7=ZQtwbdd&8T8(j9
zTXiqPwKfNAH4)UlJK(ehJ42;LJQ{cR+|ci*__HI`On*Re{OIs-f4Bi|$#OSB*Ug}@
zdj7{WSzRk--pfQ_;<pMnniuJbzEY`evi{+d7I}yo{k(=UV-e3V{6~s_kBW1ZRe86Q
zi;E4Dbn&-qF-Wyq4%iouA*5ncGvBxFS&YIED$P62_0B0aCQRkbrCsk;cDiq}HX=rf
z;Bog!0(DrHp$t2#!%ltafc?R6KQMwos>zC-&!=JJDa9Y*X@U1qrsX>yX5*qAi%=}g
z>P<5t)GO9R*BtR`9}Eu;gDy|mM3A_6|0LBMlDBoSV%_7suB53sHs6U=#$|4aNnQlV
z4^$NmURRG{Ww#eM9ttnaLZnvq_0@;gGS3AXDQ7#A8qPq7O%Q$^==SXryQpX;*Tc92
zfbhb5{R&Xxe@WEN#>M{|#_UvZ`nC}}&3k`K1!Yq}*SaB$m{fZ%8xA9Z2q3(YVua=Z
zjB)X?D|nRzbU^?olW{<V4N)my7km?9xH<IZ<$*U}A9e#lMQd~WR_8HX{ol}O{B1?h
zRdD)M;^)K*w8y1lH=zELfpg+zs^d)qY>t?7i2J12mUxt+gfb@CBjFBnDRu-$gDPn)
zvqV7JVV<iZ^=<}qAyzDExnNO|=OQ)9iY<5^<2rgvxCQ;YUU<!wVc|iO4e7`#dE54~
zB1!g!Z{PHfcVeldLTjng&-q~g&EU=P@bKU$yc<-`K74=9&bZ-O!c)P17@~VcnR=S8
zCB(`K>0M-dd-^`=)jdD(KWIy$Ss^#f%dtgYUpeVa@&v4ssxS>}hkh#ymng<%nJTj(
zWP*IWo%8-H(VO>Jd%v&SbXa1^lUp3&Thw}b$D=zno0WEHz{cdOhIgbHeVMX|V+za}
zmkHFzUc(wdz69;(%749*sd>#V`D0K51Cus{HI}E48-XMSO+n^UF;lr<Q$aBkl}N@N
z$2h#oMDEHuzor=t`hA*@g@uV1E<}3CAHT&?{OE*@OypfxU>fIShoi~3d>Au~nnDjC
z`}pOQ^Zs7s&R@vxL`uF$dlEQg%(M0ijPe|wQC$|WmMN8cg%Yi9=Iw!B%5v&wcF46w
z4df7~F@YSwZ*?^R6Wn!c+P}ZGpIkYKvLKI(xm=cc2x>}KDpgUYipJt(POZKdW|Sxa
zJ{jobQxF^l%;S2fX%$&VU>|r{e<)rOPRd^C=G*<Z5Jma~>$-I$X}9{8u0@nKE5Tm?
zu{pMsZ5<W5DK4~PLtNF9gq0;hu#!U%WGo&tIPFk}H;n^u^_>%J=5P}QA#xQqY@;r)
zA-J=-{Z~Y~)~KB~g?4^3<i0lgw1(uyDAc*ibb~iO{NAi~e!_*YR5?R;(g*o8hYg_U
zx_NuNkC#-It638|@Zni}*239Jgb)B>6gtB<z~jyt9XOAL(q;>o&(HFxe>7|{R>)E1
z@x?MOJ}F@!!+aXo{ASDfStcmviApQFOM1&epm%8#P~Ii~H78~I0l-DB<0~io%;vGk
zL>h}UlA$~1*iew)tVryG#=VC%PjbQI6-dcceLir2%}WQ^#66HJRj|Jl0cjysYl#@X
z3O=i=Z-#aw59(fWaE9!JQ~Wdz*!EbZ0-Ak+=!_zp=R6h|i}bJ#tW1z@Su*lH{6fDF
z6G}_f?H2OOQ+u$ITclhdoKz4+@d?WOm227|gK|>x6oE!2$CwLgLd9cv%P8l^$~f5_
zC_7e>8n0(qPt{SCy)~L9Y7YqT5r2XF*7c|-if6!@`Tc`_zxLg^kko$eQi|%PAS(0-
zqytsRE+P%-19d}lX~eQINUMtyyh*fA%u#K?AYyt%RN2rdfKuw#o`BNasJoUUq!~!X
ztEiq)q~@E|E#$Xz%nCN`*Xop;mGVxN<v0CrL3j0O{2Nmvmk51JtraPDDvw3EcbwWM
z@Vl#d-fh9pJa2Vf_rTlA2d|J_La?N%&(k{C?+t=T!<xfgU-X5Dj|Xp#4)+fZ2D4bi
z2jWc>Py5G5(>GIb#P_Fh9E<pn594^ye>)iR;hX7T79ENB_;6Z6Zg#nQ*6D5|sq6OE
zGWlB7<XTTOvu0inU_RmN)8Os14aADkdxP0~dpM!>`ziZ3V~M;MsnB|otEp&~Ib9R`
zAWcPZv4rE6?yu#yes3`Rr)T6j%go4U5b$k&6%0r+!AG-Hlh{kqRX3q~W0!{74XpWe
zJ@5LJ*j;nLZ1U>FcL?EEgJYwt7_mXW-(OaKUWz50+(CbMa2b4Y_%;J+hH-RoDdEE`
zw|jr%W#vBqW^bz(-%?^Ij`s)qV)`cHv!jD)zkf7{k7M2!vuVuZ!{g{EIyf54jv_vI
zb2xl+^!E5*IGu@@_um{JMMvNMmhv?Ime-UA`t9y15Av5@R5d``-&8L+r*4e@YYys$
zRH43XS0&4-$bk|vyD#l7_K(nuXG4H!wc@n*HCMB$xQK*%%Dw!BuC0Z9fnRGOf3Z_5
zaq*}L`C5<G8j!!cv;N(kb<@;;Wp~!5XpRDJj!NQrR@!g2j(s3Fe-C{4Umy6emD4nB
zmuEbt%Nw-jz>LTIe~Jh5O^s)(KNRJo=^u&>j=q7b?x5cvgujxfZt(ML?YA0HU*?Cq
z@x5Hvmr!r&yg9S#cCNjj#=lX&-ouipXJTeWPtYo{B2Qd(NjnY8%9KR6C((0x-pXyj
z<J8eLTJUr(V((HRXG~HF_R1Num<GmXWQ4R@3Z{!`*A<Ndqi@b7XyU)@eW|#|g2y0K
zO9M4$hl$4?`?5#$=q`D-hfkoL*{3`ivG!i$33UiIY$p2jq?vouCaGRn1gQtt%7~?N
znLci4Y7*V$5!@(YW~ONEroqzwmE^dPt+Y$V>WT-^nr#>y3j^W9tIw&tatNtw5*;$|
zm2r2T9z2i-$rl8xCG?=uOh!e(+&*{PamgR4JRVhIQH9A0gTImgi!^L5jHV<P#6j5x
zm;CWY{wyx1_6FGiyp#f_Ji05gJ%R!NbOqKsXrM>zFo1PqAiE6CK;%ukXJ@UE)NBfV
zZB|ZzqHc+tiD(tM)Ylq1Jh|U2QctB=-J?P@iJJQ!B8e}#zN-qG;8GL(iBd`MLoBqR
zke%Sydy&U7avVC?1TUmEHQ2lV(WZv&(VyC9*B>X7^RsrReSUrY@w)xz|JtRtu}D|V
z-4UJ7nTjohz)5Z|=uT||OrPvP+kk4qyJcxS`a2EHh=0vRaCJF*Cr8hFHKT>4s^GMf
z$o1#Rg+-uM2{<s4l-3vEl&T>QA$!de10G}OmFG>&<uq)6nKEvlU$C?Q#-Y*9WvH)I
zTDONcQS&Z-t)qFH7jWH!Wz^Y0b0_Uk)ky5hmahIiostI$sk(gLDNGXQ3T|qV%$OCH
z45#XXa0viQ5@v41F?@FYwWN%I=6Um)+Xw59CzltM3N1tmQ!!lGiw=#6JV}CIn~xd(
zC(|e?Vu8gm_1b6g_~hsEz_*`0@$E{_odDam5!&?o!}S*HBP43RN9nfq?5cO|4;kMh
z5X}Qs2|&lU=iP1E9p-+6oa}rFKLsbZ+BW<Uc5t`KpBoUU(Yc|8yXEXHVX-7j^Iju3
zhROFn17Ftoy-PgXpmC_$tz^e@in~2v0J_I-4v&wI;)AIBX0ezzPwJW7;nGvaBi0`F
zhx^?@zuP~)9qx|~k4J~c-Ts?VzweVEo-d_g_k-R!W);ju!i{r6jI|ZUu;w&X=FT|e
z0FQH(QLRarIcp}kvA2rUj3?QGcUXp1&Yi!&Oo$lj`E&EUe>EiH(R=&*$8Vq-nH>;N
zwD=mQ7Tl0tq}05Cx2Oy05Vk8g$l42(jtFse&LwTQ44;KuS^k!55)&){mws{PlIPc?
z(v8)|KJ!fO-4EdS>|LLqoL!#p?bvDI004`|a$Bnl0b!qOZWvvxt-AUgi&R2YO?2g=
z#A;4D^>w`MgG>Qsuf9Zi{KZNdU+(U;QMvf?y4P|oPkcl4vuH<o+(z)PP-uM3Zo&Ol
zu?H@V<GQe3Kq?-}F;!aDllMQOD9~%Im2B7TFCK|gXcPnl19MB>h46;3ab_r~Yms2(
zJ$)xLmI^b&!pCLAO<4h0r69ay$`Z`vd^VF&uM&h~|CJ^yio%iiqFx2sJ&rPEvCKte
zT06eLD^Fu^UuNG=uGvz>qQ@>(F4Vo1xJ@uhnUvUh-vpzyc535rUoky!h73&{cA;&v
zXo0TMr&m^FHAU8I(UW_nPF0!$9US4VE#2Iqkr`k5!i=T=*?7Vzx`Sa>D;N%DwqDnA
z<ED3ShF8qk(e_#l0NEWzMeZ|&`JyYjLrk$}f?A|VB~T)fpyyQQH3yW)H$)A|H8)W0
z;1K*xouBTLCHcUG@>vIWNC|s7KD)-Ubh+KUu0HP^62B=X(^%fixZnvXwq}q^_T;jX
z=5wM{Vxdh`Y~c|L+#d9M@PB)6+kb8vcFFY}ibTI?RQpI{3CZEXH=)YWH>Ju^jViOa
z-ye<k2K|E?RgS(TRgOxk42J!19A-DH_IWIcnUyJ97KxFtodK#pFql*n>nGtZo~U>{
zu>*w$6z}Oa3KYXKyFUp3w%a?-b@eCvE)4p;0d1Dbx8?fcGN#Nz<h5arwi*VAKY#`B
zS$OLM9Uncli(V2BbGr~$Jck=$TIAZ`y27mqHw0KJ;STm`W?iLub}|`z#nefn6~lDN
z6hvm!ok-cV0G1}AYNM`s<&7HlQFG(~pG?LVcG!0oA)N6R!7`{}*gW4^qIhk_KNTXE
zLbD9hC@AMwx?$!7tUCXOnbVweF_TFGz&dozmX*v)?nY9~KJ_Xx7d;iM$CKnc=xw0i
zzfEo|<?K<k$ED#Ng3I21`-)e`g6+B&XRTPgqyGlyjj#c!TX`nCmR4OLeDI?C8Usdw
zYsW(_;X3eljWdEeo4g~=dYXdj!bUv7Yo>ht*a>J8PA20P&!m0WfRdJs_0%j>cE5|I
zkYv_fa{W^mWc!xPF1h{*V2zrnQwIN7oKuzB=7q?4EbI-dTRUDo0r@r88h~7~gO|cj
z7c#xOP?6=Z-2k-@_PTW+EgM9v%7u#VC>+ZY4U~0|KEm;U?QYldqHVVt<aK?o?nI2a
z^O0=5W}qWx+0T}{VnZJ+cw;rDBJQnKq;|Jut;bPg4>#w^@&p_mxu-_e{m{C5tNjop
z1Oyxcf!Dx`+s$IPPXIJ<)rN%V*b9#lJjl)?J&d!lr_J$HE!Hq<tq?%j;OK9H)=>>D
zK<axTGCF3?!Ie4Nr8Ap8RGsDNY@KnjROyW{z1E!&*_rR}TpgYn1-$j11zv*<et;e}
zC<%+qI|ss8E(+Bwa-kP00ktBv#6giOAM_8|BO7Wf;iNjD%;K1)7$O!H{9dZU`v%qh
z3||d~eQg;gzGDBx_WSIS?d#Vq<`B4b<B#l64m&44dr2EYJ^W=?!4t|2R1!T6TWcPf
zo9A5h%-n$3mUykfsv)-DZ>{@kZbq#}%SPPxw?u6n);ewtw>_x1vs^u{!jgrSFQqN`
zZt|YR-0+N>MQevac5Yv3gy(_`OjfLH!**=jd-G+lZfU!Me*!w)SuVt0YsdZo<y@}A
zii$K;3#YUYJTZ%(orf1B4hn;+Hc!;zdh3IoH07N4H4Ju1lo}2C!^5LpZ_u=te`_a9
zhTzJ@?*3^s`g23`qq4Cb^WDln=oHuMvvxF1_&c27JDJ8-#0CXNGQ1LUzBrRQvJAwk
z{<K^SS!x?hRgP5`AkQ~xzwt$1cX0y%AIa6UY`LpFx*n#zTocGzYFFFtSK4tsxNhMW
zuaDX9Yf{NL?5GHzE8&0&s$MI319K;YDm@_X{#u|Sg-u)s`?LGiIhDFQ_f|Q5uHB!c
z1;tdTA`bJ-+E<@~s=V?^*lmE%>W(*kwqegDYW~q3fduT4D^;N2Xc-RseGV!lY}8`{
zn4Yp5vOs7k7_q--mA1mkY9ghKN>DR~mME4e9=8%Tzkxq56yL-yEcrYU_u#VxK97bi
zxL(L~-oh^+MM57qj#emv#83;en7;C54B6#te~^4q4p<d6V=A>HJ0Aj(ntWxsK?ic=
z4k_1*8$r3J%4#Ux2fNd1@hDmZo)r%19S>quBi7RKkwhrq!$@Pt62b3XC=hT3u-H!5
zsCz9u1EkU*esq2RHI8!h6{8%zU=(_YNnzz~dQ}+8DDbku%Ym;gh#P=f**gviAmF?4
z2X=cpaqOv+_R=U9T%!dX1WsuD;pXGshwG1_moaKfAP1C+bwK8K;}5r|lT8C3y=35{
zmkfMV9XRF2-<f6ZXq57^?j5_iI=N*_EV1p<F<~Mo9^C~mBowlXr}o-g^6bWNqt8=g
zW$+P$yn)p~clUfR)B{s9BhqppaA+wY2ONaMTTmg`u{S#G_jOBvH^>KW!~?J2{+i)e
zHpkCs$fc{(QU=C^xzZj2>#yBNC@ulGptjJO-2_G4&{$$}IiHIhIFj1vKq9mx+glbr
zUErArf4M~f<tzufuHY>_E(DU;u0w4wd`c|Qp!bqL;<MlvWpK3r_MmldM7Bn?AO3K0
za>Z_oG!+RuclL-^Kir;AUc(a3U2&1AF#NSIeF<=IKXje`9eq|6Gd#J&lPvR?Wjr@4
zW&yHT*c(%W{O>lCfuT23{Dfgr11;?3Y<EgRH4y`lr6pxN(H+=J<Wa-ggC6`JWA=ZB
z7zg5-lUL9S1_HUgafJTf@PNj!|7^EVIT#KBfB*u!<oXV`AkVTy3RhG#Xj2<yczD=z
z|3BC!mtZu0=>#rMP6IX$7TW&yx;EP5$p0T>t5NWOICNCnoV?-d1UUmxE@p|0q)Aql
zdVQrz9&RlT79=tcStb#)&y{hgv_)K9J7S%jzzpmsK*MB`fqw~4V|YE&So`yihGqZE
z@<8Wqal4Rd@#wiTZS0jtZYnLP>XfX|h_!;N#G;Eue-fM|w|I5jbfIZ&hJ@>qmfK=L
z6O6d!xG?75Wt9Q%J{&WcH{xaQHh2@!)a>L}nFEy41;Da{3bF@rd#6XaFv2ZyhsjxB
zxC@Af22u+OZ_m(vS5rDT>J!fyJ8rvS;vG_$K}jd@$B!y<8B9pywaudiTqfQF)F<Rr
zIh(G4`7%C~9?T1fD>!0z3Dhj%^B$<Jt^l2D#0FI%U$uFU{=RwtzIp%3oA>C6%}YLJ
zl)Q&gnf+dCStg4L1<EqD#(J0MG_g+Fv9cJO@`R_66;bS;@8B;{4p%19@QO~-ak-x_
z4ldpimm4dp{Z=N;YdQDcF3)6{XLBday5iK}G$c>vDwk%lbi!5|WJ##v9JIBEiKIJ(
z4+>Dr?LhXkoTsr`+GRuW5!(3PBl_-fSXx1ZhDY<cg#^E<Sse+mV~C|PUcN-u4+hpL
zHysx1yu%i&X)X~v^arrt%4tWDaB&&s&@Q2$|5`4ey;Z<5{9bbQhqDO)I>{hd&u$UQ
ziGcQ+Q5i4wDps&ag%-Bk>yA4mul{g0VecmI0Z^8!dCr|92pvJY@e5yxEw~QiT;7X(
zS2Mx$WaW|}A|P%SuRCyHgf?9<n_02wl^vbN1+v<)D<l9{EZ{M*ge-)Pkx(TKWN--E
zmlJdZjdgw|bp};X{SgOcH5}#f#E}<F;^T=G;CZHt#4P~;a(1qaYsk<^#2-&cM$0LY
zWw`v%F&KViNAe3zAZ}fBmOEG9ztznDc=Et=!M=l7Ei!18p&2`+c+AiT2&-1^)M3|;
z*2Nok5uEZCW67KKs#h0pHe3;~(?oi&Rt%JpK15;R!*yY=hM5ALp>@FnyH6Q1K!=2?
z#g=;3WcvTJ_wLV)+gQH%{H(tM<-WP;-nC>&mY?6<t?QPZ#5ZlX$98A#)Ksb)A|VMe
zMJfPjTghhs_HW@uf+WC)9=1ENrfSkAiG%mS!Fha6J2==@^mTT^aYP;<QK2^}oTXOk
zNCl~k!!R12ex9m%66J!d;7YpgC8?18NMQuhBsHfI<)9FNh&BA?jW)mMH)85o(3WF(
zY>aosI7`PZi9wZtrJ;za_0tyLE8k=QDR@9Z&@t-N+v6CV%70nv9WB6vOsuGfD(!Yh
z#ga(y6LYue#ied2e87}eGKtNRF-MuE>l?ia8XiUW$^J=P7{WB;fXIj|J=^qQK#{6T
zuMbxRn%;LfMD2+}*;EN0wLKepQ;hCqIH~mTGgnN07(~6<;5n7E5`1`{o-4-w@GY;^
zxFk_isy3?kjB1)fPw-Kwu!R-bV&fFlr(-*{lZxLt7by_1!=Fhs!r?aH+k$;oTYFm{
zlES^mI6Bi3c}e54eUm{A<;yJ<IFgVoi)^C=LLJ4GP!IsgGZdziVOKSXLWx|hoka8G
zluxhtPAK}j-R|~o|6u=Mt5u%FTwXN{<iSEJbG;p;jz9!!O(VI4<?LnwsSP+(bu4NP
z3na!8NqWGCvYm{j?1y2PVG2`P=B3aQv&@}JV=NTh+bVNA90dyvb-%5$zK6cNBxy^O
z**+l_D;0$DpAq$oHmFRe$H@bb_EI?b9rZiC{X?Z>+1dtM{cg8+e7v(SecN~;qrm^@
z;k+?`?1fETI3`Pti>LVV2!~qptk;X!sJwOj-4%(HZ+F&abTStgo@8v3b%W=h#S!zF
zAR)W@pC!Y=V-bxum60fDK1DNr0h98M{DLY+ayd4fGpX8n4cBtPnQc&OUs?l&bu<ZC
z)TTk}3Ql%_G_wtPNh@XLG^J!WYdz}5XNm~tR~>MPkdkQ6@--<AruLw%Em>mejYKLs
zPhuY{n7hOmMtdI#zaPZ{=P?5~WRb!Bg*6&!g{jJIka+D1BbC|=+W-a+a3QtoAre=R
zx>jBt&ATJ(*}?qK*m)!WY8$l*tYzAoD{XD^T=|x(rfgL?VkI0U=Z_`na$a)5CCUqR
zKY@u}P}u#F`@D*Tl9wQPsEI4Gb_)@vV-ZnHDNfkGNEs~*5L=y=rN-k{0xJ5(3Mi^>
zqy+<QhBem!63x-Ef{2#UN&rN2gc9)3f;)i)BiacGoq|DUfuIZBO#q<#Ej#$LIf{1R
z=RX(dvnxMt71(ob8VkX^wjlSKl$;ndzeFR^EKQ3qrz&E)Oco2F5+>RP5iJkBwZKEy
zfQGigLMu3?x>(7D!7#y`lUN>U4KAi~ZG+FBXNbYisXNVQ5%m`N=yN7nEQ4f%m>OpO
zI(b7(C!7EEd+(2G7i9xD+Tx+y95A{t2u`qQQ>gjEk86pdE22lmeMacf#2G8Eo0grn
zbKjF3Kt(1cE_k8_Mq<kN>$67@MvyXLr&Q~fX7x~*2tGzok95;f@VflwXL|k0F%Z02
z%Bi=)8;uIzA-Q0UlwI23HCg~DtzaGS_TMFq&*Lac@tvh6Eq$>K+Ul<nl-GE5(M_Me
zYZA>9jrhKi8S@sJ=Zk0_`Oj23O_;d4R0fF14E~vf1L+*5nvkK+S^NgjcqE-<XeTp5
z=^0<3E;g<FT2NFXsM7pJW3UB-U`s5ltuPAFmbgqLN)1&K<%kO!Mg=-w#UzFVhRn#X
zCf#VX4PD*Y?h&Cn`%_9(0Gg;(BsYE=2*2^R7vlC9D-@(Qpo`FJ^E1AU=hS=_jM_6e
zr)@5Cx9<*VI}w4!3jLnIF$^K_A)SsQNPLSZ!Mi2D;&LUPi38mzAQf%u;1^p~jGY+I
zyvS%AtcvIk-@I)B0zr2eK}a5=>Vf*`jZ)LM#}R3#RkzZAT1AOK@;gQ3bMkeaTWWqo
z8?63+H0hss7y0?ad4K*)d}9boYLd@{c1pX5wWLC;yfLFF3J?sf>_u%KNmV$}Wl_9M
zPvt}?65-ZnvXD`F{}pyUlz_D-+Jao9hGe|9kIhL)E}<esNBqG#w`lFRZK0lRWB=O>
zG>r~J<(qv9x%4P8{{TS~y*u83k72N|<Hw9;Y}Gs&l{Al{I37qG>V+!edxh&1U#wj8
zpTc`7xCYo`v;%GuHKtbcbU_;o`bUGK{e%9|UPo)MsB|3twk1(x&QFg)moJfMVhF69
zX-MxsBjKf1u>??<3PtuLp`o3C8KM+U1RI7vWRP<k(I*8mq8tgg{`Jj2+uzLE-}vC0
z+s-%W=YM^}e*V`t!O#EtCj1%v>zm2(H*bCh-`tzoG9jBvjk7*C)L`*yIZqMBMHnu!
z9o+HJ{SIY*6f2+u2@{^WUkKMAz5u2FF@R%+h*H}?;ofD$+(O3CY|cdRHRT<be2>3Y
zQ5S~qw{AFJ;urAoTA>MDAu>!UYRj_}_h;}?tKjJ8IU=8py0!U{kG$x)aOkj;l~b9>
z9de+4xV=s6AiScK_U9y@lp2L(3_%yXRY&VPSzlVosVbCo*-~dbr;H#tla*s%o|{Ps
zvkHIFwTkkm+OjC@-$q_8A?*t-%p6JOPXf@CG<Uzt&k<ganvX&w_q!HfIxapTA55b;
zmjEY__*yIc*iI}FZQ&*z`U#SN=+hKIACXi_)Cfx-4s7}gwPY2vr|9wHczhYpZe<gG
zi01Uef%F4ASAa}l!!1VZYVcXUy|Qo$+nPWR8?eJm=HSZ143|L+E4e@%T#}<GgyCMN
zf7Cf@_YV4pyMz6s!9lz0clXfXa5Nr`4!yy_?g8=!U4QT3u;(8gbm87!7y13sNI|Ms
z-~;CYiwFJv-T)2;Xs>%XKIr=0UDzEA4!Zt$Z@k|_yWV*0_xpqW{@|boyCc-y8w|X0
zueU$$dwbmxlvImg#qvs=;`1g0ZX`c6@^i>p$(*tRs&|+aQ`U|=U6h+nNG9=2Lrn-0
zCuCB$uoKNVhh%K0!-Yn1BFqxVVNvb}^*jSO{3Zd05whkiWNm&nDV4RLpg^Yh`<+?H
zc8vGBs$<}Kb1RnYsjxsrBAweC1%}Sgd}Eq)Wh9!zi85vL7T-q6*teWrHn5s4IL&2c
zF0x}}fn?4H+>~X$H+NHZ71c<4FOS^eRjRg2HPqnbN@VVle_g2*M+b+xSf=7)uKcC&
zbJI%;-SI_VC}KNr1a%xv+OVBGZP}qLT|kyr7)vJ%ZA}2$JbYy$WF(nQ)E-wB<%Y>k
ztf@_G3O6?fbY_xjz(AYdzq8y&Kn|Q!L2VXSqE1KXO6{+$KPO}skt-4jTrC|RrWfKD
z^9m`oG&sb};HXlOm?e|NG~N0Xit!DRzg1)S($=>e@YOlBX<6Y6Y_)L&Cs-mX`rv;j
zqEoYtlW~IBkq+eTWOCc-FzvL8`0H8hbptYepm5i-c<F=hal%PcwDls=dbZSFuYZ9#
z6U_&kf+pdnV3Pr-?vPWkRM4p<?9`eHq(SJZGx)S#3oZ1DL7w(>Ax(l%U16y88fl|v
zYo!(BS5)wcN*5x2KNrTDNJ1oPc!?AS*ciI&+{XX~=w3xw<9i&S3DTKI)t^Nh%FUVd
z9CooU!4|%xTuYRsNEAu}`y|g2T>BV&OS>t|<h4R+63wG??=u4whaLhCNU9qMnnm}>
zR~9PWOal=H$XrWAx+F?P2f)f>%*P_lZ^$H$FQg!d!imD~Pznw0`J#_V!{ntkAu@?{
zhV_0c8Y?^E!MRlDVwBC)I5b{Vj$GQEvwHzT9L19<mx)4V$kqDmZPQm*I%$c`iU@ch
za6U&w!pkK@`PpeURB0c^%GFYM8haw${+V_W^AI&s3x2sgyZ!wB{POhk&Dr%&=fkrv
zi9cx=EK=HwOrqsEq%>`QhBO#065?9p@I`c`liLU#v*DdPgyxrsy~m-i>?Hpw6>e{_
zu=ir^-73aTbuOvNY-esv-=&?sj2Jow=V=COG#ept6p99_(N9SUk8j@J{CpXQd~vE1
z{id;yeYF9UbS1qHV~S`pM(0;o*B@^`em=k2IluaRdwp_wb9Hikc6pl+Y6Cu3C#M(Z
zmj>~FAc>`ll^!#C0Hc_J8J<j;(1Mt6|LZ@&UZ>a727tg!l$Yd7x%ubK=j*eZkDsoG
zXWyF8qvxR{aLB(S=v$hkpL~Dyose~|&aN*$US?LL(R@xg-~9IxoAP4c@p7C5CzV*R
z@3<fl@G7^Bn;(fo1C3WqKf&#YH;&)P`<*U`Ncz36UhH+cncj?3p0J&^O)qi9qKp!4
z-A?n7bb(HIg8;rTR*+?TCF-~QX5>3y2y>etFGicW9ZWtU9EWsv2jzC?pM(sbWF98?
zApU90?+G_aGJtcL>Q6pCdqkdycsJp)GkF`bLLR@!W(=>&QjkxAAb%n(y=c}IV{k~@
za6UiI^eySm*W4BHHjI3<u3nf)CT<a#<xJ$FWoM6bf+#i5>+}nm4>Pf4hEZGRSIK>9
zpaOChdL9<un_kQLY7$&_sez1qlmgD!R&g<ThC6jeN;01~LtbpsTo=Mu(vmu3Ly0rY
zv>D1SnU0~bv8QLanu)DDv`Eu}nPa|n_G=7-|CYtfPwtf=PW;z=A#pm7!PaG@Q>6U&
zmGIv*9$ZFpRiU@N&b~PA-)${pB24T&?sOpeIkqGO`Jbh$KE1rrif3NeFt5OnR)Oo<
z)2uAT?KEU%#}BE<_oCkIyb*u2<zrrR3jjZ)T9wQD;-gWl3}Mip;n0>{TfC6hj4|}=
zLj_XDt~3WU|4>vg(J^ky%_4`NibH<L__3FIqnG796po!L^89Ury&pu;d?b+oR6`As
zijSnn0-=u6c7r_Zn}*<<7J97dXy><Xuc%AR7?BO{rNo}BB|GJB63q;s|HK5OV)8PQ
zn{{EDPI}qdvbg=_C#(gm+0<<Ae4vIyANZ5G^krvCxSeb9*NBE6agi{in)?hx|8vn_
z3W#tYHdSjwjeGSnujxUU&Zs3JNMkQTlbSnKPPPA^-2)J;(+3dL@d5-^KR~dgC!jex
zZ$MTukek(*=weeW?t^6xgiTxs%bW;ZZiFRz`hqK=?b}t{30EA+Dj!60UyBhs9HLt(
zv)?*8+8<<~vUYT=Su8K-VUo#B`C4hfs+K7tTF?iRM8QgD{c9XCsPd_0L=>a|T~z>h
zf&!yU{#_Kb`dG=%%0)GW#7LUEcc%o+e*^v0yhXuV4Ga+aS`8q2$S(u$l5^0fVq4!8
zvADCf^!5^j@CWRpEqzRWRAr>;Mx@s|$r0b<qkgG8^ZdvYCRptZ)p}F-wcb#9he&QN
znfQxS86iyK#Hmj$Gl9ixY686g!B8Q<f0BZXaL(Xo3`4=9^#;VD@~cW=6aZ$@i;1#m
zt{=;YK?X?@<gak1`I9m97;U{t;`)VFkp>9OPsR+9^AI!JdXWyaMm(cVE(^m6qTsC;
z6M{k(EViX?j1R6EvGT6dqW7Kzn-W1gW_*p@K8w(sk|@N#6(BqX2Udv(WVA3M<A}__
z@bU_LKkT$<TK307dMUzI4AQB*bo=3^n64!Oxa+i7kRqoF;lhY_o<<L5M4igI6hU7_
z@{5#LYSY|)xM@QXd90x4rMN6)V5|bM-*Q$OEHZ_~H3W%J+tDI5`GynTaNhHX;7R&O
zdEs7Vf=?1lP8+0|v&5bDkV=g^uj;*yKh0#<dY?sLyE?njKCqgx4o`rG_&UO#SW=;{
zBi{H;&2TC-<y^=IayE-XUYtc>B5*bsGD)eC8!c2qHMwx*E}kJe6?-8HwMT?V7>6kc
zmGGKma|<IPDM@22B1~a15d)(-ZGqrzMk|D~Ei?pNsnUmm?s*5Cj}=^_!lU)KlWnLw
zJX&Zrmf&G0HS!G{NrBs}7kuQ;9xz4Q0ETHS9IqGCq_{eac+qTtf!R)TMqWg7<t5%|
z?f3e9b_v|W0Q>w1@{RrJ!v!@Xx6Mdj7#ox6gW*X!JU=N~+DYvg^twlT7Jm%6s)f@R
z7{#F<81xkoDE6VwWRqVof?$B|5fOM_&h^`oU^wcq6my{6tZ1T?7dNkQ0=@RF2Rj~N
z-zpE?#I{D~D$|JBkZlP<ro9-4Co-L#0Jr8ROvn$khp^4?49QjgUUas2nNz4Py1v}t
zbXtxZgj6^g7$ZprEv;|XW)~~P&`c3VqKLI+@6F~hvRIC|)aT{sed3p3a3dI^a0^CI
z=3PsPt1PP&$*;2AJs*QO<ctl4j8CaNW@)Z@BE<_10(Dq3nUW*{Marfhdt>gaEFDZ0
zZjz1~&<2LNbc^F#rE`r00z>Cg-#)Tn3OWfH_;2+9h-7B%_h;XqUxMM;_3in0=fjiR
zGx0R}rqk(UzdyS?b$`7+it-#5V0e6X=Okj07X?~-#?S8L<xKl+3%205r;(@L3as72
z87a?1ff~gBasL<y%qISC&QI=9A>WYrWa~>yQoT}*Ns))t?vYXFZ4H$qv2IANrFEJl
z38_D1@j{#A<E<|(Rh^2G-O39-64H<l&-bEpiXM=V^I57w({(sF=!>BgCAa0n{qA8;
zJd{NANQgU2ArkaK>M<n0ib9Hva3=|%DNww`bR}Y?PJ*cMe|X!r2>JziY)eX(T#gbk
zrPBUImEEq(1y2w}4~Qgh9uVKI!AK!&ZTTdcZ@EUk4P-Uots07V@+mLWQq8-Jl-P8w
zx^%1x*+8|6cwgY+_ER?1gG9Pg@$LMzj3>ra#S!}vqT#np8~KGhUqo3#FjbFo(zt^<
z0I{hs@u84*Ikj_LTJk0SU3ww?93u9A)IT}lZD9QIf6{NZTW|Cmu?xgX3Ld@B%DFIU
z2ko>jZa*cfLEl>CiK5cDOOZIi)f`@*c3R2}UOyaOpK4b7fP&!1FnS2jeI1%@!?{rB
z75};|Q<mW5dkeY+VxFHT!=K6Rs!x7(D{uv1Yh(&hFu}qxpfnTvhSoR^e>l1P{;Yj*
zcHG}RILg(px^Vm9X6NSSgPbMhoPV#3_q-<F9!isp80JOT0c@r}NkwSzR?ExpiYY4W
zUXLl2^*KJ~DL<17yRJXyzTVsK>}ruUQSAy@6MJpxelFgsN2fW5^nKJn>hGcP-~jf#
zgMHLH-1P>B<D)%);GwR+JAgg3hYkma{k{J9sMj4F?0dVY*Yi*hc}Ig$p=$VBOpsZz
zc#yBQe|Xr3aNOPXcKdt%J$Q7~JM4`Pyzc(qs6QI@j=b(J8o~Yj{{GlI*xiR{gm(82
z{iE)|QEzY1FIM|NGnGEje3gTP@g5v`dt<oQ=jVpMyVpJPc6&!h{sDxe9_sbGhr7Gu
z(f*-79_;O*-O*rhuz%Fs-#y$r>g^Y+4Dbk!pch23pQ+n;o^OPI*o6m&dtMhEb`Qqh
zLHDq~KY+VqZ`3;)p+R@h>kY>Hy`!;zu($8~d;Q*EJn*2u2m6P;!=po&|9@p50*%LG
z{Afl!rI92A2~-uT9oaNv$uE2va6FUBdtJ!zK(1v$)YR-Y#I$*Kn_y;pKfPHnZC-wC
ziq7aS!BhMuCKGfF`g`B3k7maEe6RaWnPZDF*?$7p796R-@g3n6VsuW~Uj3vQfX?}~
zM<g_01Y(s`)iN%+#EmF0OutX!GNdoa<INp<&=C}3Etx&me{`~4|1AnpQh*<SpF#>5
zreiFp?=-rMn06;<W!y1TCLv3sh2N?~h*G>@MHdW7OYFli^3l#4p-xq^vo?Q{d@o)-
zOP290$%UB}M7N~^!}4U74GhcE`Ada}<vZUjSj=9!X4qKM(4eH2`q4qUNJ)SYAEQeR
zq%EBiT5|Z+)9lS5i6`<@JW;OYwhM(lxX5Tj$w;{AHH!CflgUN?Tt)sVrX&^`_xG_s
zK`hDCC=29Y8#-2%Wy(TBeX~TM9dGH5pO6y)LJk#ebzarVEWJ8Ox^#xxnIqz%kg3bP
z%y(gc+YmH^IMioCijyR?;h23Z++4PE;*az$AE6WsXS4uc@*)y%w#*MY!{JHx`5L>M
z$vWcfu0o2NK_7uQZDq?Q+x1+s?#m7(>sdp|dP{|p_4<c0lx!7_k&hnI?au@UwQSx)
zNp6%0BqKhTUKA*t^Nyjw`F@z@q1oD-Nspo;HPdCmPLRK<Ni0b{W~ZcIXQ=fu<aFZG
z47DkOgpH6&CZr$#pr59BO?SJBR)SFo%25gpk=tz-st;C}A!kJ_EGL=AEX>eLfD3y$
zby>OJPI|1munYyc1kbSOELn7XOh65HU;Q96evm6WCuU}R9sY?qf+a4B^}!BvGz*A_
zHrCM0=W#_ZyT*QsxgL?CpWGT+wY2YFu5}Jyz8VN<8Rf(ZFldDXea%2<0A!)itQ)HY
z4sB`Gdkz-O28`y0BDlkI$+3hnU1v8h4n4iY^WpXBP<@p%EL@8KHLcnd=d#clNZ+`k
zdl?ttL})Bj02vDtP;egk+F4JgHRZ%FBOl!=by9NqSqigFP|<1<;e(uJ@kzvH5xA&)
z2}MIB(^v4_R7*r}WDiG3;H4#nQ#DMEKBs6xOb##4wVx0v!n_H9G)N00AVe`{jz|V>
zTqupaC{%H(>dt72`z!+AiV6HS^^hP4QUM?L27D_Ud`>^jzcrFOx~Gi~M<;ESs_}+F
z7N^q{hbl?mRpkFeWP>%)gs+isp%nR{_yUl5=?D@-rnCEv7D<|T$?`-Q<B-qr@NEMM
zZCi-7!mARGWz49cuBxM%`V=Wgt(yO*STK9S3mAvkni3%Kti>?EzsXIO<`{PwJ4GTU
zf!Fa&Ryu{u(54>2b7tD=yuE>UfP4f;2V)-%e7Jvz_Ku+E@Ai)1s6T+?{-E#ej_trv
zhyKB6(DMc!9PAzLcl&#T(XQ7!Lj7*P*B$Kl(fIIaaBwsl?eFgP{QZOdt~WsY-6Ma0
zuQ%!+c}p6OYS?x3WQkE%E4tLOlg`m9Mw7e(D`~>A%EN>}GsRi1SY3^o#aN;#nZ^?1
z(8+7%%`yK9)$vL5U-j_I>f!5ZU6Y}%uWr>vO4O|-)u%h$fMjZ<<+M^LLK~G~LRm?y
zjtiBLT_ZMBGC|L*SyQK5svpa1$1=LHZubJ$RgIa<igsL(I(EF9SJWCljs-Xp90ELN
z@^s_tpI@+KX2N@!I7{}M3upSf_Lv}K7|n0~dGq<=<LRdlXL;g+LvtYj5##$JdWj7Z
zL_Qn-aQ*S)ZSLXK?e)p<OfQ;I6fu7G&%fgvPJz})9OcxDU2H~qA>e-|Wh4MEgR{BL
z-S<E+V@cL5gN2x4W2Vkyu(iWxbItUUcOAd*NI0Y?8&>0Qi7clSsI28)Oj$I;zoqzG
z#v#YWLGX62V}l~f_W~7C#Jd!$Oz#79BMKyX7XE$ak!Z%8i}I1X8Tx(wW~dT1n=vP7
z9N@{cAi(SU4MA=BLCR!Or#`XB;`xL?Umy!R^2ZcNJu8H4iT9maGKMEuUWniC`+e9w
z8jaBSaL|Q={qE5b^akGk(V*Y+j=JN+!MK0ucYBBa;Na+BaMT?fb$h+t{t<)+<NmVV
zUp0mJWHxI_@#)v=l;TsW%Zl+Sg=TVmzT66ed_v0V_ViV`JQX2utap*j()kK6BWe3z
zZzG$&jih5;|2mSCse=#e5J59*)O8=IcfZM!TH<<RXSc5|9Iq}M8*<@D7u(Br-q;8Z
zuoGnVJK-bvAg^(}vjIw$(*wjzXWCMc{5p11=2cB0W0jWr6a{dRsJH8b`PM+8-CK^y
zl{lXOyZebwu_6P%gx;gwX3_Xp;So<z+k@T|eUY~^7756A`SyySA%ADeh&AEl(?*{r
z5eDLVvJ|wukrwwMiRM!&K~<16QfWE_P6hJ8@bW6jswOWaI>WlMU>I@TGkAvpO~U6W
zBJ#Pu{mY;QjHn8iNWe)1Jr!zg*pCvaV+MIIbqjfuOmv8|$2lj<0*#VnBw@?R^_|um
z&@mxyJ3q!F^pnifC8C}}eu#*YI0Ror5;}e4egPf~0=nIL12E%VK%p-K84oE4@Q6Ud
z`=+vfNsjb`$YLkq6Xuu?D4ak(x=Ea%N;xA!zr|sQ((dR^XdEe4xTvTE*}O>^{4|2N
zv>=S@!qzMvPVN#I7zzaN>^%%U)M?3K8xkzS!LH1^O)}6)fZu(zPy;3t-%7=i3V~13
z^qon}*-ZLw*}m2rK4vE;#GCF9l!i#&S1Ir%+)4sQ0_YUa0Zhg;&6o7X)gFD+8j<_S
z6<qEiGpN4}=h#RpY`kfS+vLgBxqt;CxvTfBOh;rKN+NTd9$Xgb+;U=^!BD=q5HJF1
zc&J?WLTEEnUPURijHb9PHoX8uHYd;|EQskd+wgBnBi7+e1<ZE9PZAX5zd(O)Pi|5l
zc|_#?*ZWa-Pv!5DC^E9Tws7Xk1!%r0B-auOHeLa5`(Cft$>c~vzG^%@<{w$?oGB_y
zqV_T@|2ow4CJ@QNy@<#-WtI3^n((JmvB^*x(kTD}=5rFw35E;>i?))Qkq;(8G=f2r
zQW~%+5s=o|VV2t^Q~yo2skzmn`g9Qo47U|6?d3wj$<?`DEeY|9;SFDU^6ApqCJgYE
zIu{D-wh$T9t>4HsR&wna8ue?gmPPMTnGwf$Vh6FPN5Sp1s1slLA?GbZ2u^Tt4ANo-
zM0cqwYd}(_2wHr1=u^r_Sg%|PG&+l-AQQ)@N$X`pWh0J(02E2!Y10Plh-8zKjJQOA
zNZJrlSSrMm9rQ0PJ139S-vv+)^?|Na!*<B0J+st_^6ktP+!mTKnO1)c7E!EVGkg)3
zNRSsPf2)L)QP?r;DV9XyFRB~Vu@2Rn1m_^zxJvqRKdIpDgc6^qT7+chlZ1p(C|z>G
zgcu(WA@3yLaN1d%(5g1#c`|zdv_bEn-{~E8`g?nwem65gqe`?V-5W2!0?s{!o7px&
zh9uUF2@4gosSpA>Nqx5hb5sD?NE6W86q@xNU!>6tGbUH5rw$SYCZzH{LXSk0CM&c9
z&O;5nuh3GG%C;oe-YRcoa#d9uLmo@X79}Vb<*s(Kz==tRn+3*j7m%4i0sTmP1c&Ko
z39~eqn0<~@1${<EpTF~#s_Ba#=T-F;%6c1{*ZMAt_TFGB*)pa&zo^jPJ3916gR#Hc
z9Ssgf<NnC&_m4b(A9i~^G}!BT<KEz4Zx`+D!^7@qbcDv;9_${$z24DyuRk8?%55tB
z%8+g;qvaE6*$=pEdaZndtwSR@$uI*vS57r|bJgx;ncKE@J=Rzj`sh(e79$)&vf%p%
zhh7l-1uRGF;@So@O2s|#NV*ilQFJd%i3FwR5fGUV<XuK!SE;20uz)Q|5+rYf5%OS6
zUEReLFeGv=s{4)1oyfbPWp{yLmQ*^5aUju@I;~WBt3h6M#?Mq(5iuW}oRKe4A^+({
zBx^sbP|=$<Z@f2jB>mKcpVgD}_x6P$U%yEeGdT)6vc^Rs)5WS-8S4mVJFf@Q>MH;Q
z(n1hDTxmQ08TDY0lT3kPWJQy@*v>?oI`yv&PCk4v`w`$V@)n+PKTUFGX4<N~67=WB
zyl4-{CJP|zR^nO(_H|%i2{wJ1Z7Q`}hig4Fqm%8nVQx#}gGEMs_i7NHHfaivd?c}*
zxYc&JL`A8U5m=8e6vne-@UK%$@3z5(=y+*ZKsxOYQzXy|#bk>t$y|b9krIHRxQ#@F
zvqou-lvq=~nVUyDIebfv-1|O`XWM|r-V{Ize9^L-n^PciUaQzx77@-c-|}|9+XhLr
z!5eUWasl4Tj=YoU;^iM&fg`UV6yO=Z2q0g!UmzWDxkYFV6Jknh3PTS81+wKuQu2rC
zT&X<S0(U7<r3f>t=CYX%tIw74T8p#!1U{;Z7h*V$0q>}^4N7=ctuFz&+t`mk-SF2^
zgJJvugw|6jaYC8Fnhys-j9_$+QqXO22pJc0Q<0GhZ)%In4BrK`b3+2KAMs|(@&|k2
zXz!V%?1#Ha&w8Xg5B1{KGihZo09?DbjDXVzz_~-EOT0q;RUA;lfXM}8>vEolFLAc^
zTnFR+VAZ3w*X<83S~UhM@3xSPk;Qc(p=A=tAK5SZ^evmf;vuYbU70=4xts9NGw`BQ
z#MV?b<e3?s<b~xj^3jzBLs#SyWLvRSm1~Vs{EAqHWDC1!ze&jb<K+7C{PO!_)7TKD
z>duTSqHYW4FbHx0#6Ua0=BaLmc%0C?i$|y}GnN@}_x#97fL<Xr;%!pZG!$+D(ku#r
zfUGm5+X;C4ra#y}>c5lNYPu~_AvA@duPmx!#;&gUxe<uErCLj5@X~{y(9P;{ll~#$
z%ph}1WVoqN-W6D`0GdsY4u#`rAX7_TjfLN2MvWloiHrf-9FbAGCNz_lX}n*8e1Yzv
z)Rd}u3M6t{<!BF-vPnw-ro*U@DAQIlv1Udnh{8#dbW{>lJ0RO#y@*29sAI63=zlCK
z)zW)iQs}#gfbV}i%V4BS<xr{&1p?=+Gl`-}fJ9he5JA5^QlGb#*RzN&3SqF7A%6Db
zO*wJ3Haa83U=G^|KG1fyDy-@_PBT`4l0aC8H1~lI^0wA(l*)7B7W*hGy_G9W-q#!P
z6f1>e-GDVWSC7&1&9zdf-P|8eK8C?!8=MG(>^8VW_Z6)^MPsZrkTT)1G8c-B28n~6
zk*1S#K?P4Ig=xFgpTgMz5{DEBf$|~bLbFGZA;`*`p4w+3YE$exEUqsK{8AvMhA6e^
zYe+q1TuHm6^n`|yM;S>v;6$r13DTIF(htpK_==wx>@o<n7a@RP9E(5cBJ|{FiQ_|F
zF+zqWLf;8)a-)|j!5|lF{n(Q{F~D~yz|$yFxZaq8DV)zyh{MUYOj8LLI%id)NJ)=~
zg)-+wv7bb28jt{%oB;9#XoD@eRJKy6TfqNz&A-a1rKePR?ad-#sD~lw={f0SDv|4O
zORdN1#l_2rHM=F3uCs*BkHL@SRE$-ztr<yA{R$mYfv=`|N{x5GFI+4FRCrAU3mZ8f
z3CC(ba}D!jAxVf)84Gzfv)EKJE|A<tZt`hE^rSd9Yy*vM&P4=@G!^<J7)nnD{pCsG
zIpAgBiwi{(?2FQa?Zf+o-<gVhwGpLQC{tVUD$NrrA@MdrvM_dXuhSp=dy-qN(74(N
z0}TgG!L)ms8qcrFhtFAT(?e(*p7X0rmLdx_X$F|If}d+ev_>fHrIg(_ij+|HK2f|)
z2tuXqNVQuk=v8<&?Hby76S2*1$<E%ni#P6iWJ+${g?o2BiiS77)gQkZ9rK#&zT~c;
ziOwmZ9hcyGS77@EIDh?3FTX1^TY3GtV;z;>-(?hDM^V<?WH<!w@9pjO&Bx!9D4u7Z
zkBbj0A@C~OT=b#_rC@lK1V3b9bt-+TOT4N<Ex&58PS0v5%uwm+Q4`B|Z9dju-CovC
zKkM~&eRY3pyT^4CMWp+XEvg}lN=Tau(xHINs~@e(N2lu166<6n4azng<|3RNSkEH9
zaE!<ju}_>?J|Gcz$Qz&0AsQi8w}{O00Zk=gP@p^%3S`2eN@OGbs~exC+<a<)M>{L6
z0+9wb7-`TPNE$SNk_L`Yv3!77BZj$5h?p%%tSn3nlm&`qS`U<-E*~Pca+h2|V%adU
zjF@9T3X8Fs_UKGEG`$0yzQ|KSC78UeObSxpTR-ItXEvnhibMs@ZRQGyHQcKTx3jz}
z3yj$mg$%1G_bl{4-nrPI2?8{M-r`vNePa4ZE2q1xK3LSHO^h_FQ@5!Lq!SY1ObNWj
z9n{%Y1eF~)@l`W@)6}u<pqD1R6SWU7|5G&)j}t#qFoR(XgTT<Rw80EdbTT}NN;N}1
z7WMHhnS_t?DU;FTQk5?U$Pf!1?Gi41;*xrg2!-#`#B+)G)zPMU;Zi5k;3?C$gQl2e
zjRmK4fOACJ+NPk#R>m^$+b6?80Agwy6f7iVKFTOWI**{Sb}A;uL3V_iO$>Oe@zmt_
zzB6Y^bx$nHGt>Aa*Ca|-Wya#ImLp6?#nDvhu_eJQEUu5mwc7p<?Yqz4{g=_y?5}D;
zJ4Yy2frGqteQO1|T*R1y8G<1WC*wF!DZ_+*yL^k<JWVt45_6b(3#T5`K&%{@bxqEq
z$*Y8NNX!M5A!MTIoCGF9A)ZSlDGN%J6rue^I`+&gm`j>!u5$=x$eY3t)0q^pO;Ff{
zr2#4%Yz|6RD{%Y>Nlhu7&jYdlVVERf6uHZi=}ZVD4WPot_8>D|@@XK5A1xxGdTvjv
zRwOj;F_aN<ETC;Y;a}1?g1jnKlrFk=7>YdY$15`cn**qNki-HArJkvI9Fi#fztJeo
z9y>)wcGS>N@S9{!mws)h6(Mbq>F_vFX?odGX*t!JigJE!;ufe>e!QRCIp5^8MSLme
zT%D=T>k5>?NM0TJSR{dy&gczoL<9OtopPIwLG*mAn<wtmGJ7R&LlT5wjD}udMj(xL
zJr|3{@D{W9?uhdosdY3%Y#K?ku(=>}*=k+Kzht&k6wHnd9wvB*ARBW|E28ksq``tQ
z<dO!b)I7OhjvdsXZE-mkRgq7Dm6n-}p1JT;2M}Q@XYz5O1KE_y=BWH{nQ*q4Pg(vX
ziDNO?*|ps`8F0%S3um5RqXvC@l2WKy2|+0X0B^I71d>gn$2nH-xtRXW94lcqlVJg4
zJw}*<Ewu!;gdawT1F;+UjRp|p#Y99_{t}H6{{|HTli5!)&Oqf;=kpqcs7<F46D6?`
z1zVQST0)a+qUMswPrUKjsWfJZN@LcJ#_bX31U}{rd=zW8ZA68r(9;~JpoR|yrz;QH
zw*<XQhF!!f1`9rZGD~%4MMEl}U4xm*hp8P>WGZt_mZ}WCG!?CU6rk*Yn%$FDPbzUp
zLev36ox~T=MabYInBaRv!3_JM#M2lX;psjUXCS&q#N4OjC?>)#8nS6e_+Us{+khf-
z5SnQ(y(nb-nurM9;j60sOEjW8Z?vAUE$c7`L%lf$TV2ovJ@9Wk1MqKKroZsN&Ln2L
zdB@|Ecp*3SIi)co*Jzw|OrA)cw7LCtK$ZUF4u^i?uOP`}-m6$K*v9#H?F`oe^1YeI
z-KG=kuz+?r*YC)!_n!udERQJkEazrfI}$2)K5COjc}9Go#X7+zzU3|cRxfpRz9sIp
zMj#N#M-zcuEK$<@vqwgth@TTTAw!FAH0&YKBWIJQr$;TPavF;3x5W!wR&su2#x5>j
z&-wgBlgWEdE;|{}pW$$gb0O%}o{E*4UW~6>vF(!J(=<M-9$8~2B;lH!a73Abt72l0
zOa!nftln5W*C{{$Bch~LO;l6DA^12);YFG;WCmHK+j&-nCB0fRW^zeha~GM{go5;j
zlB5pN7DJ2oy|Wjle{ZdRxP@?cUy7Budt>xxpoh)~X>)c&=4)QL2RDdG$Wwl(`-njt
zq|ri({QsvsIu_ttF64w1-=l9i<5Qt^x^u$gb#i?*1XD~|G$C-7&(;Bin&O!6Htf|J
zOQRvR265LoONtp~GQ*kADPsztf3Bo54tsCG2JXlMQ)-kdB$%<=>z5&I_pk+K(3A23
zH*#9&{2L0~)!=~WaV}sS_$?iWeny7QCKoawK+Hv9<o4Lw%Eh3Sq^bdL3%oO(7<>Mj
zQe%ZBTa5ktW_fI^2S{1dtvPPi*77BC-8AljBM*-JS&x-Evu!zJ-Wdd3Gj1D+s<CsG
zS;x#*bi*<GYwpF`RzXE?N>@VmK(4a{%;WQGoO@UMzp_bpb;CN_IVr@V&(T0b`qe-5
zn><dn#;+2RRDn(!NBh$S1#iWP3`PmO+`CQ@v^v)|PpBir_z1;eMx>W7d6W3{Lbxs#
z0fNNsROAB|x-3zoFW~n~9C_t`^(7(nB@^6LEGE=Y{6pkx-P;@RMSj<rMwDGg5&Ht>
zkWIDmO&}=+3qHyG1C{+Cjh>RxV{pQ+hzikEY22l0N#nd3jog+uaCzP%mAy!QE#YNk
z3-!&Z*b5a_tQ?t<Z|Q>c7v0uMxzIphQIXYJy{X5eq*F<SaE8R-<dB*28I>>tNzP_4
zl#AgcW|5rGQYcQB1DM-~%j&`<5}4}eO`XSdX~(LLBBq45@&%?AkXSWB`i23Gj+41c
z*TXxNuUWdL?vOZ4@La^F_x=0^qYLV>AVu`>5%mZj$te0a{ciW5-)YH@#`w{eXDUab
zBX?4=b!5nQ28=<%K#CdUZ@KvIY2B;nqrfInE9Fa4`4<o~90-pS7y=}Llrt<OMSDy;
zn1l%?flq=X_=q7-YJ9cxcsK!67&gqzv9$Guk3>X#NkcO{fx$VB1Jn0hLnQuqNN-c3
z8Ue1dd2uMrZl{+w5(0ApNX)Oo8u63YMyE0Jqld8d2KXVBp<|y!xsTzEdZ$@wzAB+n
zM~PuqX3E2%FT5c{peAIwoN)v}f1#IOC_HW6WNegBY3xPzg(P#x7cBe_+oFn&w)pdL
zrydLt$@#{8*){>M#Qv7w$(16B8EqCYF%<a7!<1i{wxt_+5^SpI@Y&*IKs@iX1P8i|
z*fsBwNM9$s^|nN(65OyI@mV{JSX*>`t0jP0qsPT@KI`t=G|AgLt-OwC8t|$Ef)dj!
ze=O!!gb`~KM?9yDAUM<TUWS3SyPYS6si=f+&Y5!Q2^Qe381viV6}Y~+eP>c=_ew}W
z4V)OoG+5|};1TrhII9R{V!g<_L+k?%Cx|4egL~ZsDN{hX(Rmb7UWtzss^~8&@J_y$
zEOXmT<f2joL4v@y|KgX;GeShkaZHi_^S8WiKcv@!(zU8#C=@E{n^wm6B0IJsN@q4F
z(y2=pmX@mo-7!hK7eFEmoKqNry<Q)@U+}xNlD*DOFK@c4wcFAwMZia;Oy@MDLsgZq
zNt*fbFAB(?3gm6ZmmkC-m?Hwd`}^so^u!Tt2YS<_nP!UW3;1|Gze3~(<@kCG_PXYh
z1itX~Rrnv+50D6Un-g@8<pe{I;d^r}C@&&m_*A%jK@{D^b2%~6!OBy4arlA>@V!hM
z;s<D$kTD`|jzO1J_MRZ75f*J#%hW@>?sl=o3LErPxjm<iI2DFKDqXR=8T?h{pU*HC
zVse=oV=C8;i0%{;cf{v|CK$wgHzgRM$zJ6}60JCk317+vuA%nMqSJ_QMs$1oVcSeJ
z%8yEc^dj|bx3?d(d!dGW?SPvE%vV3-?fngrNccU;6>K0ZD-7i*R7>~v_5)RoGh7CW
z9S|dm!&??e2hU_*3&a*VFybV}R0^{)8!10=q+lXNJC%J$COs+QSbr}OQ^m;{g=&#X
z$)GI>q`Ox|N=V&jCjsZ|@|q#|c+-~d!zw4YtTB3A$e8`E4SJVPeU3#;qrj&CDn#W3
zl~S=Xg=9^Y^BiUX22nWafa`>tK>42W%MFeAILOK51E$AG`UxA@x*>W1=T{~IPSSi$
z`GT+R080F)88v4_wp=PmwdX5%%Q?=D^2LdWgr?R@TZ5{l$ZhK8CGLpYL+F;kkj^1N
zA(I|%shn~%yuHd{-bhT~7WLRXFAa*Xm4MU%mmhD>j=@kPVQgn!r#@%;0YQ9A@Zp{d
z0E~!8aLj2mQwezsH$@8=&ti@wbZ^#4n7>o|<n0JC_^y@xAm5W*aW0^84j)d$xoywb
z{{~z}!ZQOhepKj4ooy}5AwKI0I7Dn#$zVr8B;c`Cgp29Umv>hcmAsFc#ysQ0!<&?C
zY(h$D5U3G9BkEPb=BiUlMkjK~OUmkN^`Y7#MM+zY+531r7DkcZQuNp<3_}#?F^|>x
zOOS^+N6)ob<u*>BpZNBM0hmF-PkxP2jBfC6NXFAFU#n@cG`xMx+Ihni?23%Cm#$9!
zd4gg6cYA9xI<n&W&`Xl{380V>g@!%x&Qm?v-b^aWYztd<Nd$)pbx@l{?L?O!vls^X
zK@}dO!Vi-7hfd+02H;MYDO32xe4+*Hf$$a7JCd_4F6r{irkr_Ujtf1qm?tiskrZ5J
zlC;|GnU4%v?;n_;?_)@OzPrz_DDt*V3~~|apA?iEL*P-0LrV10(C=KS!$jCr#Tg>6
z()Qs<2O$y2MIoAKFI1Sn(w0aw+n~Q^Mm;FeUwD^g;3W(=838-Pg>fl6i_+@jM1tPa
zF)r$qmwWZ*>ik;f5u{u!vf-<VPZSJ=@@13kOsQ|}v5rm9z(v({aKOcfx?&eXOwvCY
zIL}BFNTsIghvB9sd|3+?d!RqE+ck@H3Z_jlz0$c3-XWEyDRD;2aag%_I-+kKHJSpo
z)HElT8JR_UQp=n$9gD{CNlU$`4Evf&&?KrXCk6v~9hW#xLPXSV!n`ZOeN_ohB0Yj|
zHr!U}#HIcY&k}QUj=Bllh$)}6%e0LaQ)(VxbEd*RC0V&21@d#&(8-IPn~=seRqFX@
zC3~SF#4*Uj9Q%A%5`NW}xi}U(qnIv6(W7aikod;E&hCDvXFkuP7kmBP?%{5K<nNBU
zBeZt}_r1XZ^7jY*qrv#dLkB%{)En*g503T@j{4ov{!#x3c0C9WclUOCgRV*2j$jO`
zQH<42GsfMvjevYtFz%S;#3Y(Focu)DN4>^mxeD4REH`D7sV63k&hdDRB;%2{hOJB?
zJ!?mu{p^bZ=yb2U554_vuYb^ohll%z1Ao*T_;7qM-W!aL;9zgO+Z!Joj7GhEc+}k=
z`FrT_;9zebp@Y%UftRK3p14|5XPF0mutQJacp9IoHz)E%c538)w=_bk3yfhatJ~n@
z#%C`71PcM_C1HGFahu2#)3zmW!Wg0~B1s~tdqkwXmf`CF&^tW;QGWB2@kycUg|?Z&
zsP;`FB<wW*5$1=zf_~9f3zLYt^r`K`C<?||9u`UIS?V`UTZj-`gy`jKY(kBKC0g9c
z(AiKdto#)cC+eTdk|<Q9*-8@yY3BPh31XV^&_%FKq99Lo1}Q59fv-kV2_5Zu07JAi
z<&MDL((qfkD&kP3FT=kX-mkT)NYhE0aC@2Rb-JY!-;YB2F%0rUZsx4aWUB<$?X3|A
zT+2Vf9;n#nW<+?&UJ?s;!@=qDmkCj~HNFB4Mhd=(p^|1dU=9jK>5q7$l-R7PLndP<
z5LFVbh(ApQC5@EQY=1LI@6wEcNQ_28b4OR+R$be9LlJAUDQf56w8s%?LtfmJFI-tX
zmma?q`{&O*ih0yrV1YR@2Qu&UpV?Jra)z%&1k2_Gk-z#f*b(fGj{2kBql1Ipz1|+`
z@1gxeIN0|FU4M6UwA&jUdA-B^?#LSq_Ta&hhem@vc-Y<Z;OKBP*qjVz#C&W>2rGb{
zSk^)2dPOsiRhT6%5!v_+8=)2CIqig8Q=qesp6g`D;YpiyoA`H$6O@H^cHN1^uS1fq
zieyU^AhjxRk66LCxH0W230Y6&>Swp2^z|LyX6x%o@lPf)=XYSHtv+N>r;Bj4m49<1
zzp?CxjHb(=s#7#%O4wCX=`b3~@_GcR)O3H3Ejvo0rU)xkBbpN0LYkVc5%m8-Fhd_h
zFW=y`9&@t)vNa0lw9z;iB{OhppqYGR0POvlMWf9Lm<4pnKl3m)l`vEGGdyv!8xPt}
zU0v!9EyNbfeRA@Tn{1F!OvSFhzB%cDvmp>xn`lDdd|Jd^&d|C;i(83kPbh2;x<@%d
zG25J*SXd&mdr>~i!^;V2Oh~JrZnpB5WHNzi*3~URKL3qe0t%E$>1uR4)(6*|J<(O_
zOc4M*T4)W?M|Gvw<&yH}W06H#i%6%JH_|addKd`RzH+zGC?;=FXVL-xp{<4jbf@zl
ziPrzWI`rOq+xfS5$N#}gw`J-7QgL<fwv(E3Ez_9kGz#vKaK_VJ87+h-4-O|Fo}2D?
z=U39isvEB@OU2|JDr{Xtcz|BF!~fSiKI|U$wlgwx$F!dCzKCyHdZ+MDPIRi!|H)0m
zci)}yW0EqR^VL8w8zbgTg*Sc?xkr>aRT*04g-A8SGS9*WC>>{{buvA2d=#LG@DG7=
ztW}6q`MsoQKO#K&M$ox}Y^uC^MTd7JdAcLM>F~drH6ej|Db{YF<jm&*mX>spI>b<A
zo+M_T+>#aasv6C|k^k>#y5Y9Sr0KM!x2k@Tm{fPWwDq??)lWHY%U#e>3GRQPQMkrB
zy4`Mfe=rdL?RLA_{|>sl{e!)~^#%vs{%-%EKiK_Sw>Rh=?EejP*VqQ<FQyEVzjarx
zE8n@V<oA0EfUP-+=9~o~x^)bG7t4R^;`USW2LN0A1ll?VTMF4x9#wxx*1e^#gk}K?
zP5C?vGn;woE+*b-NWpqIw1x5jY+;6GMZ&TV;o{?X>lpm2@CsNyuWGCDRR+qo<iolI
z#g_&EZpEif$cnEOcy5hPjb$NalDx2!|NT+={*UeQZs@wC+elem?s`h<s7c>RVaovM
zEuZFkgJ$o9?P>AZ&#j6^Cv6Z>gxMyT<T3@FBcw|tUt7OSxP>sPTX@STiUI^f%h&mk
z3R`J&G?T)2bhL=P5ZB>MO0ALSNY>UZ(dz(@;0OvE-wSAsR5YR=59wv(qx!RvDkyDb
ztX0kNHDu@mo?+Xpr~Gz{UvIY31((|&KWC|CT&gxQphinl4@y_@{9ZOoOMkB>CtcQ+
z&vufP@sQkZ-{P09G8&mP-9<!*)ix>>r^{CEYT;mwl}ypXceipEfVGmgE_5qd*Lh(h
zTewrKv(5GuULaXm>18yPW1)*?4bh^&@0TG09Ac*RySjoxnJ`d2|7)#ISYWFvY9PmL
zNlR!Qd9R5GS0$opGjD@>ZSr>R%iOu({H~r5nwO2Tzp5UlcHXBR+tgJ4)HO3WdFm<?
zQ+tz&os2D0bJ@M2tW|5-=Rut-+gfTejh#<XU(x*X6t&XlsM2)ISSQbxZXN4i@fCY5
zgtJDK*4p3Cy2~7{yLDGb<*1fw5mKXlRef%4ROYiX&6N48p{{A92@)lwZ)wf18!LoB
z_3~77?<$lkt2UzYo2oA=yYV_bD>UMDdK|yk>CwN}=~=B2!UXubN{S_3#O&w*j2AvZ
zrSHpb-t~k+i?yOo^(8i&8q%htbcMPN)Rrin^z$LI8>=aamtBXJu9oJh_UbGXwQFjd
z>S>zlXqjs4CHERHy*$^|Dy?PQYHO0#Qd_n5Xf4&$)fhFn<vl4k37hQlvVn3{paN-L
z_3&lYd2pQy9p#1k)XG!kx>~2&hSJbh>b_c6dTJ_$)DVZZloRfAHo^4u-B>$T6^9$R
z%sjWs&InIg=MGGxK%RONR!fJ4YS*I8rTDj}XE;XO%2#aqd)5u`Y5^|!^3?+TY5}fO
z@mF90&PG<(HW95yKk{ms{tH;9*D62NzJ4|8MMY0Q?FG5^TG=M<YtPDXUi}qb{1h$Y
zGw_lX=9Z^cic7iBW&$oNd|mCLWtlixvRaB_qpf*H;O5f4y{(FBO2=)9@D0OPJ;6bC
zIl32|#m&-gAmjSvS~;@i!38mkPBB3qyNrBv9mNdU0uziN1I>c!#u@w;XWZVODPCg)
zL;nH$Y^st^*J;sclozk+1v_lGCzE-d#&f|V4hzCeY1BjzL4O1T7<!1DUzJ5XSkIwi
z*n~ekKfP{FXQd6e@zEbju)?bVhMQT~=FSqy^r_2&Ssnx9k}jIfqC;9J51?s2gUx1P
zKCZO~V!q$!7x2+B`2WgvwRo)AVtanJPF0fLtH~U>m7JU0A|5*l7f&-P9=r9PXaaOj
z4~w$8R+O1a1#zbGBc5MfV1_3)14WZ#;CA@`mMbmt9W+@>K8b8W$CdGAD@Q%8CT$fC
zjR1R#pAhk})dKgGb%znVMf#<8V<rAFjVSwoCeT}Ofs${yrFXxjfA-xUjP%A$;02f3
zcfsh%PK+6xpDsc;!yXs#uQ{h#zE+6|RHst<Ym5kV^2l{gippPpGMNxm&Phwde<hXg
z0yrr!#0KS8i9ik^dzv*7B0QNsQB{$To@}j4w*GY05d?!E@*v|~bgr6GPC%llAj{QR
zD@<endxG6{AHeYaVqUZvH>j+j-!iId<*KX_$%jGY-CdDrge)2aI~;<C2%Df<@B<E~
zsagk;TMJ)tgNnlc8;#1O^ExuXFH4YE>HI~HjKH5n)@N}eDRkPd1a&Dr9i-Pt)n>ad
zmvvp1&GKt$ZemJo?QR9AOZn;0M*dvdf>K*}qrQ~dwi{8h+o~IpD6>6p@?txWd@H6?
zt-@|2!U`*!vEW8#GCdhHM83lzrc<{vXhm(VOdnoTHS&boio#k|>B^p#E$Wo(wGZ`X
zV=sUJbsF)TAZtk8h<1=@SRnU;&7Jm+NLb7Lv(k>aHHt}zbBTLNr$4(*E64#It&6Sz
zHD8Tx;aTM^`*mbrNA{(UZ07HuD_Ly*v}?vCIX8PhAK$R7ZKC3uz#la&BD6qtSTJsI
z9A|U_1;fa?juP4S8KTp=ras5*rq<<Xj;*0BrJ_Jd2ur1EvmC*+E*bTW$}zt*q-jE`
z8cd=Vkc7K<-A<WbN4_4VTSR6xiYyhNTOVO{wTeWkCdjL+S0_p~L1fJoY#MNq{;ETP
zlP}A?wXE%_<EYoPEj8P*L>p>Ru8sa`ZOmF@w5yxja1bgfZapA8nbreRsB`FNDldIs
z>bK{7=L!I*c6%%Fr(2`fTb1nCNPUNxXT9=P9dn#*uX45tRoe+E*gUe8RJt?P8hVE>
zpJ>8ac>jDYC{q;_=s%xNWq`-XTX=y@mAEv~s=hDj{aMGYz8)@V5JV4G1mEKTP0$(j
zU{Dp#S<jK#wHQ1&ha()|D#ZBONDFq4iOe@ok1^KlO#5>phHP}Rs%Xm#<m1>SQ*WVA
zymL4}pJICFa)7=-vxr!S%;EsO-jk~2#3<p@Wpiz<!hRyGvxXAm)n=;NU@cPw12(-{
z2Zp#S#<fxwDUD^V_NTXOqKY`xXAB^yj4xfPzm>70OHp;lg)T*|D(3U4z2ENcIj==I
zMON~9<34bfA*zz9E9BX#bJ1C)TZ-OPjTJm}Lsge@J5cNX`h)^D^l^wN%{#5Ef%2>9
zo+<n)x)*=1qWcqSampA-BSJI82==V<;<KD*cI{N1_S9%oy>>a;CJN8Wp@V8|85eCw
zUY-K&QcdY*@0#Tj5O^uG^c9R`NfVb7DO6nlh4c<z=`^hc@=%X`x-_wy#!7Xw5zypZ
z#&#!rXJc1EtdyMi8VU0y4oel~pz=<dd{qa>wBl%87RHo(ZGG8{2;o?xHP+Tj$4ND>
z2CrM8@XhO15WlD03YFMCD^YK<nyN>?YUImD-9F-ObKwha^9#KhRltc=-fHgR5h5XC
zh<0$a6IH4_HiX)ekF1FNlTxv)DYa8fNj&G&-pBp~Jx^@1MU0)n$4?==hdAK0*RPJ(
zGWCYE^)novd>xHn_wsc5z%?aQ4bE4&Fvs-!T;zzgL5=QLBo0qDMfNfZEs-1r!i_eP
zApD6sA>L~=cfCu5;7Cks04a4KhBpimt5A10Y92xJ0DG`>0oO8WE*}k)BUG&)ug<mH
zOfSCNLaU(*ucdaV(1AaZM{|9h_p3i40Hr9S)ys1;NwuX|a)T(vQCQ`cU+x(5!^y`m
zSh&vHli&d^sO#+|y0@zq>q!zw;eXr`I38oK+y$V#7at-II%NulFS2|?g<{}qXlM{Y
z|GmP4E5oLLMrRMRiB`zEXKo+AT&>+0t_r<?TNXoPhC{)Tz9-N_SBPLCkVc`ux@5rY
z;&COH^k;7D&^iaJhw52FmQpg7hBwqBy}pCZvbY3jp4(`*lwT5zSsvObc~^Hr6maJ`
zr7<GcXuK)q7q9Cl7+@c>#c51xyG4|n#-7QnGec||)gu3V3(gBLa^h;g?$?S^iSQ<X
zLf3mCMzhEXPyRYF6{X7a#XbA*2^YcBP(sVrx<zg-!svXi(8!;&B`<3|tyfAbg~wl$
zo4bzRyqOaO{b3YRMj+m(|9(98AwxHeK!zqug`$%v2yi(0BnYjtRcG+=CMM+xV5_Z8
z<?3osejx#kt!1@L2hZH}jk4%xyhybiC7q>=ueQ7>9ODA2YAKYR)CFvCGy1NS4UKfv
z&jW}pYt3Lc-7G?HN+L&!N_S(5WG{v{Cs*e;@!aCUR*%jMJ`STWL>@!_&_0pwYlulG
zrieGiiuU1dNh?RlI;86DmKS1!vOBi|4zD1~``I{`N@np-Ar5gkDZ%-!0eo3pj1B;E
zRog8jMWgQ~>WjkhcQ}x78%qyS6pmLZizgRwUIb#OS3agJnhm2ce?xDwXG9{Bi`!4%
zMPzt+K2&qC9KlD<`|!PMt(2FZMwIcsoMN)ljNp(m7&x(q%OR<w311P*RO_;>m7Wy@
z{Td@`7u>1@DsLXIQ*kttv9w>|5gmt(r@R@Tjlz%-=-qukv;bRMhsIL$0zNh_P5ggA
z%x>`vMKP;gN^%7lWK_D(lnls+XcpB29S(x%0rA_+7*9T`kk=L9mg}AZqagC`o}pgJ
z{BP_$WBt{UxS15taF*$G6hY$GT5&6asI3CyDO?tp;qIc~PcVp=IvYY)QlT}?bF;}p
zqj<6r&S3QT9+6Q*Uq*jL&NY=D<K_;}KZOKAZ<@P^+xwLgq2|41czs&GXh;io=TZjF
z3*>O^opa=e^cwL#Un4q?LW+h<rsR>6eHzkXG@BFYpRlA<DTj!kck?SmeuyY5!*49T
zMPWZc>OPjWdoI((8GJld7=|g$QxqWPWWeREo8j=5IoU~R(K$gw=uMZJDv|WSV(G41
zbM&~-tL1_ZNdT9+eNcXGvJW_%AW{@jDjL*i2crpJkl#aw9$>9qu@cfV@}khg0Tw6J
zEy0rsYM#)fS^q?Hhvlf&r94JaAednf23Mv#V?!F}SNDVW=ilEBua+oyVas?^v+(}1
zweBxn>yL-@R(n;16Fu?`iKMlQo3s?@8q&CqLxyMQ6y0MFogyY#Q$r&E@AgLQ$nRhf
zjG%YdptwgC^L&k)*jso`k=NvYteS>=E|?ejRC&$7qVyCFVPi+4uqN8mJG8K93YH;r
zt%Ttc4~V8D{{fjdwHid5jn>SehiTj<nOt)z&+3+gYOT9M82RYTw!F*7B6G|!f<0!_
zfR=(b^V{sTu<Bn%K1#C;uRJFn_Dd)B<*NQICZJk^#sem35<^npIb{<tM}%U^P{@8n
zXbyv-R<iM^#S{^7i?eXpjg4PJK|&s3KL})?;S_mySzYckX@PXRib=1RYftX}Sj>|R
z)_a9S^(-y$fu4zWUlBCMT(Yi6#aGIB-~+uz0fH2rJ$i`J^DE~qrTjwX^-r$OEz%8W
zb~jw^$VVZ*ElDO=#xEw`DtQDa-m>*#IJ=IPGXe-jbm$>o^>;X6Mcd!<`Hg5i3K2U$
z-4NkTG+BC$oDKUYKAbZ|L<XIoFg&?B-x#O4k7`{JT{-T`&J-?9l*DXQyTG7dW4vkx
zg<3u`W}q>@;?#5Ya(wU{=@>-ng0n}hiK>@}pe78N`nWC_nf%ou2^#m)C|B+jXDw34
zQO@>rI`vuV;GKa@a#cKG+wNfyH&0Q~WRV!fnk|>~*Q^?_%Gk+Y{d^dp0{gB&x&GYL
za}c#wQuE82sWxhSRXqeXI^L|iubCoN^s_b6^*rB6T+T@<IY!BOTl)}cm{4e$Q@B9_
zp(PR`HBA__1ao|rJT&DSyu7{!b(K<Tl<23yz`8r<gl4inw{fg;=Hfy}UOR6oPn!11
zUsfgzUipi?-dFzer{gazN6A{+s1?1XMv$WO)1^EGJn1B%Z2R^|^Lmu>E=QnB)8dLN
ze-_xU)!=ZSap~ARkAPc^zKVNcBYnNCBFl_8YI0<iSV2uGNDiZrK^$7*Jys-KOh>UQ
z#UCOntg_aG6RQ$0$z`z~(rcvZ%z#nfyG(I6ZG2ya%h^%}m2x>}s-Q+@$&&Oy_WcJO
zdl1++JSd!`1%bIN4N#-Ll&1b^M9H4+r>VWync`=YcJct<BNujD>3SMN9K;0OP6?vZ
zC@8h>*FuGvuZA(R+9*VgB!+QBW^m=bG+)NoWu<PW0f&YQ&?;PL1|P3gRM8b8Dea|*
zl>pY3&PENO+6|6rDIjfK3f60B-NNNKq2;3Qe11Y^5xFAK*x_JSB?Ma>ZEB5re&oRu
z%d1r|oEwl^=OmgTHbrrxu)U@IrwW>;@=S&GT<a=wYdkO1;d-xP6+r*htJ^}e6ySZS
zp4SC+cZ+ABL_`zsoF<!kSb5dp?Jq+4NYFfh9-6s9tBj8u=$A^BS~85crdG1HHMxQP
zxRzeCshYA%Nm*_Lt*cP1G=5g-6Gi0z2TPD%Nu96y#L80UiB}3u{nxo(IK%a86^?@7
zW6Z81w~SuyQ@*@-Sb=C=LqVE#kjuQ>9M7+}S)JTrb;=vw(3Ugy4x#xF&My&rk3;{)
z2}KR+Nkgl#jQq~ixa+ISuoQj3Vf^@U?gTxnT9N^}ck=tCB)YHl{zDlgES~?h8FLey
z<9bRAHzuEh;W-(dW${)Dv(+AyHCR}YeHGSe=I@^?r=Zen+ky304rfz=@mI+T){$Z7
z#U`S0u%!(u!XC%t%XoH6V#<*JLo}x!4y2y`Ohi;KwVRwY&%=g9TRGy@j{U<t7~h5>
zz!_Pr5_%$|9VOnY4fUf`z9Y!7cN(3_7Q}_p=7Z(dTC*w4CO+NB-04WO4RHE$F1<$n
zOX;SNtaRRvY$(}t1qG_c{39ZFK?Lhz2W`Ab1>XXTdD=FK84^W4RavXm{a~58v+f4V
zP;j~zEJN%(#B6PSbND7KPih4!<A``mBQ{JVmPs}au42)j1oKs}QBUUlV!<LWS`Hc!
zsmRvoaj^zEOLF%bd53D9&}#f`nRZq@o!2kKO(V)K5qpS8KH&UGY*b-Xgu|<<9DrKR
zz17B*{2}|4m+`Muh|8;I7GWN7rA9+m8o9y^VMAAf$sKxrkzo=<BRis}?dz!%n4$Ez
zu==^#hcPLFC(|1b2I&0C%K?o&(@1eX_8lhZA&b=djIGHJ=rgq>9_5e-Hw2vNlW2Z+
zk3x1f!^{%r{}iW5i2=W%qadVJIW~$%Qkel`dEJ~%(X>WQUtTTcJ_K#416JbXtI29M
z5dKnk*hL6u*m_!3Vqx2|G}J9^P`H3|2S`<+^UGuc@}iKH`!c*pFb09^?jwl~(iDoJ
z!gT;tEa2j=lHk@Dqrks_)CSP>;+h&D2f$iM<@KCCs%yvL*EO*Yfw-jNnj=;E{w0Ou
zyBLeOa11pMtHZy_lN{DP=bpziu=a^q$1KCQ;01hq552p%a907P_mvWIH~2SnF<O}#
z<?`NAN1{L={D7^|3!r)<FXQpxqj2%GHEzPkwCeQOKsPE*ffwzx5D1h-l~r&VU7Ylm
zZKQ^?<{PL}5|m$~Y7JLmm{gfftVLVCf&#_H&d#<x1}jl@<u}L^-E>y)wVn%dK0nS;
zcwt?kpz-Cm`V!qBP|wO<D&q7i!VT)3NYatb9bf~R4)kjTgN105?e|MGD)X6Mo>9C;
zMdUwujf!}UibzYBUs&tke#?jcFB27E*^(@v1!oE?%_mClY+d}%f=cqzbDm==@+}D~
z>gH;B&8(g&x{l214$?FG+E3osJijXTLZPXpYO0d<g6iP_P55P5H8s?dNj*Y*S*n(p
zqRQO_nhl+c&sQ$ZGT^Wm0~y+Kl&q!Jm?K2&F*|jVf1j=;L$^HmE$}v=`qs8u=Ls4k
zaz4M`U&{1HkPp2^roVNWm#2)`l;4#H^b|qgZ2_runhJgE^KpJ3g{7>2O|`FYZ(Br~
zm;`^1QFRjHMsiY25jhXX(F?IQ+`;i3TuR3=$8MO#jrU?Dc0z0^21_weR)AhDM~1FL
zLbZ7f2(F;sUHIuO`pr;Xn^z!8G(~q^t{PFQDatEYMp+<#HF4*wjpLxMK-IMVCWiT%
zXtR};`6fuPp!wi`JqG%hBK+o#opKF%BT_zwfj!?VDAnGs6>@N00;2<=6O@Zgr5<;-
z8cIMlH&fLHYnc>1y1{cP!JZSEH}BbMLH`7G#>I&O3hMAl+o+Tvf`Za53QD#qaBo#m
z+rm<c6bhE@Zz*c%(p2pTqDzx2LlXtha1oJy8$U#=1JFuJRceYlluF<xL7lBs19q~q
zO<?UKT?$9J47F2CNi6VI-pBsLst|k@ZoCfkhBEH6PGkpL^Kp3cbu@n6%hP#DYf7jb
z_Y~Awm}B}qiDK7P?x|1p`J6=KrPMW6hqyu;nw%hiasjFe{S`DlO`O=S;Oi7u9Y)|%
z*Qq*P1=SbCLMuxRKrS<BrRA@tb9xDfEpe>^b=3|o`lT*WVAav7>mCIvk0DTT6p8nx
zJ}Gw9h^yt*Zd1?LX3Nu;ppPMF9$*iy9&X^mv0S1>j4YmAuj5A61dVk&<tUq=&LL2N
zwpoXU_{JwuX;9A7*a+6)8}`z*rZ)9J9G<KyRJzDsM&Wf7t#GGz5&lHo&RtI|m{BKm
zY32Um7kY<cpk_~OiWynx1>EduMA-XyJVxY{KpZ|h_e|UK0fiUvaXl?@Oip=In!tF1
z#;4wrewbc>-A>bg5ueF*xCm~PUB7V0)(u}`UL9wjr6tekIJ?qv5w10Bfvk9;7bQ1%
zGbmpbO-!2Fd*NnI5cG#pNEtuRH)*Ra1z84l4znt-<vK*fH?`FEpxza}T+0pIf{p%d
z{2KqV1j?49WG%lsdWYwq!n-hf2#4Z+bAIZIz+PttRvLMCh*{#*or7hTE^@<iSHPIr
zTsNylJw(_A4B-Tkb4p`Gu8~cTUpm&7=4a^t1Ox12w$N$&)_Tj?h=C5VX;ewFiA{n^
z$H*6QA6u7KkW&P$wd~ev^Qj{aE=jps1l$B-M?H~m12wxvycf;nW88>cmUvD-lfU2y
zdUq(aZpum<oZCAOY;bv2c<XJx>L;w#<+cXuN{^-PYhcyOQ-v!Vs3(<H8J3n3NgXY&
zba4Z#j!C7v+sZY#UEfwFUF8M`>R*XBdM7AL!kv6nXMe0sVYJcimSzR~Q})+wHeH%%
zwZX9->9xwlBS_IFvNGWAx<u<S5g4ei;y{C{U&R4k_Ej7xmVFfmWDS4a^I{`LG+d1S
zZ%PBylLtWUIR+)JDb;47uL86pcU)p?Qaw=TwA>IVo>$_Y3zk+!Z9v&MjcASY+P?TV
zpXu28e4|iW>qqo+8#Y&!OxC)GUZaX$ql#XmimDsG?&Z0rsG@a;g{;r@`epeluN*k_
z#ICb{4iDE2Nm+k($5{qL9|lpl)R=GLlqr#A>be|KsjaDVll>a6BCkHTe-fYD^{$Fn
z|GZcKyjTCcR=z~?we?H&b_@F`WSA{Zf*|t5F1m;^+HGt9@}-AU7*3E8W>K3!PTTLy
zJZaVH*K+rBXzUyKB^GDa?w07(wAX5<Q;S~Dsj;9TuT{*Y{dS8m4VM?6->WzX<nd-s
zYQt>jN)O4eC!DWkBzO0!L1P#P4LY}7C@ULox%O>f0TrsW=6zm&y)PoOdMNVQ|G=0#
zU2`dc*DU3(wl%#PO(8-42Z5=C$TNUHtF8XweX3r(B4~^s3q$D8qC2(cmf<fyz6&Gy
zSEZ2o`{&B(&B?ds>;@6^M=*e)he%G=C~b&I<25zDg<!3{Wmhznd-O`t5PgWC|6Wbp
zrP2<S=^Yyc_&O9N<pI8H^bkgm43Q89w*-#I*mJr|G@4x;3Y{vtbZgR<7^<aWp`Dhu
zMxzuM3qUBt*VChA;>^vaoL@a(JJ!MlUdk$Q+;Yo1)0`W%a$lEUAVSQpEv_#Wg(!nT
za2XAwFk}RJcjt4)#XNc)2X-<U4wTTDUqJfn$t0^jblx@^i@(iAVh(3@TH)aU$1}d1
zq~hngc-qxEV`odA&Ae5xXy~qtu^Y+^(xUZOk$--56-BG_ER_z0(>lMpA6!6scY}W`
zUFNk+Z#lYGkv}{?y>{dtE^+oKb@Xtk<Epi_MQvDKYv#NnSeT3y=GMe9vjexkp$XZ4
zoe)=5F4^bg>ih$qVfH>IlvPa0rca`LoBn=vv!2$3@oZGtm`xvP^ZUU|I8N>dmyqFm
zbRESEhZDYCYO8Itu9?r*h5e<waCb=S^gv}{F?jq^%Bhsheq%C?#^mmh4u!pwANykO
z)am7j@A>8RjFvraS2X_W)a|WYOVd$Os=~rm@0r%}-62)U-g1EGRf|}a%3U3b!>Y??
z^lX^{{W(h-q4_DA6U49nMNg`7!8u!4M07PM9FLGpxtc?GC?AS=BsJLAX>#Hp5DeJ#
zxA!>oPkf)$B^C595uQv>G4-PRY&Nj<t&R+H7!yRN1<RSUq0N_9(1&3d#i1ORTAXjQ
z>pkcz_tDL^DYx3m*lkZ)b%YPZ>Z`rVUE!V1zK<aeVuEg`e62)*a}Ww_GGn4F0l_Pw
z&}<|O-AtX1LC-_lg=3iuXK>I=n>mRHX4BcKYMT;NfhJ_;E-mVkUL-9?RcjJngUExy
zHS#e*9xEQ6<x4)A+$<<VvkwupdI(rc&EO<J_jOf2vjPzLGcmZFX0Y_Y31KZMZ3gEz
z3^IBaGE!XI^%#Jrac+kyUlTJ7Asg&J?hn3)3_ZXXAYO%$kIt`7E?!1U^1_;vGdeJ8
zn!5nxO(%KAVHek7%%Uq2F|pMNyM|#QG`HT_JHnx_2$eAT8omWmq8m<;S1|G~N99AA
zAz?#a4~^H0C3eWUW-4NZ*0sTnRyDjE@S-@ZcQ18-3DvT6y3K>NijSg*QAXhWJ6v#i
ztR<GL<P2lS8F0u1b*%1HI0EY-y+*1w9Dq{6&KdXLNE|DP?|&kbVrjg7qrQ~J<u{^a
zkH2q3qAbpSlMW9hv6rRGsYcA@x(%b|J*_OZvMvRyQ(4`@<%zV)uUPZ>37JLYibUfg
z^Q<avHqvHqskF8{Csy8^Aj%4vHcCfp9#MAV5j<a+cg+b}lF*8ME{~6_by~XMElP)u
zpkHHTkFl?g3Yy1DFE9(IpP|_***~9g$(9Fxmb=oGC#R{CqRus9&km1Joa0x@o1koc
zzCIX=)izdv!Qy)ypvhVQem~$ae*8Fh`Y%>(o&en=SEjk8SlHKk=28X;E5wKYxzAj8
z(Bm3h;wwV}T|QnlyIvds`;#>~otFkvmM#^?u2}cnwsK#WYF{kF-&loGzCHYtkl~XO
zDCf%9Q|a*FpT>N6ZX`%M4kzc6FiIYuJt8kI!>!+(6i^d9O#4okp!Y0GSbSX_{Id#q
zQ36LD=@PmF=Vd7XbH(Z%-{#MqvM>3<B}Q24Edwa1TW3Xm4eBbTlthRBSQ=%Yt8|qd
zh)xK)7cEV#bmFb3&h;Ukjv`2kR_{_x#u`IR))Z$b*wLy|iy-n74C3ZTTaHrb2*Cmy
zRG6-`j{J}=AEUimfU7@`aLB$NHnzRymF*{_kmz_-{r&ol4L?Lwr0Ch8x#8=uWRwIZ
z*K=G_APcK498Kj11PL1<$n3d7>(Odzn}Goy!4dR=DE6zZ0Co5de4uM0^jl17SSIR_
znxGI7?5&5`t0BrpiN@nGF3T$WS1@O-#t8nx2C)i&(I>%)sKioQVt2bSm6qE06@a17
z(7;uf&L%CPwW!QVlu!Oweqc(^uT{C!x)$yH=|Mo&VpW`zXolDn#f@%#&pT=bLxG6z
zxG4Cw*69kUzQlq$iV&N*U=tXa*nX}Rh&C~6{1S~mIPT0#(_BB2`3y0Fy=x>W<FIhQ
z%M)J$so9y7x*m))c`0pcRkU@3N+^P6(Y=6bxV51_*1OL+;Gf-Wp_ZRSt>!!NqU*K1
z!d0N2w*lkBr|!cy46-6`uGtn=IS*^iIedrb!|PLlQn0KK^Q+a)Qdf!Qq%P{}3d)%{
zoQWLG{#E4v12S(~fCMiU74(5+kEjBTPkVxdHT#J#mCIX4s~~1;px-^-#KfKPtNcjW
zbmoLLBz}0Y`4L{CVS7Gf@n*wrn>EL!bf_xj4vBCSaNjZAhW%16+po^2VJ<X{!}HVY
z3(kfeD8xoQd+s#1#J6YI{?C@$&LrmO427%->T&)yUlqUg)Rrd8y|YBPY&J^-jRQQH
zt`xmf<$Ch!cJe21JGncg?N^7BrR#ciII)rciX2W}!~b5x|Nbmi*RR}O`fBZbwRV;?
z@zvUC7G8(7b3Flp(8o4_Bv7?>`Q-t_;1mULu`az_8E#SyYAem?N-F;~sO%XcGaL$5
zWMuehj3JfL>yCf*LwZHf5PH+4mdC3q-BQ=r8~|gq^&SS8w|01W)xb8?$`Pv2W4KvV
zx$ej2QQ*enPO=q=6s8x#$h(0BTfW!|x2ETyu)d|d%FSwKpMm=J!kWlQ%~Wt1eqG}3
z@wLS&l(=&=x;&J)a5SQ`o-`PBTs4-E8m%gja?!QiC1cGX=e1OT!nr}Aua;`2YHFpN
zYOpOS6V=dRR%mn8M^!pq`Kwf{Hc?`hsS@o;E<w3suu7X&L12qPGC{1&St?i0GNJv}
zM4g3awbAiwC2u7$Wy9-JdiLl@2e57hL?c;*jG$Lbn6M?TT9-iNyl#E{c(nTd^!GSo
zu%6f^;$@p0zEeo7$7PkhYHm;659;i)=TwfbB7-fHAm%SIzDup@+Fl0A`7cSZV=ZV!
zY$P(fLK71?_1OIR{Wsjo5BJu0LmE|Ko&}4W1@&0)@g9)}f|(r?>B%$C*pB;`LT$6>
zzGUP1^j*p8*O_>w_DbzfL2bi)gr7n3+`M59Ki5}gvN39#o!nUzhio_@Q2{{=yv}Qm
z+L~vgxrCfGGTO2D>Rm!g@%Kt4Js0j?GmnZF=z*(L&nKRj_Yhj+MR|={Y8bOf?B132
z)X$j`e5FmGl3vabou14wpTK6}E3dP$q1o^dVG~q{5__EsJCXIz1q$z@MrQ8U;a}(Q
zPvg-jK(D(X^YPP9gC*Ar_$$xAx(wS-Ka)#kRsR#u<kQc9E%XVzPQg=70YL$LJ=E35
zPe1%IejR)H@e_@GEBAGs>-%N&UM42JMsyy9w7$tMKxlq4W{8~Uva^*M2WjNpA@<?@
z3$XUdJOF<_2L^iY-3VK+NWhp+epoR*i_n{rD8#>^9}nqe<TpsfO@%o#i?{epb6eL3
z-9F?Am7tzh3pU|%{F1Y(I*`-&2?p55Y;hV}Qz4fxC>zl`YjEf$^&jwk9Qw_m2-YQ$
zFVop|F!dabn4%lxkwUOljSj6e^i)(z-&=E1JA2S@4_ZSmEEW>0Wh6K6rH(u0;T08@
zia*@Ln*94`XU7dYMbhs$3{jBJ*;~$NWDydv$cuuyC$KX{!^x@2;CD*5-70Z;&l=ul
zF`TSvdB^h!fj$~WvpHl~_yE~bn^z-{w9H;>>h}!Qa)|P<U%2Bt`?tNq@tY|tk?EJI
zcb4&8ZBUFl!O&Nm#s`SmcM<t99-%7|J=V`o|A2zv$1r*b&m~fNc50ql?rEtnw*D9O
zrf9|`lC3FY^W&YJUuYDz<<m|?CObZXW7h5-?8s+t#F8vf{o`-1zg2%Kj}Ak#c>o!r
zJC`4C&u%*Gk*%+eZnxXr9}L8QyWMX7zx~1P?%#TYgKmGff6yQ7{;k^^^!9iE2D<BO
zg8LWqJJ#R2E7z6p+*k7Z{r5J&WAGM+K6u*^`BP{o(F=AID|iRqh7n6YfD;t5cloDU
z#7RoMdk6lI%;BF=45siN0UCQAqI4Vw!2%E%0yae;sSkMkCfE^0E~5u9gLk|LL4ZZ_
zo%lYCXCp*FGzQmaC#U}e^T?+FQ}K?%83K^zz9VrM;&1}wau)?;Ew@t?n$=8E@=ekx
zAI*bkF+(BamB4^TU<Sz@@>TV{ot`9iJ_ZZjQ5XVDX^beC2MAIG2pS{8`@!oNUS5Hp
zWK1ZILO_ux{)^>!sB;@kV(g<%i_Z}XC@M~rv`HDWlzSnxi|KUe+0c`o`#Q!cr9V=c
z#y)pAqzncD^1<)F1BO|EKxa6Ggmo_Y4E*s2c))B5eh{R=HE#&uZC4LIop+L^h`w#2
zLZgb%=QWrkX&=M#1>2|%H73p+amzc(VCcgj3Q=(mS88BN*qo32Tr63IA|yw=_0K3K
zfFQXC?h&D4ol{;|75hm&<Rx3*MFhZb0md<5Q$)ZN1@moik11w=3k&pkXUC5`suI9;
zaI}NMo%`Q^2X85w-6N8t`mS>Ue~AbuUiJ+R#Wy<>#25}Iyw=upv*suH70&<9=#in2
z4-4(Ed9aQ;0D(Y$zpBpvgM+=?`M<Z{@4ue^Px1Tx_nm)h<>nlCQOF<;DbULTjDpC!
z<A*9_01^cFg*o(*&(AX$1knSSL+=hw5TPv=fm!6^@d88y2+F=V)qFIDalp@bNEjHQ
zDZIxKp`F&h?QljRT5`_m@}m%PR)c19wn(e+qlb_(g5XTiNa_^d_&yN8T`kpo^<1*k
zwm1p}_lsi2*%}uI(x%D=Cg=PNhIou9Yx$TUj|B_WO3vAQG{zy)4k40oC#|z18nKle
zH;NC6?ww?ZD${ImF9FB+LrJruO7(ri`c!|X(L;7*Za>^`w(LdW7*Aq?{7$QNk`x6q
zK6o%>QV@gT1c3)GI;mp%^o$6Xo9_7##+27MCef_rV+uzBAMo1`Hyv<0#T3jC45gHo
zEV2+GpQh8TfXi?=*#=zB{3WKW1%3J8VT!#eulZrhCl4EI6;tuKTs)(NUU%Cdz;{x@
zi$X+Oa1`C68q+$)lMV}LGQfB&<e1!P%>tT;5LO|Ke;~aXO;LjdRMym%@7f+BtUbm7
zItDxUkn99_v}3kthXr&;(eVf?61YQ)y5;ZCLiebu$ukzvY<s-`qmZ>dC~Bi+)u{)%
zhfp-!CYAm1hgvGh$1I@7fRPv#zE75U`OF2FG8CRD)LPJ1#jX97-~JF$2LAZtSd2{Q
z1+iaBS}0LLC!yS|VX}0MR`CyO_g&ddJ2Lt`tz$ywo=L%a{&U%fv#~WD{*~u{uXnK9
z&7c3>y}|4G{}exQOo$8+NFA!7xIl+~BCJEodAZM7skk1CuLMemg?lQoTzr%+>^Z?9
z8-uNHX!{$wmANnEE&=}y6x;^b`u8oc^?3{YH{buE2ljWxKk@8FB+LU_ZTp#b%>@$z
z_+<qM$W7TJeh`5PzDFUr7rSg5pw8sD_2tW#miX+r1we`~c?^Dy;euZ;)DDsVX#v3C
z<QUxdI=ybE*8(6xfmD170AKwHN1l(ylc}hJ@x$^<!cX+=ML>ck`(FI{rS*V=01(7t
z5`zDqz4w2P+eQ+__h<hVDBAZd<zrG`qR3wD`Rd8Coaot-b&|4sSNHBY7!oss6^CE|
zP|_sM|Nbd701_ZU4o9+`?5(G2Hx>aj8bG7b-RN%o6hz~|^#8wYA3yc3gz3Vr#1oAj
zI(UgTk{WmPv6jxJI2UA7O*P>K=1a6;7w><=(&_e_C~9D;^TTEt4J>&SC<S)kt$Oe;
z0_r#GfD(ykHP$YZZU5V@K1`buK9DF$s$?B6GnNujYDtt+NmHDkyA>Y&C=4~USIdJF
zp$)~E(G&Eq-uHh){~84QZ<~*9=Y*4kN8g~IycRzlD3N6VW0K6!PaPv$C*Rjk3UaXT
zpALqH{7iQdiKUQa5gVuf*w&4HdW5vl20O=Kn`r^CH5OI)Q$h2e6bpHT8oag8a}?_S
zrP?^q05v&Ek*La&aY-^nWj~{7tw~MhoG~DBT4dx7C1|@T@+a4+v(wZGPLo@A*QNdz
zNHCuSx@sAq)OZ2U5mVHMQQY(uuCQ{$d`}8RPy{6TqeC=h9O=N&M`uiu19X_*;w7wj
zOU}juO_`F^#X)Und-6d~lD~0MoCqST(#lDXuI8$_ptAzBEy>VNPd)(c*lhP`LQ<^y
zyd_9TW=yj)gKUP5P7o~+MzfqvaE^XT*<!(pqr;ybscEhM)Se5lJJ1d0R86o*9`&DF
zHKz5%(kZADi3Mrq+|D{y12)XC{wnHjp;QBpQ{1YSa-dPW{z~3f(lO!EuXjzBfqLp|
z>|1n!q!d(WQkzsQrZ3T?qIq^y3CR{ms+*>=3&}UgsxM$Q%o)3`N)+AfL?|*oAt<@f
zwmmq_;n{R=_>NiE9kSU*8I~ADS|f-$b<MEbb+5^?TX*E>!Uku6aATa6;Ajl3N!yzV
zeMGd7n+|Ljml;vC66vjkjt(QIhZZ(P<{IYh_Vl-uAQEk;|4UG0DKS!AZ8m>5#2$HT
z&@hR9HUKVoii9#dI#8nv^b6rk^ZjR5Cb3nX866wW0aY)gO=D4ee_3Yqq+qvdOzJ-k
z6D^1?*nt24h%zk6sWw(@NOlP~=qS+!a8Q<7(qBgqH1{i{8Pb%JJgbLcb8=?RfVPDm
zP085}&72}Ia;VV;#%KX`2C4+3de9&2kUyeDCFJYy@VcY3lG3&q9PJS+ZWPU9w7?}8
zQIMhw91Bun%`>$Z!U4J_%bl07q&v^9$#Pf!d$&8V1um})YR=ILV$Z=#1pl>PIhcf=
zTt7okZh%*{>c2#|EEU4~&y7ard#NP8C)eo7&1OKpLw{$qK+&_vGz=2&F&vx-e5$de
zspV8`imqRXORWuqUJqITXfZ~{p~aM;BT&gtafvpR0D`kcJi$uBF|`C@MZVnZPLL1X
zKQ!RJhx}Y~k`^Z50Um9l4UenVm_#~Xdt6qNoTgD7i3tct-c8;UZBbCmu2|Q@;i-xm
zrUE!4(&@sm;igLDH`RkA+_v0sp?!q;|4+QgH){k$WH!Vb%C#awXLVtueZb)#en%Cj
zFj`UORBAsGaj>-&IVfx<A9jq&=r*-Y4kCcEnS9trAJNYhlcZTc_k?gQGp$AJw(HrQ
zqbL+?JfDq1wHfFuh5jQ_=+1p86v$~bg@zPoh&WCh+rHHzwH~M`ka<1}p08n-90B5M
zOct!TB=XoenstS3Gno82IJ~*z1p7p58tBw`qFmD=I}s?N1)Rx^WyKqb?+6jB(m&61
ziu5HijFb};{oBi(WM@A@8+LXg{kH`inwd>syjBV@8Wg~tVYj5l@S={j|8?xYMppq3
zpDjb=oaH20;>A4;!Yl57zuWuvxo`j7-TroO|EvA?OZ);iTCntbLk&2D*&;r{X`*A$
zED3IX^XM%hC7RNlC@ozqi&SfnhPY~Q9Rhpw%@)XYxTMA+e1M<_T**1(^cN7Y6_ZOS
z+q&6#q;~uPI?`Y+SWX@-h{Wm$ICzA>@_T@4(`~KE)<bOq`t)XUJ~T!R$<%>>67&%j
zN*OIA+Ux8+q)p<c87|Aje{ZM6T*ho#W5cVQh=WHl!X<@F`p_~)g?>hw7Be$SFiV@n
zm|hil@R1Vn2%#IoC#G;lB>Y!N%kYm|EYo?npUl2V+S`rwp%yt!@7qfh1<<#K0s()T
z%PRdx$ui-0uA8uIBnJIAv^}@88E5734JqXDf=cP%&W;)m+;+E+)B8b>s7A|S($0;m
zp*S1LHo9Awk}UzRjk}#cMpw*|u{N4rzYtJclfE`cJQc|9lTlday9#7g=rrhJaFSBS
zcxEEodWj2cM*Xv9S69c6_zRtpoJj9NxPt;NspHbpheHaMBKr|U6bf74N2^6)FvW8!
zd^5PQ0VpNj?n}k`8pf&Hz|~GcwBwABcnRRDLed=F5~N)(5O}DtThQWf7|l>LBQip?
z5Husc$Lup8bvY*mKoWCS<r$g~q~G<=5X}hAb8v;!(`r_h{0z!L<XO7>n5)sWXqt65
z=+GL~4t#-yfufw@Y=U!Kq=eJ5WGoj>>10-xgm7BS96sn2DvH-aeX9UxH-t+nG$nT-
zb{m;P>Xv2%gv7xbUFK{nkr^jK%&;W4co{19SYGQ}Ub9GB5JZI5fgavOra0$ByD|kj
z?nl}3UH9+6=xN3w+o0E}$1wu1OO`dO+P~e_r<>p$geEs|su&hD*eP&WCkPqMFrVNV
zK`F~~<H*gXNL1;(L2wkZ4kCu}tv`Bqpbk94H0{P*A8v>gLg!D1cRyeV4fvsD3{zUS
zt<MyKsCSOR-&;KY?7z|a--H&K5=!r(2CmTmcDCF8zq>p8&%eh1e39RS^}kk%P3xC$
zG{PP&@&4-FD@}&~Fj^kV$px9J>Xr)*jQ9~kU46DSK2bsRBdCtL@};)|b^Tv|UA0Ew
z7v&iUYt>9Q?_TZR&&c%k_lNxr^ZyJiwSve8SpQb=|DB!v{oS_z=kw>^J^#x8zr^p}
z{NFktZ+(N%Yxi0}Xy!Y?>Gdt<nLw#)_(sOSr+pE1ySIdtuSv;CiY3V)*%A0!fmJ+q
zI%@Z$6z`qn1-ivb*@h=_^Q8&nAeq}$*lPd6H`>2gWwUp@t%gv4X{_}DPYZK*1-BX(
z&AW1NQIs;A6OlHDX0T=iu%qU#{E5C(xl}O7&uF7|zUsMaNjBm6Fyj;YD2`+AIL2iu
znv=I~K6K!YIW@lIv3&hP#JDUS496VR;acucHB)qNg6fs>$Uwi~XD@4fc=l4$9LWb}
zE!s|87Vzx4F<in`ZFh3@t*Lh1jL>HL+KA>TI?>l*b#M>N@c}x~k({)c8LJ>-1^WK&
zv0kR9gNQ#hGp?FEbuf6^Py+%7K4D?kq=Y1M4OEk*>N7#d6aqd?c&URCMj4$>30F(s
z44XAoHM(&uh(w{4cnMqPX%xIZ^ZpbiNfiwV^Sr*Mr-jlA-#G*pCb6}sVja2&T=;n#
z$xpJQEBW7o+X=3nhj*0~3(Pz?EC6;(d%yM&ar3}%L(Bf@QkVO0#RkLCo!V*_GcFHM
z<OsV?d8vbDqMo)Q<+yB5b%#6x3)^{j%&q$vkpglFKvn`(RUcH14}@MDQMYJ9nXRL!
ztr|nl15qu2vs%usou|-~<jO2h@(K%bj^!Lh9S|V7MVqkVVvcve+ZWZsm-<%?+g+>H
z`(sJ-W<{W3>&X4ro#fl?WIJ-azp~_CGWb#lW;>6SC2y+<F$YsSo_n1Jv|xPGUn0eZ
za9N_mvOMGq#-9pB8*pJM8H%a`=C2@Gl%T6QF%A!Gs$HNP!goNXxKL~j;wvf15EdwB
z#mvM(UKi}v1TC75Aoy`<l113GRSrB_)Yv5rsn{^n1eYa-GP@$lgh<>vz1(x_z#G=R
zA?5@Zv4Jb3;tgTAtu2#+fmmt1>{KbC?R*ROKn2pL#v1Ua863QL7wa66F{|Ia8yI0=
z!;JgnG4PUQhize~sTz=gUJUk-dq-8@VYP;|6RsQ*paLsDd<w324vwDAZa4RsNh=Km
zJAt^W^D57^*R|7EyX0UE96G}@n$O!8qK?PQ*)8En&aqN{6hlQBE1pUlFa!645jL#j
zTr-=<`aXk4mIqqSD}io_W<(HsuH-UAWzw$v2j=LFhjmqemwZDCm;Q+rn400)Z<AIV
zUR}9$G(KqAn{)yeOpFFLrw(9rWrU#!!_etp6YV+6X}a{xhftQ3b>V<y<Y!#=nfqda
zi>#TI7;Q~xu{FVB?tF_=_m8+?KYS+Kwjb+%BXz8*bDLM>FDPS90YZQe`gZ#-&ex0;
z%{iOX8&ba!ec;q0cg^PS8G**6#i0CGr#}V6u0vpOHp5)IHEppG4C9RQms@gC)^Vl!
z^8%Osd=(N+9P-%^Uu`KB!v_^YZh~uf8s<`#-xKN2%$y176J~j{R|^tN#A>v&`#jlB
zwv(L*MF$5vQHbExuf%eGfVSoY=W_mwUj%xE)0eJf!|>gzkfV?spdYTT&V78PEPo(4
zb9S*^2fdf038!S*&MgYEX6N8TsGZ!~H}N|YnY3&A7<>7>`+<1Xd<Z5Vl!M8RQ)(=6
zuSt%VbuZto-f@PNFy13N80*@g>CHoP^oDB*F#2PCKkR;tV_32l*6rQ-m3~9?8`%Cs
z#OTq<{i$(q*Z6%5ZyQM$gjF&?(fus{D@lJPX$N7SP(Bk)w>r5mQ3r-biW^s!&=dCd
z#pQ>y_pgsXoE@GXKWa_c8_pK~JcAlyZp7W6dj)Z`(<+2U=Rg@sCrb*Jku$s?9b}G9
z-ktn-`T=k{JUzZVKRo&ZI9a=BQk%Z}5IcJJ<K@-y#p&_o4<C-+pS?NxzKxxeN6AWN
z%@d4U9k}1WKRrHucXE1iwR)J=*Xm8raBcYk%IShiku1o9@nx%4MsKKK`~W@OdD^S;
z`+;N*3Ds2d<E!I~v*WAd%MX{w7k@oDI{xs(`^(NCe3hmhZJCUOeE$AoG-R93X-x|b
zh{ngo&8L%$+xD}9CicF=sg=_yNtbCJI&})-wNB@l7POe1GBsj+E8?`EQHymkAup8>
z=+j2`)af~QKzmUdU7LZ%D2mhW$B(TqX41+WZ6t4KPDJuOkthOl>6Ug$P$+_&8k2%1
z(ATD?R_|{6V+!+VPA(-YA27_Vw4iZSm^DcpC3XzG)P9d{EzcR!n~+{A+SwjQMvep$
zxQ%IrL@bEpG!-EetvZ86_Yf#aW3qeXPM)!1oOh0H-IHo}*-2K`k~^4?4{2YTCo2xn
z)zNw1_6kf&fVVWYMh&ui6SZnsgDnOJ;@-FENXEWfH|sC385$v!#fAVz4YJeO$f1sC
z*FWGek$2}HBa>>D;A}w)4S(zmK$A7b-|1-V1PnJ^YX*i7kkxzJ&VWfJxDFAtfRCJk
zm8~8!{9bEp*Je5DN>gEDzt^eWy#6~Hlm8&Ue}r^Sgf<p_<F<m+V^ZGP4OQ%%eyL+&
z_tC;xwkDn~EaO;u2o7W;G2R=6F+v${AJ>Xv58u5TKI)xU)=r5Kct)&&`wh<X2~MxC
z*gG~8?~7y38L!*v<hpQG*>!HHJ(wyvCxxV`cH&)Bvch>HO3FL=<dL(%pn^8k#`>*6
zXAE$wsr8Cqe?=MPqk01datW}&55Su|r4ha_^5uc{OB=y7YM-)R2C4BDVZ=d&;Z<Q(
z7-+K9ZL&UM>$@U6Mn4u#iIW@JhT#F?XshHb-4aW&RS+i&hhkg~EXnje8C(n_3`)8)
zL+%`?mL5=N;D*sMA!Ah|7E2MkHP%P^n(%_;pB`@wcLnOLN@n@`&!R~=9rgsUv^FWH
z@dB59WTp_Dimgf6wqD(XyKA_dm3U^{<6co6F$dYmS2FwlB}*~f&Jt-Bt!z30SGb;T
z9_!aYr~;t#;6d=HhM|^tQclrSXV`|<MhYsMZXs2>4^22H7|2QrB?YL97Qj?%4C%ft
z%r<h`|0x-qM5U=;v7-QpFqQOg`;9s)edO{M?f-GJ8?{|c6#5s8$(HAjPINY99A#CR
zD`sjYK%fbkGH(8&#jHb(*0l=Y_p<CBGy>vEfZ$CRyedX<RuAIVHx6-VnqqtjxAx{i
z+j^@}p`ELN3T&Z0D#<y^j#yD>niO?D^*c3PROU-fILvrC8!zkDiZO0pJn2ozvZ~+B
zZcXbB*s&TQ-C19QHTn#3A+sn2k;TXZFI;uZzUU_nBGWi6s6r!KO?(9f$~$7k^fl$D
zw$gxtKxCQ?@nThOZ;wkX=L0j5)5(@oJ$T}K5_AX^A@W`{nt=0_D0Hh1;ILY)sA;0H
z%8taQYtCJJUTArW#m^vK53Lj};{_H!w_E{ytcXmv)>)m^*2%O^Q5Kr6g2tZr`6voj
zE#A<a1j%<DbQR-2Bg8ydG9d`Eu}Ow<hBIVjrv=NZoQMwYIi1AqGJi7F@^)+Vpl89}
zNk~Q;=PbSMfvY%*sg`)vf(DP2FF{%K0|vUqa#<1-(Nd5!3YtI+zk?dX#O;|g>JFe`
zvgqSE!=!XwO^D73*KTXkgJ^>e?S`@HhxPz!pUlcZp><ZS!6yw{n9RzDpf*0=P1^v}
zQ|!KHveHHr%X}pFbDjg~+Lu1#sNLag%&~Y&maQr%@}CL`?hJ$aJ%)R)VcKrxqDS1^
za!Y=#)3AECQcBWLwY4oH1YYfzqLr+<v!R09*&U3kWdG{kz^LuhmV#C(U`@AuZ60C?
zC3hv`GRc+&UeI&|u}^b$o3q&<>)Gn9v>tJHFBkvn7^EKP*W8(rg&%Iy)N7pxrd|#A
z_j5b_)ZV1Avr<Yoq)Na2btg%_`|U3%W9a{SD#w4J__8DOo5|VvunTGi`fv2V{ui2X
zg0IoXkH!&oXZtTcq>L5hFCKI=)!Af*+SA=^@F#GFJ1ODo6}%yZyjqq-cuJXSiy{=E
z-+qf@)%NADzZxLJTj$f7Pd|m0`<Zt}pc6Z{U+B(u)n<h;A2sGBub%C-r*4D9{y>Mc
zpz^5S0o~_pe<&W%Y#!$$yb91}$YxSkq>a`24~%MasTX>)B^g9<tV!VIufGnpbK?;E
z52<ko!2@|D(~|9b^SDk3GpJ~#(QC34T_nS>J|(vBc;pytGg2&vkqv_yhwK;)BZ}ke
z7b0#lLW2nZa!8{X?E0(ATo|VTm$|RLWUGD2#-3%v$MATy;vYai|Lk(X{Y0U*p=@Os
z>|=CcpFpaw`E;vYNT{sSEYw-oi;VDmNsAeJ+dQ46HhWUT`x}ABn+ib+Nw_^W^@Pot
zkWYo_0Q70yW0RxTKJA*c!~i$?_75No1R3qo_ZRPfJpXX<{(X4Qj<~9^pkAGveK<e7
z`e7JOL6ZqBLPjr-JUdkI#oPe{GLx?`kw#;B43Y0bVt7_8U!t5A*Ca#VGgNXm<9LB4
z6ukSXK(x4F*XBKFNLh=Er2{D=B~d7*OGUYrG!7&BNnSB`C=Z^Pwz2e72u0egKq=u$
z9(6%dAvqJyd-UBsp;k0ON37IOR~mFBQ-3+21YWo|X7ElQx+Qgj5lzD=EhsAUYDNnr
zm`0S`krb7RGYDZa2V0<+J8}Jqt8BX3UWv9U!9jPem29}#SE#qYx>1aFJI7`ZzJwNV
zZ@;ru2y-urV%@S`x+o-yp8RU5`Zuqe2t9Fjj@v0;gb^Eg;8+}bPMuD%dwVcoN;Mcg
zSZV$0GS*=B#azZ<A&)e%{(dfFqqT3H9AZlE`i*5hStR}dhh%4El%{|2rOuw<5&e*J
z^^ba({nH;|^(N_@7IjJZC|m2Ss$oSdj;Olg*JJAIF*P1f@0bFnehGy1zGmrv<O9pS
z8x8wgZj5uL-E?)+)3)~^ogyl&ix^Nl$r7b<g0o^t_>}R5c{mu0>l%>uT0|j_$@=Nv
zuy10>U-B_Le}`@vzcvn$L08PM4m&BQ@$~EQ+`bcgs;B-VnsHL1$Z@tsaB(y#rxE)2
z(X3D`fg;rZoSILE&gyk8>^=jp>|uJNx6f!Z+kKpv$9f}=zCCisQ?QIE(&{)%)CCj9
zq>vn!Z)i@s67DUgGM+LXs|K-Z@lU^dR?4DjkNBkD{*gpT6bm(0lie|Lvh&3CdL-Fa
zgf>>J*GG7nadXp|-A-a8lFk{5{)VYE(rLYvkOQnLk|gouDw|7br#F?-XT2+~M;K3O
zPU4L6@OJ8(wqPbzub)n0!#@B`hq$I%qqs?I=ulbM2CDCO4&S}|aCvojHR5ikcI13Z
zmVqlC-xt1Z=2yRKvK*XG{bQx(Wj*eZ2JctrZ+=I-73;nS?ti;DxjO!Ebanzs9zOi-
zhvTyk7srRM|MN=?0>snUI^D*%b5g{d;H;g@p=TUlui!r272H=X?;l9ZgUzqQnl2^o
zW+(bR6ugnKs6in$<ej{>G}_}&-*-*v-cowuh!9Jr%~1M@iIQb~$Nj@&tkwy-`N#B2
z`-1XqK#5Q~z#GQj+BYgpxK}~YhGdtLE3q>8*2N}@gyb}p(dNkNkacU*jm_#PBKqZc
z)$|V_wf(-D$oeX8Fw0GhJk`9V!*rAPG)Y)}j>lT;j!qFRP3TK8m9fA#1jQ09a4`ej
z1<VccF?#y{4mQ;3AD^6G9lm;Zd>Q|6a(49*KAm5@|BwHSj}FfcFaC4$>0j*or~Xf?
zIB!^0WT*=WF^)R0YSa*~^xM@>2atW*PH2P>xuX(ow?0p4Xb$%Op(ddp+lS494T2&w
zoGvwFZ}c7PMh|rCx;kBdlJ)#lLs@TKoL=v}Aihmt$~bD+DjeSW{XP#3(X|r<Ed`&%
zR?u)e^mu^x2Z9qjsnZ_Y*Ka^PIXXMhH*4nEW?Y~X*9jU4hHi<;v#wuk038d$2tl^d
z5)jqbcW&Ti9h9lN1EtJ%^#?esf}B6vve@do!o*GJ*7as8=$CU~`l=T7&CJ@m(rRVo
z(^~WfFG{;trCY3&TWLYJnmbc({|B~rc>jYi?rrB0K@+X|;{qo*fy{(<k`D7*ytJFV
z<dgv+<XDI^8+X^<?q013ZRAu)^u);z*8+kft!ZgXe99@fH@Lxz{@b5t_kJ2w{gi$Q
z%j7>fdd03uF$QYgz5(fw*!LW#<h(a|?qJOZpdy_!{h)d1UZ;*HC`6kX)}Op?0~Len
zk^i*abgE>2r;Yvc;Kx9`e$=X8nzzcDYVOxh+n;1P;q6yyoR7V|^(Q|aqiZ@j6HH8v
ze~G=(SGf}8@ccwkE8)QkxTFF~lj|EH87J`70(V1H6kQ$W6pMz9I`Mc0rW=wMK-zq2
zu^$71ma4Udl+aSR`YtVjDpf6qy(^@^Rr>(_7d(PiH#hOTiTXBxQN|XS7U;L%BJ|%w
z3o`sc^LuCYAEP&nBQeLI*L#T{(1gfaLbRY1>7vLFIfJ$DlcU_w1hOdQ@-^iL=-1zz
zzONWO0|?$;r0&l!XMwhmdEHaAKnKh}a}zx6Y0+&fl!;B^RmVdO!BzPIdTkxE-t!|6
zqJ3KbvdMBjN2(l{bnqmjg=DB?87edrc0vil)9vTV>7Vf0_|{IYvwDh$96DEC?yo^l
zpfgR%DRK;~y>{1ukp^7??l(*)@o#VJ$q3(8n1ofqD4+;2t{q@e+v~2^yKZ12T3&dq
zDd-#ex+~TlQJ7L&M(I(!p=F_7gEzn^`rS8a(a!VND_!>^I>O0z6`K8s`fR@+-(X^^
zag%Fu1l<$oQF(xdvH%TGZYU)XbgFYNHb#_`6=}seDP+FX!WM&fa24qjA&5X5B$*|S
zDQ2^USul~%0BXHih3vGwp*aa3RJDA&PU6!MX-@}N`;+8Ay&w1N=0SaoE{#;9hoG0t
zJXU<HYFlmy9@$D1N0TM0zzG~{7U^ux;iRhl(-IAdAAY{o=#w3leZiVTfuE!H@lX`#
zAW439Pq)?HN23PV>!_t@JNOdL!&a&<mmhE-POuiQRV~A%5hy>I;?m|rK!oYd09ZS%
zxRWsKs`3~WOe%4HPEZan*38f^gfp}txDeW5xTqEr!gW9fVyVPA;-ut6kV2Xp-Hd_b
zas6hc(}Q_a>6B&U0B!GWyXJ2y$)aVM0>7DX(n7nSFsrRne@3rg2tBJNYZ}ZaHm=N-
zARH~|Y%b9)F5o)65(HhnyBt_VFAL&e4n+O8J1G6-%w30`l!(9YY6QKIR%@N@$#>LS
z6v{O?CUs-U+22VjiDwZ1eP<_NLyrTCjXGN{m}s(hzT1O^Edmiht>mweCM`pA!pSov
zXpw5_CWVCC6Z=NC#;^li$4=QZvLuio*(?^xo*C62OLWVsJVQDV09(;rL03{H2oa(K
z97{xQ2wx(cWmJuE3nm-q33^BHjaoO=E99Zj#sjp#*F+$K)49PI2GaJEdu-E2R+261
z5VD$Bw9>0UYfA{i0%1@m(CwTF0t*94cNLEy%VhjoI<#8bs$w-NN#d07_5=?uZHMcj
zhV#i>B-f-pZp-;nwpg%2bB{Eqq>zEi4y3e$*Z?HI@~_=Q?*I|Ms){TR=GFJQPw`s4
z$DR7&OP|;?MY{-9g6M~y-RJJ~nnu>Zb&AUf{q|dUjr#z1Q}R7%h5Nd>Cd+OwYfo6$
zKTNZcTheTAcZVpw8+Jouc8x_zQaYt6L`tfE_>Q-a5hpXuvs~#<Y>IB@1T>|$f4x*7
zP8Hv$b-oJ3xI*Ds9p^}GOr{6Y-_a(3sXn${&@*+Oi)tds&z08JOi#}|fJz@=m16Th
zR}>TlTo`{h!^9rC`*W7!{0nY=-QOqJ`&~d^aO-zE|GM)BcmCM<TA_hCDXT-@`mF`w
zB-R6(Mqk$J-f8Po0(#~DP!D6~;K8YxM<r$+mj8z`H8=HEU(2;kZ>@~qtMh#itYE;h
z*8;!Nm><f_yecpA07gxd6$q^RE=|1h378dD@xY@pVe5Ffr`C%tV>;`+1T)eaAJ`C|
zF<0|Irsn?%x?T76G&Ni13Y*+fA!#wI4<*wzip*>n0YZrmBKm{}%<!>qu<KSBC4JcI
zd9T9fRT9362O|`Nb!38v@q>qCtRIoD{wrIsv+_TUJq!?vX}0Kj=3reA-5vSsuUp@s
zAC2W#Zx(cPh>VI$GBjB>MqxTt|6V$VFvJRizS-*MG%FDLl)Pu{vHQg0Kkc`gTE_Q$
zPX@L14LX@>x9>wV0bYlwD4t4p{%!sd-Jhz7MQbfv%Tpf@zr(?_^$mFBq6to~O>QV;
z`&6hxmX@aiO$aI6QT7et>j}5U3D^2KQdJrG3dOiLD8?yO;V!Ljq6Kl*nfvkgGiy9Q
zGW7V!@SUnH4Kr+8dewT|!0Ib5gl?U2;!9twXOCa`O7C&!pMUzoKl@M(S(G`JMA+0B
z`my~Ci}{3Mo(V&73tT2kyvWz;V|#mhdw*{a{=2=s-Tv?H_WpN&+Sz-)z5DI%^WD8~
z|FpfkyZznvpV0Pa8@2PRgv9($+Yj!mJ-C06U)wFdUT~KcsY*}4I}RM2->82j-{)+C
zBKX=zG+W;!e;2HXEDYo6thVwq4G?T3iZ2|zv_07VYB0c%4qhToX5`L91|Q}*iZ=dV
z^3B%fM)J+(|NXzv(UV96N70jCcYlL!<2ZiQN=koCi|ha$S$_A(=Au{Jrshel?msHl
zSEOkFTjR`rSxu+(4n?sMlxr_n-8wLzbqz-Xf0A5~oM1tcv$_<(<#<AJbDUkj5HT)G
zYyN|8xGceIMkoAEDBJQZgpGx=Td~Ak#%$_=v+hm-v;h;#wR(nT>%iEpAkbS8KBH(S
zGS2(@B6hgCm(1u<hcP$Kt|2hED3~-+3w62s5nwnU4jy@&eih7BOn)zkbEt!dLv{YJ
zG~K1<-+qJbVo23&XClq!`G_R@KSDpX^~X4*zWzSjZ}|M@EGO%q_wC<`^Z&b@=llNo
zzq9{*Z}02*|0R9_Yn;BU_OgSPoJ?~%o7eYso1wFnPjCtzx{T9bw1e*T3pjJ?Q}=@9
zByiw*UV`=M<)5j2M`btoZWL$l=cpb(br0gzXDLL)A3TZ?F6sB2RVB2HQ4~FDg+s@v
z7O2G|gl-6*nC~;V)QQ2*3jT46WjcT4^4~}IUbPhgnkK@($y+kxL<l9MahB(VcWkiT
z8s=KEUZh&N`{dMO`gSftTLiNvj-G(=k4ja|WUMBs-+`iLSdv@3JUl<?kdjmM<!H!s
zx{`)gBKOZqJYSG@AgbZW5C097eL3pUQ5)veT17&uQT$3npPhy#v(lUc=Q%FASB~xS
zFGowp)kJk2m#XiT1T_v<kEs4=%l>;yzh8f=^}h)%GFr?Ypa!nc|MvHux9z{%-)`@I
z)&IW4?|0DuUTK2*pR5M5oS5XzmURxy&Lf1J17c_{L^b(4Nu}Ygx{;rX=TY$DZ;d2B
zV<!8{AKRZy5!F<SJ`36Y&(}jg9a*<^_dgb8|AT16pOFRs6X?aCj+on%)ev(pDc_%v
z|CkK=LAv>8q~m`Y4gJ$mb8yQ32}$~sm<m24Y5x%o2A_@!`$zW&BE{cZdHV#vVg29C
z+XJtFSNVVKxBb6%p6~5_`&Iw{5<hUYvRRG}ULx`{+NhJ#>hF+V=#t1|%>W~m*f$wa
zY_`LL*m23(g2*|kIzDHPW13UR5alT=sASx26Lj=4+@YV5{!#4=pV{wAlq6LhnIQ9%
z^8<9IQ?zSG*(3Y?5kkVtCfh}<WZdd*8Xx1b57kwn$Bmt}RAp8{D>;)aW%&WRIy#3h
z67w06=g_`s^vH|<@>6vA`LqVHfGYRHr47C9C1s)j{21U?Z(aghJBZCMMa3N&bugoB
zOQakt8qnK3P+{b3_R13f$h7?>Y3sB5-;Fx|v6h?eD+a7M|97_cTK-?VJKH;7{lCA+
z?=ve?E7+M8*@G_FpG9~NCC2T`R_`3__wXA2bUwWSpd(Ozu>bH^hu?pK-zfgSFrxP7
z;s4+6f7j*z-+lG}{UX25p}no8v$f4*hSq2?OH#%O6G_SzTkV6x09sodUWr*KN@q-v
z&iFVRkB|2wqJg_SdMzIApK$%%{E-j2aace2oU_V;uLvx#Oy}>M6%OeJHMLxJ+XAuZ
zzvCf!gcMoHXkm2>txLGt1uZ1uH#i?j!M1w){&UU>#?645KwgvO$L(*8b>IZZloqpk
z9h^^NtRD}d0*&-V7l%&4Juqq6pE?>{KSyg;v8yQt*K!r?Prst8di)aWx(bKSzPj}v
zTK#VJdTe+4cq8QB+2malC~5y1xnt|b&iZ~SIlNE)OL44IV>~4A+x%9@f7|<e9sj?*
z=U?T&FY*h>f5C($!NOEWZ^Jb}Z=m&B$wMw}@{l7pdC0JRpeJ+4xU0N%5}Uv))vvL{
z5sEVSkIri{oL=O>Jd~_vdT<t7JnPG--vj$!U${Oz{Bx!K@7wKf+wq^@ef#|D{{Irc
zT32{v9tPWR)CO_~#Gn6-@#~!7tgGVnJ+`+QtkJx-r#1ktBnu`)UC~6HqAWwvoaBpW
zb2EfE_VUe|yf;dMS@va-t7uoX9iOH$P}DoRcAcK#_^bkWN$XQexZHdcTbGz8AJD<e
z&V!;UP6Uxv8KGpDO>2JF!)bLI@T0@aR;Ji7Jk~<fiIjYJ$q|8DqRIXqDN+qn54KhB
zEm<P3-dE$~r}_2r{|8Hb&2NzZ?|irS-QI4S|L=eIHU8s^{2cjj1Ky$ZSm<W+H!BIp
zj;6c$Nlu9oQ6>t*t#1%|ZLD!OP+9Ae6P#Y(Vx9?<vPFp{g_o|E=$ozDHRXx1;=L-T
zr?`Brlb&7DU&sZPlqr_Eoot6|i=QjPaR$kUB1mHxg(@E9EWJMGY_h82)j7PRKTzr9
z{O}aY&5Xq*V|lmQd$SgYC54GR%rba-HiD$>b0*}$pLf6A3u7y<(()AFsrujT?(M#K
z5w3MuEKRN5{oS3ty{494oD(IfQn@_E{2Kc9J%XN0Ii4*@A+I=2uW2z0)iM3OttJGf
z#w2%A&4ROpf2lb6QIK;^7nm<i`sX3YFT@d~@%#64@NW99zs9SI3+Q#HOAW8jE&)I7
z0d>W3Axg|i0ohxFm_Ep(%94DW;^(A5JIM=liv>KGOX1CmjFdTBLNZ6!A4`zM4dF*>
zTX2G+e|x!;yok_7o%<F3v^&o{hk4{~qD_FN^_CTz2=>tS?st7H>W$<rRHve|kp?Ql
z9tm!dj?s>mH+$`riYxcgOBC(wK2Nrj?PSN<MoxCjcnwhhb#Sor-(4`S9V)arU!v`v
zIkFowTqC%ZUZSW}v)a(7>VGw*{rTRM_Gh2c{=7b=ebRyKY~On%JKO$H)Zb&rvh@u*
zBP0{%@hImFt&9pyloO&~xS|p;tlzFF;F+r%Eu{<eZ!d4u#>W$OLlTShijCG{Nh4=!
z_x>}r+nTA}@iXN<Evk5YHxKF%|Mv$wu*3R@$}UHU-3;^o&dD=!n)mKM&3mnB-dl?x
z-=1I8_nK42H7*4q8OaoxvKzuV%?Kix=ag_ug0_u7f=Eq=dMu$X5f$K?*(AFTQf%L9
z3=!@VTH=K|RX0+Gb0ShFMzq9>WT6(tJt;PuGkM|*KV1lua+;*JMu01~VKpLBA1qTN
zz`q?>+O7!g)aod3l3l{b8r*eYt~Omt*&si6AVvRL(EQ)*>lmTFUZTjGXp2&)JAa&Q
zNJERd+4d9PC`eBqdN*wj)zIWo4+>2&%~2GryQqY0ab88fk|B)XfqlI#(T3_(X+Hpa
zQ&mV=A!$*OBnsTd^fRI^A!vS9b?WxOaOuLlz#k^Cy0o?{F(Hk2gn^>Lqy;^iV_MK+
zR*S0zD}3*Lor&|B7TJkF5iMYL8pZ<8@i;&>y(7Eb!^_@ws3A7vBfUn)S8z?Ys_SS*
z3c_g`-w-+P;UZzqy8Ap<hx-vOG4L@;M54&q*vb;~-w-Er)r?w$=&7R>jhAS5yMx@l
zlGV0f*d1?^YhQ799u0nsu9_$M+V8mwR0(}(=r)itpG^_28>sUIUf>5%>KmSs1YOOk
zFi-KJlCvAC&K^+bae=Hc!2(GhA^T7L?rrmT%u0EHp8gs+@A5_mDB8Ng9Nu4dUh~~@
z>-_fgkr^Bn?vuZ;=`k%t^Ez_voS{axWEHnA<q0~04{FpJ*t<(q!c@bXqDWMnK!qvG
zb9M_LWhEJ>I7hTVb16%4ux0FRNluIFE&usp=dT0wG1i_WvHq{;G=jp}*Y$E*{A)={
zJEQoLRqLL9;1OcU)$p@8#qbpN0eb3Bw~5l*>OLIzRQuPH<>-dVHCgIbDdBQ_v%0hJ
zC3>6gQ&tp`<MjIbqZ8|Cp)Jw2AfBbM=ebeq^T4jKB(Kf3hz6mC@An7rImLGaC@t{a
zL(p=84`b#(!d1)5@Z7y&R!4J^UYlIlrr1Oh8woN_RSoarwhv4nHfoz$vy;+~SgKhO
z2z}anOQ1QsMO0U!L_c6G=9q)7C2!&V3+ui07@p@BXaZt^RPxqb@6@Gk2XCS$zy$Rh
z2pV3L@+?x~LS#5mlmN8Yl)yLPVnGYkI0qsu(9y+ffi}`gNVcd`X(=HaR039PYKTbn
zEr{ioO1q<mSss`Q2q332M>8VL*l1?)u?U87Qv6nNIaBMIc_>vF(9T046Oyyr1RVkR
zMlYR^sbcgy$vzTQSu!p`dCiyZ+pY%M1gF=e$P)CURv84Ea<)(v)wz*pgd6M|@M5kX
zfi|)jsst@&2AtD@TELVol*p&nkW~^&%~+RlLn<+l3Jm6%zVmzx?<DHQryv@7i`oan
zPwZkU9oBU~7J<D`1DF%c<%D1vOS&Mel4EylZFsk!ez1_PG$7wCtnTn0Jgd`Hn0KKj
zRe(NS9@Liw($^R4(FgUQAcUb?2IpMQ)=Wubb#(C>T<fer^ja62x0~<`L>|2@Y!kJ)
zJuYY_DdkxmQ8&Q;?c5*D)p7nk$0<1{oU&Rbt5-OM8u3h3iA!C_JTea7kog9?y0Dh0
z5(~Y-&E{21z+w(H=U5;OIzv>}JY$J&X`Unf4tui`4e*-jE)(>+;`XU^7msJ~#jUEk
z0w6f&1ZPYAK9SjKBm-TM!5hz-QPaYG=pW7T4M7-iO*NO14BgJDBsmqb?yV|Qwt)R@
zyJb`JWW64?x6uQWI+o!2S8l!IRl9yiwG7Vc&KXDKPX7~pj7iqyVbtu@u+Vy_L}|G8
z1y<v*?(#0<W<GS{YB~277r-8QRn(mnC?k_<rVn5}ar$XItyW8By;7l?fA*^{wYCx1
zlC6h7bw|++;S(l^6*Sbx*nB%cQ3t*$LcjeM+;Rm$8`O0aAvl-wbH?Q+`tytDf3_=d
zNi;QG9i4+`Z~c0?_A}AVK-H-PIy^ryI*u`esfy4_=}Q1lH8(6&w^bAfu*~1F_8)c!
z)Zo@Pnl>4kZSq6iFj{Xs%|M`zRrrF)+sl|<^gGCm9Yx7<nl6uvDdXCzqt4dI)lW6j
zR-vpUqJ?<^O{-p-7jdFiLBT?#0S2V2d63c5pCO#z;-vuQQ;-|NwJ2uwwTz{8xE*C%
zq}T$#3AtsT{oT^NY|%n;w)I&56+3;#wogs{v96(~D`&UF3EK#beZ7f0I(dC@s#t|H
zZ3d;3W;_Nq(ug#FXS6^OidramPy)<Cp)uer-7+e;9L2b)*Eb(j-+WkY+X$Sn#NwH@
z-r4OmH3Ho2oThXAo}XJ=A6IZj$T^|B>FTazf@Dc!1JJ@f%1FtHI(hUN8Z{%(Ph-Y7
z%Xnl?A!u#9tm+puje)_j*Qi=&@2`&aISI@W@M0w?nxU`)9lm>KPPyAT;q_QbmVwft
zO(=@vSGmSLh}{8-4hAzVMBN(~r;?o_vrwnzPr%&>;}g={Qt{>@%gXZg<$?wUVAN@x
zppE}efBG<G%&{6dAD<yJksl_Qt11RM0BK4<H!_$W1PmX2<3Wz$qdyp+e{#|~aU*0l
zI`!x35P@|q7No=+q!$oE*c3JG&<wID0}C}&+nNWF)NBoIPjGH;j@T4MIL{;COU8f;
zN~+bn5^WwZUB%E<JZ_qXMmA>FLPu*SHOFHFY+sESHXs7MzuuJ_B$*{B`tzUn_oB_D
zRj8l)CS32G32EpKo=!Cy>y(l_t1q7j$aQUVR$m$p%@{emTgJ}D>YihLnH{1>?MEO3
zp7px17EN%rphY-Wo>!yE9HFs;uf2!`T1G3^s-rO7n{^v@XaS97*w%Ss9LpZXPC@wZ
zvQvwh;;UMj5<XY872+}MH8f$)tef+_-h-=kzZ#&prsdJa>myFIi3_G*eN<XxoSM%=
zAYC`^f#i&<GwTKtlxlzLj@rU-_6p}p8ROBW=kx3qCHeEj*n*5dRJ6HiLm?fzp|yP1
zIcU7Zgq%peT-zkz&ICXRn;b$+qcwj9Uxkq|LC2pgspRUN+P`Y<JlZ6?4SV-y6Qs(z
zl9q3W^A(#mKd7oc+N~aIMrsn>tbnT8!sYF`X)y@g&bL?=>ADG)RhyQ*tOfNG=5Ds2
z^GVzUEXO4$Q+h{M&9(XR?$u%4^xU*W9~(J6*rAcZRL5OoWv3^#IVWawI)+O-FJL@Z
zpiI<a+zG%6O^(hR*hFImPQz|9gLe~Upf4=fXb_$Uy;h@_wg-*Dsdl<p7kV!PXnL75
zAqygJ8NZIrPG8ZBYH_Apgsd!K&~~kjv=w*qS`GK3o4+%y&pQdgLS3peTHBy(1ii<~
z7r4AKzA({9Ea22nobdgT*KUDx&gDKf$ulmg$3@$P{p@KdS9X^#1t1S_)eiEj*{KT|
zm!%Kaksdmr56iL!++Qg#i`CucWidRAE*Q7{-E<lk)grc+(sR~2!W?*a)9G2YxY9L$
zVC@6UUqQ|2tS^G(csix2wbS(AYbsyq%IDhDG|<P;akE}pbr<d`PT@da$s+pT-e=GD
z^t<k69h5my<Igl+_S8dl&%ii;eqc+xMX}BY=-JR)JwT1#L%IzQ=QGBsoG%7p*0okA
z2>`uDyQ`v;^P4?{wQCtIX5h7A*7_M3+8PHD%!zmP0&Vr}jBcMeqF8ye=N}BNr@d><
z_i@>O051Fexa_xa*&n)DXiU-s7nc%C;%K)R3BoC>1foJz1hF)&xIme{(lS~k+<{f)
zv&Qs5iyJKHjr9{i3%o=VV!aLF0#P!=$%5U$$WTeRfP+#R=O`>mf{yDM0IjxQ;J(O-
z_C(OPZs@vTw>imXL>t{O04O<SwYij6#WN(B_GD0~aFP;*T|sWq$+?|GB2ZPr#n5Bu
z19NE%{y0~yIi1Z27YHUQwu!mRX{@mYv%gaUU&m;<(CSq=ZO^@X%>;GqMboSEH+qJw
zL4gW8t$%^W7cj8`W>!^R;IeTqK=7{oQb@8$(2pf6>|mckTc7Icxdw+c)mkWi>rUD;
zG-tQuhG=63E|!QDGp1H1Wko?!?I>a>Aftj;rJ~{qr(~KhwGHE4%>-1tjHFb1JXre{
zCxS>=LkB*zbo;oWSQD%|u56DEf626~YeuJ2!Y!#;{)eZM@Os_bi&-!8(1Nz^=+c6s
zNc*%Xg}1(>`B5k;x}7t0O9j|GwP*O!Sb5lOfs8B6(b-AM&rmI%cH|XA4?tIq(}IFA
z0DLw8#b^4m_?C*=-lOJ(-4K4usnnPD9&{MC53Y4>RnVjv(b%h(i5trldE$?n*Ho3o
z5Xs`_=l4RO+I-$P%#xpbLZ(b0!m7@~jfYR&6;8U7a+*jGPFsc?)xR!ikJHp2H%JpV
z*)u?=gKnGfxZ3>2uo;tj4mQnf#)*<ykmMNl=#+6(s;$%9Ls5Zpazk?KdJyI8HhPAl
z1<7c&P~^y!G;~K7)gsbvWOF*36MfeTO`n;63SogaP8F6H2to=(iyA#v$+ChSYre!5
zTgr;gM4LK?O_lmwRtQ<34v0EQ6`HB7W87iovZN`_k)#V!yV9A~#+OdgDK##6<OZ(b
z)T9xd&fze>C7Hv$fDb~$_eH)$WI9#fZCFVVEn&}7JHu*%^^Eq+#@Yr#XU2m5LPOIw
z&GAg2j7Y*4v>?XJeRXthO5pEjaOBn(h*QdiL~NpXI6!%ZbU>Kxz@1eaNCqD6*j)L1
z{y7Bf`{?Qo3=QsoJLf!93xtbWF9Z`Fr0EM*0&Q$3+wo4a{omlD!z9j;KDp6?EEr!Z
z%+>TL!pbyUEkDs;!1Zrh`!yV0JwpX6V*Bs2!z-{p86N;EC8$9wF0#O7YyifB{z78F
zr#tGvaC&%HK~{y$ZYSISXmhb*L=Qejly3Nr%y7EAV3nlBtaYNO@;HYIG1oOZYt(@;
zv_kCw5_7X^4~YUPp~gm_fVYTd+1f1)3P^^^yqZziU7U!L6@n^-M=eZMWQ6BSS310*
za;Zg6!R*mP)EX$nkr@?Sw`ZUMC`I`htXEDXq7qG&n5)D%Wc*z8gw#zHmMf-gwUDl6
zQfcR>7{cMqgs3k-9}9d}$M<QXH3uCks>OtGMSi4^T$NhyBGp(Cnx!)rSZ5WTzQ@_`
zR3lu;xsR~wM}1uzY2$0C+A5q4$}Xr5%1-b7O1i$9^MVn*XhH|?RK~NMO>iE6GYWM_
zHPGZ$yJX{(Ga-B>`xz2tP9>TwofipYS}OE_x)b!iAgIJtpYLp{)v8Kp1O&0J32J@8
z(BL4T2^JT6pC}*}002{bD+FWTh0z>uCsV(+($p3#gWyuwkA>CHwbSRFY^mz?fh%n~
z3N{_3wk7CLAgs1E_=a&(=1Z+`YjLe^z*$)umsQx33}<mj!vm2>NIc1@m>Yk<HUip}
zvKjsx#YjMj(&4rsk1Flf400#g1=mm=v-?c3g#|6>g8ovEgc?2HnI;put5!cH!br6~
z-N{sM8p+U(&TErcBK9a4h&I?%pBir6!L8BV3O-a^EL%`b-IZ3c5PQS2wc`q0_vCK4
zY!t5mD2k7(<5ev%sTrLI*4HpSM50v~6FQr>aaP|x0oDL#qFA+udJB30`39#D`Yjv5
zq?}sUM9nHAcPz#;@gBU|vNgRowOq5nCE6$nuM0QLp!{ySLvrz3V_5klFr<8PpW!HY
z`NW!bp819wFy26<(9)CJny$J-vbe1^oMUsRQ9qXxHG49j)b}H?aqgvM=SU2|==U{O
zV71~HD|Q;ZzfeGRokZ0MUtBnV%u?SFp3zjU0;y~NRaagKTSAP$3Xo8#*ED|4i4$66
zj>wu2Kx-DLBs|u~4a%`3MY=SKASYRsg7sV)vjN1qlR`)0R%JZp3_P_!UvN6IB3Vn?
z0cuhTuImwPy!jz&N*g8W!^HsBfiMP!ZAA+qah^kef3b(Yu>*qRA}Is~ZB?>*TyXj+
z`8gxJj?1$4UM;jX$D-@ItJ7&n&R|9qF7?^Cmo)$W7Iu$KZb4^-jZc#fELCMfbaaW@
ztE`&MmE7$p&n-+&rf%E=73&Kp*6?gaEpkT%4BjzME74+I@kRTlc0`!_iZ6Bef+NDL
z6kqJ@nCW$<(WLq?(}U}DB3imp%hiZANHT!7lkBOliek8#UMh9JU^!t0fe<@K@(}^C
zN4roHd&?9X#a9GQgQnK05`Yy4)sBdGL9CixhlPVBhLfD!;6iFc%%q|@$ZQxbh?s+@
zuB!_-cB11uVqsb@nm)6;35SZ5GHp%n1^u}q=;U<=zf+SFqtZ1T%>b5BX$uxPMGfY5
z%a|n!9q+aSbh7*1cMlmZ&4Ljk3C%iYc72JM;!;$(6Y>j@C~UE)3Tt+>cFCfS>NsaY
zE8|*ouu-#d?Ll0BxVg)5QK#0~tiR7lL2gLLTjaWxq{s;=vUQBMZDJ<soIM3rTrb+J
z|Am~;d&p+8QF2<yDT*!}2sW9C**m(eo^c16m)c0a+4Utd*cgv6+qdg=Y2p-BMbdIt
zH5QXPsmZmNELmF6`_6%^ih|^74$QyqH3zz_o`Vibqi4ck@CX@rjwb-8Kv=&_1Vj;@
z19xNrunuMWbI>(K+0armIVpye68FS1Y#h;TYPTKeu>;4=WA4`<XMr(|YKL{(LEDSW
zsW%R=5rfazD=h+FXd|1Mx!Nz0#YRMqjTNpH6F2}SawC~qy`NtFs5@H7${U9&7&idY
zw^N+#r*{8c!1fFJp!IFh7JcJNGVLQy>~$`f+H9z(x3ybXR%M1IIX>Dw%y20Qe@7Qo
z{*~gx^AinRSBOcv8)IE1&Q+cGhGNe-u3wW?{oq?+GSeL2r9_C6bNklNt%$iUi3t?N
zv<y1WhoK%D_ct=7cdtqA+<9r(Hs}s2#93V<)B{2=%#zkK-*WAy2}ySk&rj;m@0Q0K
zjb;1pM3Vx&!ZU$BBFQfB?f((1XcJOvV4|87M4r4BZ)mR0dQJH7F{YV_r|`McQM*~#
zCuw+2H4KGspl>z2;m)0gAJIL!2Q{KdNgDzCeGr8}<55#k|FezFEcNrTs3mTvCg`c(
z*IT!XD{LRTG2nwlWa<sjP!BT-WLR9uU+&9N>g;FyPzX9JNM;kboV+%BQq_o6jToCM
zaUG0LeYJWJTHjTF-9cRHOlz_6<k3dNo>Xolr!uD#Ji%$ss_b*l=qfMB=iu#7OaGb&
z3iR%|4jKbVS^d$Ce^!G04HYJHV}p49JnlMfn0{7F&gyG5;}BS1tC{3q`mW&U?8Mxs
z)e7WgeUSm7(?*DoQK8>-hJP#Go)*;pInA*WGVGsjQaJlffdmtwovt64fJd0^#R*KC
zR@Id{03JdH<wnTs40T|gx|y?mcb1y&7nonSHhd@NcF(0IWKIlJx0w|O`ZMZyfFTE$
z)XZPKs%~nObCw;QyuJV-me^}bP39lqniDwY6sKTf(YBR>N#lz6b44NX(%<IPA(LmO
zp0SqbYgV0b)F`>mWotu0PK>P)sU7E0NSJOmo<g;E5*k(1ae<8&b;jM$YMtNgIVpLA
zAx#R%gwA4_mOT(&oqT_Fbl%r`f4KGjs@AIpupb`4kl9$by*m02pSES%y)dn-uI2Tu
zyUDP`C6;bp1N*6~fvL{i1`l^sXeKV;^VTz~e!FqLZ_fPp_`kI}3%Bh%9BqhdT{D(U
z?}XSMLmjecz=EoBsdJZg<<}1PgQ%UR^@(KxHr0);;389ViI(`&3n?s5dQoSkYIo>8
z5afId2U3=RlzvopjPnF3QoaP!V^HmLq7$5&a#<1-(Nd7Kbu6e)t%c~o_iq+@!q4kg
z05Vyys*vZ{dz7(N<(e$tC?>3BZuKc{QaFY&YQz5Rx2>UyUJonNQMOw*=ZKjxC~pX7
z7|B-azTR8>rws;0*JSxO$j8J3D+d#HtBZ%xX~49f`do8XuF3Mk1dUoB$My<x8;_cq
z3gcs_M|3uXzBe}p8p&dILwJst!!uM@f3Ir?Vka9m+PlYYDJQcE^UPnZ`turlZFn_m
zh@iAU{MH+s=is{)>^ZLM#ZyzU51Ap@_obc&W)q+CmXH$X^u|DIP;IKj*S5}TWJ7?5
z(Cz#Y#$1VT$Mv5+Gbq~PK!3Y?#Ns=^gyb}ZBuzcapsg9}nq5I<7?{uF!{8vT(+HTV
z+Bkr43mtQ^V3KH2xyd3rq9bU20j<wiW|b0329nO1`MQ&_&T`(j7gVkPxVnToA=+>J
z?KXnO59fI+$3p9TbuLy+PWrH7yXn}Za-~niO`={}f<ujnd6k0&z*R76^Z%%(UL-cu
zKVwI>_KB%{q3ZVJ=<1QoY(E#c$k^gdmFL!$&|m;X@l=(yqU}0u*Now`5Z<x$+N3mX
z_YN^EZr;>(?@rr(vI3J!Mmb5Pqw@Lls_MLkDvDUOE#Bt}27tYufut-|!3j?13YAud
zV^!DOU|n9*^2es)YJCbt6I^7sG?VjFT;Q1>;#zAJtvW&0Q&)-?x|Xk)^nnQJjg!fW
z#*+yj5v1B0#hlLOmnl|CXNuE#n1QNFu~4;QT0%7slU^9>#uTSGzaV<;bR4%YCupMq
zH#OowTzCM)NQ)vZZ}!gMYSvH<m{H7bxY>*KwQWs(9cJI#ez?#5{yz7|^cikHVzS%M
z#I@z;o4wdpiLLXC*Lmlixgon)r*hCL*3)UgGSr^Q0?WPqyZycIb+mhsh;1F43Bemp
zAAn)vah1F|6Y>q^<QC_7@MCyqF(Korso`&`P}8+emyE!hB(<IJoym)5zSqx4U@37r
zN0V|2Cc=cF4Z0|Euu}`|Sj#eU&TQbWhcnE94rDP_0b0y9AxA9q63%XEQ5buRt44oO
z73w5<4NYGYsXd>(+2p!Ptii{btu)4T0H*mMaGkGd6il5I-Xsj+&5JnNLKJ)}CvY0|
zzroWym<5=HJ2S~(e~Blw$h=FJ+6|;xiBLZ}S?n*bXpzBldIrVtA~nzDbSzL!kugqY
zz8|Y9)-z)(_Pc(X>ah;;!;-`$gI7AN2i$5vz23JDo{%HMru=wc)bf~%0;J>+F)NHj
z)^yrwy>9pQ=+0So)Ql~F#MpW0fjC}JXmgdhxvYs=f<F1Vk7!HGCB?Z(O*iIsDVI5R
zyjUy(BbIo`*BV9Ejr!zVe1XB#PTRDVE5||O!9ywxqy7Tp0YSdAI2M7m_Fua(iooO1
zP<`D|3}2zU8Ik?1?$>3VX2R(fdaVlvdUhIHKZj@cMa0ux^nnxwH6VQ=g{MCN<eup0
zh15ra``C=#qdM_8JTep8IU6Dg2U7T8`E`ZEXQ*Q@w+}6YK9u7}_|C}zRL5S7>UPwy
zeemH)aLFEy@shJz@CfyyDxKGLf(j(4;Ra3|+EpE(s)Yfn{=NV|<Tc2sKTlMnusP|L
zgv3RLb5>Z5-@jMPCvfJjCSDgPiWbd9r480;TmL*P7X9~>W4fyoM)`e?$Tl@5)zr$~
z)0E`IULAM{I3)u(IJF*tMke@cDoQNVxsOFAc$}G%ek`2k4?x1WonEn$<!sinC0OTG
zX-fN%X@MEiSq70?;8{*?Py~jvOZrQjD4{r(8aw)nPocUrsoM^+&Yq6vSj;a;TL?G(
zs=`>1Ry>vI*0vnQumur<vf|K2%K5VnWw8yT^Ezuc9ObGgZc=>_4$Mg(D_)N`sku?t
zj4tpTS_s6NmaE+}LTB^WRHW>N@MSbWqOGcJ)ySH<c1;9mW-Iyx+Jdq|+(HQRQi%+l
zOgRzrHQ(3i^k%?}dSu4}DND|#t+emzlQ%BEl6Qzfk*Cf2jd0h2&^GFbB)Ua8-Vwe@
zINlvalexSzoStSLihlFp09#;!BW;1{47mkkjj`u!b_wZEl-!~_%h@c}DN#TKYVl6D
z`lvmev)OwSFIIzxH%5K1w$4W+*?`+^c;8*W5GXPpZYSqAd&W`D8d6?}*c56rBq-Hw
zd+YTJk#s>k1daVcH1@}!u|En8-yOvbc<A{&&a2kD6%00Cb8<|6Qe(Og^F}pGCM9a%
z3ZM;S9459k<ejsR$mm`<!I_h#uAQWg71K8~C#OAbHy%JW*q%O{TzA%7t5e4upqrg!
z=UWpS3lGPcSL6L=2Rhj$c=URGK0*kR@YO?zZ|9_l;oY~+Xy!~v1?@HE-hj5hGrrOQ
zH>W~&>=LagEd@>Waa2%~!EfbMwyKATc*70d@uy(Z`))33?QC9=Ja?YjlB~|=1z>fa
zLfn%F@pH|g_HBlj<wV<w10w2diO=g*BgG>-&S0ud&Sv1&HJaS3!ka1uy#CaI-c%lh
zf1lUI>)vZ$ZwW=+E$6ii--(RJ!<ye(d9U=s7?WKn<5i&TASzxveW9T^<>}RrZx}y1
zJF(sk9;?$Hp$l2XQ^sR=a=N$-!5l>l*VTmR2Qv)GniC1$xz(?KC~e&5wtkzHXV6CH
zyl@O7v}oS>*hCxFaM|kszu8l+T|?S$o0y}^HQ;noa^-@woa)V+e75>C9rWrYCUags
zf_FYmcmpI6EXXJndIJDD)^~5V`b|@93h~>Gqla6P=Wh#kTQsgiL8(C1i?3Bh&q1ke
zf*aGMI}g6S*(N@Z121Z-3YVt5o722+LdCL3=bRPv7xMOnIAd9D0Cq~W$N?cRp5oYT
zyQbo(<(I=Mqq6%>AXcBd#;R7E5kW!b+RwiBbXd|$!fy!N?P;$Ib!Hv>dH37BsHIKV
zwEXrNCdbh|2yUE8F|Q_*oV4G#GSNvtKp~o4oFCZ`V<&J#H}z@ThvprXkI|23C;x#m
zw!pMN`c@3Wi%c&tHpo1yAKyTdsm?S=>jl^0dZtHR9AbQ3*;Y3}5oD+N_li`m3Ft9;
zRZXXaBSC*@GF!|clFG#vQkm<F;x@^s$#zrc`e?t!_N-1&GjY0TQh|6+2O5|^EA*hE
zGZ)ZN3`Je@lwAUEaBIo_-u&p<IKm}PscgdQ><2qTW<-+dSJq)}3TdaLjk>NKrv^wb
z{(k4<Sfy!i-x6#QwvBCUp5Qa<*?NQT;Q99R?PxQp-+wgJx%T6GX5995Obw>>hFS|{
z=lQf?Ya72U^H!#o795$o!w<ZAIat59cbSVgC0rVrck2f8t(;D_v_!onbFt+&+|mt`
zl*>V&O;E*nnAc=EYFwuJVx2MORMBdR0Vy#GtGbOD?619U-1TdjsQX%`rNugGFF}`t
zp#R$bZ{R@q2Gbn3AI$V#=$%nHuO>;#78Y5J=+-1>ldT07lJKq9EUgx#&|wQ(7S<x`
z%*sLF>CB;RriPmIgjpHLtR#gCei-iik`#6$uEPX4$#5#2awj6ft5W0dzH@J5Vhuku
zz!cMhkV^{bb<B8lVUq|g918CDsTQl<mo74S&=g~ZN<Ut_Qzrpmq7rk7Xo03VyX|(b
zD#sPip>Akeot~45=l>2cTc`9eDwQA{(PGM0VIc@t)mCC52tQHa`jbBdTFnX02p4Nr
z)?WB_loxt6mHG_hvJfHde8zx<!<#%N$-TA_1O{pv>JWi}ow5R>=8f4wFOv~KGg2%^
zjdHEwDX43Xu0dqX;MN@SHJ)DMl_dKXY8{@Rplh;f^8iF8WnYt_y#v(}Tv8=6jdBhe
z9FCGgY_cFLBf%#)b>aoS)A`32lc1CYRTEY96yGUH?{wnt=N_07oL*ODkoEd7U+Idg
zx2I_))Nzsq&sZ0SJ~`fpqN=uK`Yt$<XA3N@$ABYwc8bMy@559+XxN@=YpezhRl%z_
z>~z!yt@g$^$g1W5;E@EDm}K_Bg;Dz<XEXbDyIGtq^Vxj0e~M&@7x_BAaJ53A^*SSh
z*Q&%}fpC^lwQX^3pBP%97}jF?-tOLBwCM=ix=Qfw&P<4h#cI0llNgN#V5D$kEvZXK
z3&}y@c&s$+OTli}<7L;D%<9{Sf@2M4p&F#YjI;7sDRjpRDrGx9$94kwZb4yma>R5C
z!<mNqdZNMCjRR0Q!NU6Nt^#W6uANKDz$-bK5`I$N?0eYg&*m|=-dtZR?C91W0)bXw
z);od+?N43{YlgKJ6&<yuO@FC=E1zb;2?#;Ew_~g!CL62whLDVKh}er(t4221O`Cl|
zMKbWTHP~E<Kz4Wlj390>0hdi-Vp~i^ovsiFEbPZ{?G^9I5=l$EI6#rj16necccLMo
z%CEnoC+c6LL#OZ}(OdkCW#mUlRCiH7F{g^XOiLz{9fwEG#(ALhcd;U&2>ICz#UJ)&
zVAi~+6y2!j*1-a})bH6_xaW-JUB3biW9u8_HA=#5%rk|MMEPbX+1Yz$A1>6EJxp_f
zrvzcnsv?6b&(SwqD0aGn6rK@ax>ldh;AMz0EkG<#6i=|dm-kd|cb>H`MIdf%WH)^h
zQ@0N#i*?PCgB>ZEY_*xvp^p6rQ^)>2sAK<kppJH*tEprEp473w9(C;BhdTD}K^^-e
zsH1g6Hmqh*<&rv#M$f?$^+BM6m-<|(ziZVNN}r)8q9m!R6GjqOk{v<rI-MTvoMk8H
z=K$AP<|kN6-s-7Muezg1ZJsF5_9en)sRn5NuCoHyJ6at4i-^!htsVeC%|xNt9{g*7
zZI%f@OY@kq3wmLe#fRRTIi?xq{<@>wA0FlYJx95}dX)R)Mrr7&=}iA!clIyhrRo4a
z+Y$UFGB|B+1~z9PHDbxKn3h1xZYbxo$ac4eh)`3pb(=UmKY=v2uPQDiY&Pxw2Wf3V
zY``UrC#rN{<Mu-v$=HX0{rmZ45UHPAW{lNP#!ZwGkWS7IPs0(+kOM?ZaVz6laY>bc
z1pS-kEhz|HI&ZL_eZj3fGAI{vfei&*!=5&|#p;;rUKOLA>&XR=B2H3PD4GPp@Jhds
zY*W1YY0T{F>3);gysF%jGS(Z+U}qyU=z0Jb_)a?`9-C)BLin~H$LU2c1Z{+`!Hp!P
z?=Ygic>Smkeg2Z&B~rCfWW8DpX!S9iwb=mgCTw0w3%Vo4Z{1Ehf&+BWPOmc(xZ=1j
z@Q!T{fG@NeZ++mY4?7KkPS;P~k@D<sm`a;~MN2<Ci*GTNUfPxsDpm{DI+6KrUkICs
z`!c7g@9J~?LNuOFB5y}5_CQ!GFC{ot8&?qsUOmH$#<k+exO0;F!ET+K7hd;hGR-E&
z+sy_B>9G3F+aT93>U{QfS8HU6Fy5*-&qe54k4ubHa(fCFDvVugJEeKJ8y>JMIh%33
za9`)QuWKu)zOP`Qw~>JWySOM=Rp_YTK3w1JBCnbk)8du1B3i=0JBh&t5Q60Oe%`%y
zpRrDG@8#Yb2QHMMY&23Aq#(Di3C?nAgBv@TaaAYIOr_PB`7j@dp5#jt&C`dR<V!bf
zXf(VY#D49hFKHl_EIaI{w1%3La5_X$y>L97LV$YmSO!2gnJmXMfyt~nWj8ub?W)uw
zleiJaC+C|3HA}4-H-f#<_FsK}4v%!14xgb(B~iirO^R*_C$>t0&S4d8_GVTP#5h_o
zPW)C$wB}$(3{hi0nU(c|#QCHhTRqhNe#<a4r2&+JaXG=ZgBg3AmPf3RoaN^^F2eEd
zs{d41ic3|?xvx-Vf~1^C0Vft1vfH?MJ(${cvJ(B))yPP`g{-=fhc2$Fh8wxqudTS`
zEJ#{$DwhgTawn6L(;J$TSsgCOSvnO5DB7AcA-B|@BeL}Ctks+`>BPONKmGYBr-}Nw
zp5UP`Fmz6oi>3#2uhHp5e@|@fk<+bEyUB6!YFT0-R^L{TyE3OKmHD!M{a-alG<&KJ
zWA$&yUp)bMomp_YT6ymfLe<=39M@S*PN}5sV=(qg#7T$}FX}oSe1_l+W5swg^C04R
zB4%gn>%Wh>H9gWcc9FJ3>pckMO6Y-(xz)7IVy2Mh(dy+bX>GWDC=_y4{?zc}2yb7A
zE0ZdS7PDhtsdGem*;ML#oTne$db>-cvg`=~R7Jikekyx4*A?T>3Zd2M9}9Jqye}^2
zmCV>};XLZ63efAbOZ$=sT;Cy9pc%(0nN~Rxrja7>qJI9gf|fBWVq31TuCM(1dLFsm
z)L|pBw800)%40s(F$;Z(%3jnr_HAR<^$T$XCACc``5C-%tfROM0eEXGItH#fY{&rb
zn(qSOq0&$XuS|tbJcoOr*Y-C-AdBb~hW9%?nW?U$uQr-$o93pZ7MzY?CJ{VG8iss|
z?{v_ILPFK;1&&@K^W>(pqH))3)DOVKPpYrpWvYbYKD*l1H{j>5Y9d`z_2y3x74DH?
z_YmW#gM*10FqcYQE*qXDFj(u~hK>R2^&<!a*mNN1-|FcyQm`O$joAt<gu%pw6kkd#
zE75^XMO=Y&rag+rm}lz_szPUm&CXe7lF%odzzemypSl7_ohF}s*o-*{)V8=J3em3R
zzIFmw)nT+fI5Nf6z`!zaOIp{lua<CJh!S&BxN%UAYr?FbB%To|P{~P3GE$^Ob6ahy
zu>lGVsBY|(?KcT_8#qOsw?T%VR<fK64ha~VWXQqAL<$zDU`6bO4~nsauuSpw*(D6(
zc;pxg|H68OFHb#1CWRm^W`rB7pj9qwbWMO%4wZt5qKCk(#<c?_E5rr)J4vN|L-MFT
z_#~VDtd3swKMr;3=P2W}mk`1LS0c88o?jQ@h%HL4GulKxf@Y1?Khvht5S{wq?lEmv
zQai<WC*?WeKQJNf>&7l(MyOrjJGk{DTqnD18$nmYT^~i7<)lea`Mr{>T#J;&QB`x&
zUB)1Qg$z?80I!ea0^hwRQ^GlMl4-ssIg$2K$Kt7`Ff&zMd^24+jOrlxdtgh8E19?O
zqD3ra-qXKsuzpV^Cr3D)x9F+lB<^Ml?>4$mf9!7QJa}7osF+eG_f4SLJ-f6_;#4hE
zj+deCYo?<~p#8MU3V;t#<RG)f8Iu<TXG@TS-Vz%;31xA?q)u9)1);bdbP$Blr;H$Y
zWjw}}oHrpzen$T}DWrKKJZyVyAoK*5wt)N`iY;})!0S5AOO}*~k&sQpCe%F`#_D#}
zetvYs9b2o<@FS%iEzfVXsAPrnM3l7sm}rBVuG0w&3slj5>EJBY+BD&A+j*m0kbshY
ztIG%mBLM1gK%>iGICTJN!%o+|;S3{Sfc1(bBUeH@#ajpe;LMmX&rp=Wc*tQ9byR<m
z`#BleyYX#KYP0fhza`=(J$SMGVyE)}b`J*5@fQ*ihq`Z?dY9ZCqRZ5|wl2}BMyrWV
zlyo{(B6%fbtP=^0?gARU*2xEY*{D7??xxeYs1~{(lErgYikKF&4y};lhAor3>GZ5x
zT<OX`uu{Bxu5C#tx=AY!UVj&4?H-PMI|yw|AE>|E0;;G5r4CO{ey)g+0tC^95&~cs
z`0m0~J}119o%$fV0-50xvCznbp*!N3sXu@_$f#xx2EeLnW+DcFK0>IrltVk`ec+nu
zLBVTG77BzswkFf0od;MopI|}S4?JsxREhtfbJyQP)yvr|DeDwL8fwmF0f=?YUgFoS
zuL&vR6qj*9<b)QP@vsO$Y+n+&k<p0)bA-z?B45!WyEN_|E3?2@-(R)oQPiw9$&Pe^
z4H9ukM@jXj&^OpOppp=z-VB{i!?>L=NGyxAw-;U6yCS%(6Vn8I7XlqEQW4{luIS?Q
z=<@LV#JmaJBGCd%@LUrTOQlGHW163y2g_uE%S%<kI<9$m`5=P!Ef+>mbb5@A?<B`2
zg`2+r5)kQE%n;@iDmms$wM|RH;Vm@piDc6*dGr{)TB5SjHYX|(mQYJAmI?AbvibF%
zAu68=gmb}A$%LRLQ46~voYRaTaz_QgX?jgM`$}Q0LE4iYN%o(3kq4`ML<KFBq>6S!
zx`Fw39LFImdFavAP+3}|gG>5X!nKj&X6Mm0EwY1V0v;`h#2J?O02XmU4v_b5tNH5O
zNna4~FG%X!XVr;?pu0Ul9~JWUdTRi`kH}2LUTZ4;^oRc0kVvv9b1aG2sxKCA*m6sc
zZGlUOd%bTT+uPgQ`+Ixv-|g+~_J6mZZ}0zUXYcv;?zg+oclW;i)AsK6_V(_d(DtVt
zYWP<PiTR(lAKX`aaQ`4bMW|2ov3-dSULx`{+E{s<Z`!x0V?V224amFdDmj_vbT*gG
zQ;Ld1D7LWnj&`Zj#Ac7&*IGq@yrlj~ZZ0aDw7<@WgF4E=azTgZ?RAVJ8dvpULzX$(
zNZ!z#h~)d6O;7~E$UWO@Yr>cmlH<}0D*3x$MYNe53d3rX%{I6FG(2W_|7WoFg2>Of
z|98Lr?%VCo{@>aEy8pk#@00ESjdd8nrj-j^27t>_Y}H(#?sf$i_ycW!giJa}Xm<TV
z3A1GfTcidG2}^lFq!K3BR*AWc+0@qUsTCZ2a85)?(gU~~)_Ev3Mv(L7or7XOl0B29
zL#8h!$CAv9)!F|RoHEJjV#Ul^24paGmK^4yy(YnDtQCfw<@x(cp0lhDMO44Xh!mpY
z1eK~lRWb=wEeAHkXuJeWj%3QV0%wlW4<Ns(s1}|EtfSu0ljO>bCwYa1PU8{{iB{1j
zOq7`8-S75AweVGvX1q@9oihdQW(%vQZ68Ljxgd)h!jIUZ#GIh$Uw4vkx0CJ23E|6<
zf63sBu8NW)SKWPEO^DgWiTUqla*F@X_*xBU!T6@XXqQB)eSi+j@{lhWe=3yrqE1q!
z+C)_WvsjQUO3>Aupc^#@S~a4=p&AEdiVHL$Xu&c%r6faGpqv#m$n7Q2b-`}Y?VP4_
z+mTRe)>6CQ)XC=@c(kaoOB&)~g~YTVJi%p&q0FvGG9ePTHnvL`2i~w&Eq>rrVA~pR
zagWV44FbIF#b7_V$3liUT@QP*MWb2Vc&<4-3nm}$!zREo*I-w4foJ5r%JWO@+1$Ws
zmmI8tLuUz$Q`OrS0^R5hgmQLEIFfT*AiaT6#)_vB31cXcbAlplNcCJ3ccjyHK11JZ
zwL!~yCD1L=gbxW{A;_P~q+R(B%t1i9`Jm*QN=dO@g1GegWMG1Z*C0%0ZK!pV7F&K0
z3Di8MrlfdiuL1e_)>?bSsgkH|6jmQYr%+AC=iN6ioTf=xS8-dXY_Y&a)(kvGTb1Bj
z6I%G^EI6JK-t2xpTXpo`!zAlq7Ne)JXaCjj-5Cq;(;==4O`m#yraI{quk5h4^r;`z
z^ZcgPFs_%XO|!-}{@ZU)+mit<jrHw5nN+hz-`;5Z38`Wf-4H%u@S<j`p()S}jUEu8
z4J68(N=SO)zoP84L7SVMxyjiq&dCkQk>t2DnZ~#6GvYtZ+3hDmAF2k>?{7hiDO*iE
z@QMcG3oOHT7p5$*>O(gotq!1||7xTSe4J<j=HNp<8#+{5;{UL4fe>u{syydxLJl0C
z+qsnG_e36eZn%&!-p_#Gq)+;Y;KqtCQM9xBJlRgRlbr}f2M0S*h_|Vq$^U2GuJ()C
zz6p8?bk)WSsQHO>P837_;p*z#DVSoKSDakUIT3S~hpxcfIY`>|{cg0+*=6tbo(IaS
z?86aNni3%#tahAIT2M)G4$eV!U*FXga(Y7wBE<jPMO!t^-VEG-o=4Dz-_tO0NbiE%
zT`^8@M*q2&%%6hKx@N7e?z?EDxN$`%E$+R2arxow{p;foXNRZ94j52|-*C3@R}v)t
z3o<=ug)_8l@qQsRI)^2L^gsp6$QfRc4l+k4?@oR^{Qx)}o*rMGA0B-HoUFa5aS!S{
zC$C=!BmDiqg!IozGo3%aI=(nNzB<1AaCv<3*OQ~;4?n!WylM}^7o~l$k<Rx#0`mF$
zi_wtvgX+osOaO3B9~U>D?wIcBh!g$HskejbkM05wcfYee&i2((zBpSDIVV*oD?c)f
zMRYfi);LVoeFwo>!#WQ$B&V~o!<7`nyidE5Gs#kxAE2wF^N@`1!_vYlxR3=RN!vBr
z-T5;Bb=DaF5ahuL7;e}<1FH>Sy$be7oiS`DRXEx2`hmk1+_n;+5P3(7>dw3s>hrap
zozup}2hl$BdMpMzyP=A$Swh}J4nA@?%kG7(r)@)(u^8`-!Wf~9v$B0a#OUzdyY^!E
zP3uTuR-6(c@Qhf?#T%UG6P#XOv3G1H-WSK5v&Q0Z!}4mO-_z{n8QRm+<rxe6)Z#&p
z1)$qR$p-KLfA;?UyKNlV7e~*}`73ah%$m4YBunxu<G#7;I*vQ--HGF4yJz2XXV39K
zBqX6t5o`doqfYX_e-{Ce1VQjAS+)~mt(lHRJPNO>LZR>}-&-Eax0ywolX5(TPP4{r
zh0^9S3pv|ba<yK&sp=NK<R9t7kP|V&Hf|kLGzq5t1q_Nh&X#O@%C;xLG?#&r0LIVx
zBe{G<j$@Wq#aFU{9yA#m)f2TW7lw`Ah~1@+nk*zo85UYdPV3M`nc}~)dE#+2`)F%V
zAAz*lqB1L8GKkUnr?zQUzGtv<?AZTI**>$mO<y%@iM09s67#Bh`x^6#Bkv9_<0TkS
zOa$-qAQRXnR=a8@R}Z`tz!)!bx`0s?=&6X-;-RoZF~<%}09=6(EkYeUa-3+G&&)@0
z+0Su1`PXn!iuRva5|^1mSL6oyH7ZStr!{KaR(s-Bd<HAcpH>?w6YA}AhO1bYNP=gO
zmQQ}NX(RdUb#47{I>kQbTFLmAm2Y<}t?7{^)6Dv>_t7dR9-`*Wq4r~8o5kmeT+>q4
z<}NbqLUyh=u&xV8Yl0pRPP#4)Xz0g*k2CVOr=Pc%0XhWlFco9C{6r<Rv6Yy-L|u)X
zq`tNU8In4Qx2=;?<~tXs=fEc%9g1s0PgpBv;4ef8SRm*#d7<uyiwU9tGk|?S91cA|
zQ9u!k1F0Rx(W8>vLahb$Z2Y5m13law4z+KXqlKY}_JMd7XuUBpv_LuB<vE{&D*|p1
z3IOAfBQQby4k170^9*c*Fql#3CO#mRGgqa~(x4TAo;V4nK+|msRi5HSX4ikpSCDn<
zH`aK{^qpdQqulXVyIvE2y;=r_4kde~*O1R+?OPo_r|B;RT1BPi@MOHc(^T&N8OOa{
z#rw0;|9f<>yPNg@93AX+{@<HP599w`$7pBu4Oe>VI(<SVcF@bb51mGq+6NzHVB(^F
zRJoECdh1oT6muIbBPQF-p)k-v-^>gJ7b&Lwu^fb;j?Zi(C)u@l%ocdM)N>NUL;>1u
zi{`{b#>8h<Jvci(KLlqoZoU*d$MNquzuF?Y6LWL1p}FP^rPFU%MmeN2q|B_@+H1<9
zTKpf%V_#b_P{sd8dpm~z|7f^3>iGXA(!=t9yIDbo{-}}xs*pt#v@nJ=6&DqD5sg2#
zd2LXS<yJA>oa&pax|;fSO+9Uu_=ifh`2Rv_BlpAq#|QgklmCxKJ01VuM0%w9e+&KC
zd`_koE%s*vhfqY=z#)rmQ;MjH8XqWX(wCIdKxK=hi>?Z<`H5JOt9l{bUgn`hW9FX~
zl2wg86>-_5A1e#am7nk>OYbsYgIIa;?|zxW6C;19Q%qnvXNdEZHI`MyXxW1k1288(
zp{k4NRgW@u>a8}OABx1X#(wIpto>ByvFGY*M0VgJPf6}W3wq>fFkK$~cySb~VMX#k
z8~=PY1c)m9hrRtA{=?2_uap0qNR~^E^4R(1xzx>zJi#SE4mR;z3+^Ewjk}<|xQ?^r
z9-;}>OD4MiA^0kGR`lZs679nVRB$As3#c9Y1TbNW_J14=5C*vKc#yGs-2VsTJ#+t$
zJN<t%$#9@h(|&Y*nrwI-<3U);qa%VPzxt<eWQk2U(N2(IW#c2mmWni$ea?AweySJ)
z8~h3x=&8yEzV!Ksl=z$1Lc_fsZNJxAiYjbN5DYo#ZOI2;I%_IxTrn-3gu=5!YEqUV
zk32-Bw@zw*j<;Ew;~4-hVh+WDyimWIqvYfugTiDR|6&Pc)?ogN_P;`WTzT*RuNwP*
z*OdRGgWbJ@ZvSs08T(&N`*E@yGi*TLBqf_eL4Q_kj-2yWzU_G3+mC)Kzg(f&V=!iY
zRaP!wBQTQOCHdWXsG)u&8z9}8tv1*rPgVPW9UcG``+s+|W7_|sU%UOkiBx<4H@}hB
z9}DKHjn|dmNMX+!$#R=Da}{3MvzUZpTUXtpHBDmG^)&;dYE)g>oqWs*a~IZg&I9e9
z`t`8j8rml=%Dwd|rVIPx^@s?Rl)mTG8`W>ecXxNz)2yx0%Bj&jkF(wwd9Q%%OQ6(Q
zt&%XFc(JuxHXecQTNQd#NL{s8%%5wLQ&63awu&G=B}>!uhyywLptTjx42v-sN;B2$
zOlckK8uU0`Z1%Sn!yQ-Dj-(i%`-;Np6g#?CyY*8|0!ym>l7;!TN{AQ|+NKNMi;QT+
z`E|jv78&rgBtSS}0+Xr_RGbE+1OW~XL2vYr@j&}uFDok~oBqc?{_&5;Y2)fraVpaP
zBhiX|%+~<{Tdx0)Mx)_@ssHcpcl!TElEIkbX*Vy{O-xoBZfoHcx_HSJ)!H7bHKFU?
z;9B)7RGr{8-NmO>*1p&+qNsRq9vwWZoy;}EQCc0VI{?(D1b~_>?-kHbO;pn24PAdz
zH`>^>7Ji37+98mdYhtY+q-7OrPsr~Rhcq?i<TpnHAkw5Kg;=EJXr$Tl1%RXgczBAO
zrQ@MI?1@b=qUaV;eu3nje@IcZ5ImH_Bnv3I<axjn^f}$SY0AN(rl}8nhI}0gRsYuS
zOP`-NCOB67Sv=1#_-6fCK(S6Bo7)RH)}OyxepQP}kAs1D90nsfUIY{|PJ%(yq5?rr
zqFfBkF|~*R0~4)mL)aj&s&t{zFrPa|!E<nVb#!s{`}y_d@x|%+6~IDf0(pxIXy^mt
z%i#CP8|48wBQDBRl6(uWKa0h*6EaQ~_%Gx}f>ua%S#2cmlRxB>>|1h!+)R}ri>gu!
z=oMfDU_lR)l_Bv?_wOve%oA=v63`)aTorX>YSjuxN`n`b;)HnY|Mg5?6p{sGhbA+f
z3hm5XJav|h0=2X)8xv2cctKd9$_l{BDi_MQ#zHA3g%xpXP!4Lf7P8tRBvo#<A~cvH
zaHT@|Q@IUG4vZUu=tvq|0i~k>Vn%WMo51T3&+kv)WuRD!AX?S}mXm5V&GB*!Np3!R
zvY9;Meb)$RCtU&S#o9@iavpA{!Md>H8yLtd1v}xpfjj7ukt*%KYj^@&;r}rj<@`TK
zd*kl???#fv|2xMJYje)(ocH*&w}kz!>vgZy3f<B~UDLc>!jxM-^Ic<WoiupjsfhoR
zAkr5J-M*e9FF=$Hc+l1Xu!8^Z3`ZvZ!*I0U;s0zTMZ4BTQ|zazcs%t3$0MPeKJtAb
z{sxC{KyQY8M6r{30Gz&n!x^VxWdoIk-+&&xV`;fK_)A<E{uNSGUOdWCQh|pjZ~{g4
z@_Mw4T6Ml__SgLMtZc}Hsqr12AtufX+Tdwlq9IHkEM$ugLKbIA9}Ejv;4Ll4LSoeZ
z|Nf1o_EMuJHAk|xEzoN+Svs+spcURR3!SwW$HvKx2&qGG#bVqz-5NbM^7X~9(`MNM
z+dn<KKs=;=9I`%cN}A-Ki5r^Aonl>+2GL0X`#5WIqf^|`Tp2Mlc}8YhAxzdc00rB(
zuwae>Bvqtj_y5NJ#tx(ZE9?M80b!UEx{RqU$jHL!6n`%I%HgbhCiQ<mv?%J*1Efm*
zPr;#4;<bJRQsMu#KOCFyzemG^?)}$BlI8rL@Q|wWf66W8sXop}C(tQ4>5ES=<a0vt
zU*hDMdp)K+>Mw{_0`nL*ZF7f8$huEou?puA8hS{2(+2oGC1IdkWqZA6#syPfgrt53
zz%8N^^~(%#@m~)!`Hwruop~%Lv#}6C&&4d7r`XN<_~Km;q*7IPipu8%MgaHR7>51=
z`f!HabK?GYL<OP)1!fFh`pBZR*h<7$A2F``SAc!Kzq<v7U<)Wy{d2&HG?GJM!uOWI
zMIPb^{L3K}eT@eE->%PO2yaFJpF<8HMKWL@_GeKA6C`gdp94h&m@L)1Suv8b%4c@F
zh3?H>XXX-c45occuvPl;Vok8NlPLzz#oLBE5JUqMkuF@ekQR@e6TlGHm#kbY`byAD
zRmt#6FPSsqqAQ4f&hj}J;?ZYyS98fB519t~G>7b6DDR3a>Pd_U^Zxi$&FNO{;qr+D
z*Vb0LWrb^VvEDA$A+tyo%{8f(>{a5HB(C?l_^5R@-=W&Hs_LUfpuYX?C;oTx004*|
zN6Spx+-9PRXBqCL4S8UWbZ$^w%$!JrUMk+4pUDIl$it34rA8l>?yx{?u7pX<dM=}a
zmrLK7Q{pR05WfO*VyN=Ia$eOpZu(D$cph?ub7Q8fh3vD&8WlV!Ky*sz0(^K2PS4{v
zND+NgLc!bj=c25Vg~@1VhFBvzXw<YbN6t-@H>w`dh#mM*A8#>VCNJcK$(mU<Nb%#%
z5_pGr(3tcIEL=8g8q|o%aSDCr$uT8U0KxIux#Z@`myCh`ToF;}f1<LOvvkE}MnAh4
zn+VZWhpp~f&F!|8w@58ki*8YFKqM&|)nz;&d0T6ddg7CE848Gp9js<Teo<Yz!!F8a
zO6YkGWJm%b^83PA1vzq~wZMcrdMy4mrDOrlRe8Bcgg@xtxm+OZ@0IhQF$%>~Wftk9
zCHbuqzuCr(QLDQHnhsscLaIm5!fu{}-_!1t52h?UF#4qita(4Ods6-uk<5jMY?j8W
zlm*NnoxoY7>%{XC4L=K=dD@J*jaDA>61rHj$54IRS`V5<39>KVa{g6QU5i>vRkipE
zFEbrdIgV5iv-je7WmB13_PR_~uCV&NL=wawZpl(A()!PnSr8yZtskI!izvqoEl_qj
zPi8?xdRnOMv{}VMuG28U=rc#YL_#XkzNAlR{G%|i;`oGMr>`#ST5J2spcI~rJObT`
zdijilfDn%j^m#X?4*Rp14;E!poKwwLS!ESjvMZt}m$o*lv&2SedsdC->kGIluOT0-
z*^$t1loC^(Gu~6>U&W3q$WlRi{FXc-I+}iau9RC_KSvt5N0BSS8<lpb&hQA{RQRQI
z9<WPiV*A+197m`3(09ZlDy1PHZhiwa=ZTgLWo@K%Z<Xz+%C+6*&`{d70`gN+O3LZh
zGG108CE4|J@C%`)1rpHE_pv_%*ayEJfdz5V;MwzM&ttH*l6-)oKSNCA3p)@p@o?`#
z(fNTmH{!(k0YMj0a1!gV&y%2Hi_qgZ@Q_wD<56GO;MsHW95A40iYP@cxP!~6c9#e{
z*&H+RNP&n}KOo2u%QOrbKyGyI;zWHGmNpMD_UyTMu0njFSWeL$qJT{PKn_n{6{s~M
zXB+gO=c!711Ir{4LS5y4UMO;e!&bF?QzGX}15l$JJvm^rJT<C9wN-Q+vUVGwS)*!&
zW{xuIV|<(u_V8$NgLrj=)ANB<JQp8L?Wf)x>4j*C`7Wre=}09%$v?QqC<(dxH0M0f
z{+!Xk(f$-G8~F~JQ5frN$#1p;XZ^`&-6Q=Z7k5nmE$vYzXVNkK*JLc}S(r*Kr<R#4
zwm*D4zC1cVy;N^DZ8I+Tjw(3#+%Fm%Wu(Ci0Tt53IMaZ*VnsYK_3mPuf3qf691n>d
z+;VB!Y(1JWtnzeHb5I`oR<cW*N=@$nC)jr*X4upXpwj<8hyOC(9e4OI8%dA){{O99
za8K9`fOzNvO{45FBQF_)X8`0~Ac}g-LaB2fKI;SP<B1wiCQ>tDt0xnkz<BzplK;Dq
z%_js>m$i-sQo;Yn<J|kN@&2&G|KCU|@=8djT|fK@S6B%Obod6u@AEw}i67_}ub%Cn
zL_GGyHA#jWe-S`Fe<kZYmf<r*)vA%W$)p<b;`i_kplF6ZU!cH)4m$EY(0loR2S06Z
zy&U|s^*{e38hX)_m4n`kFXL}LutEqDqxr9Z)6jRo{*HPyeJOo#d;Ok`cfKeaTU&gv
z7j>|Yji^s`AjmXfSr`9Et&Y+z2&&S@Vf8YLk%@iRt4oOQpf~C%z*)2ic<pjqTjpcz
z+!Ho=TrRCo*CO&68@&0e-O9@E|7wuA%7ednpX7JQw{Kz#s^y=ec*qU;6>#!jOgb}k
z$Ik~&)$$(&9$79>`|!^d@_%P<ZzuQu?_fOa<o_m8k^C<StQq5dDooI1ebhRpwZ#9t
z|HGUS6Fws>R~4gm1#^t+_Z(az1YF`UKzwnoLo@?EXSuP#J`k{w!Od*@<~7?^pnUOv
z2Qwlno)QWcgd*S~4zVYkfhY<*?7%Fdy5{;Szse!2L@g~F$KsKE4v^16iqh*cb+JKw
zz_35_l!NWfYZl)wu~%TSR0vm;cwY2hRY)wI1^lcz%)S{7hkuI($$<=s2FVl<AH|&)
z77$<Dhf$DVySd;3DMJQR2&w~Fn9mWt!wdoF$E_~#Y|g<9alm-!+yFNeu!UR;;AGIW
zr${1;iMjxjr1QBXQ2?cKd=x_%#kic(yAPzSSvasI*MaGkV?1?4-pjE_IQ!y;GSPcP
zG%h`YR(|3$L9<3G;#S`8KLa!?V;b}><ito1wHTC#Wx!~uo+VyI3;6jmq%&k+l15XR
z8U}IERKdxP`XPvxg7_puG-PPZg>fimMK-iuwj$2%mo<RyTK(6F=Y0zKIdL;UT*<Z*
zZz`fp;BJn5?HPjXBuh%9F;_B=8x}C=3+H7PE;9H|@?9!;F}PBl8N7uIor{B6t_q=H
zC^$DZhvU6{7A|bSk2%<*%yQ24-V$Is6QSCc(H>|zgYBv1ju^igh{RT_xI?mZC|ebC
zD2!I77R{!l*Y?%9W{_nQUALUgmx;{!VzcR)wsJteEAZXIUOo`&YrkU7i*aAgH{k=@
z4k<%=HC{d2kzR8ct9_Hyei?20i|}M|(pd)dwy#)O-^KLJHeUpa!)>dd7cj`=cF`o9
zy?OES`1Hf+?;o$<oxJ`1{Z@^oETG(u=&Woh7o+)E8A%33HJ-}fUSD3HeR_9teRlNm
zL`QFo==p_`MHY%uAUUh+4m}w*x9mqz=v+kij&_#tSdLBuIbzfx37U>Ro?M<E9dCf9
zSn8&hx*}QI=CPBthsPg&zq~rR_;_;p>-F)cvtLf%o83GF+qaNzdw7y8u(a{*vS~J&
z5-YBH5R>rAzoDgNEN{^A5Qw#Ge8@0_<Q1fzh=_6uy$oWcRha8YB^luzeZX*WK|BPu
zY<)fY@5}3><KvUd%j@4x{?GO4yXp?h$58g(W;zA$m~Al1nk?zIPVwc*@x{rNR?B9n
zE^D?X<?l{@Ir{y>)%C^6`_oTnn<2Zf%@Uf6mB>>37TXH@aQgP>?a}q|hflx1yT7%j
zQDYs4T2$1T#G;Di;&=>Q%2Be?Jm0)#>hk<o!nkdQfBXII$;H{p)k(BNF8+CXd~*Hk
zr_0<>WYwE&wTA9cQuFzzi`q4x6Kd96V_j!}l&bQvaFWEMK7D6h|NsBrFHWv6e}5}M
zzE3}$Syp~VW2>sUZXY=Eq0h^xx;i;KI=iYzkFB=4l*CSX!pWnUoQspoPrqLrpIpDc
z`1JdE4Vnt;Es^fBspAi)C)S>?vSA~dtUI-!Nh?X~=OeYqGMa64oVEoIXmyY-w$WIu
z6uN~Vj<=T`*R+t<{p4_#3yxZ7lc+(T2Jj6sXzT(FylqQ4H2Qp)*Mh7bzC}J_?3|KG
zCV0o3^WZ(=)mE{>9?3ps!&3&gyUDzyxNE)9_+T&`3<skg=p7!8dNs{eqNn17u{}r7
z<MY3=pJYhI@y>2`LpXC3&HArbS32(y@9&`Z4ta2?AXW~+{!kxOM6s|8$ZsS48^;So
zLY{owNxo48UEB?E;SiUM@LsI}24D)Y7gBUJr-;po=jtWxK@$45V^u%us8+3jiI*qX
z3Oj_H<xjr1w4cF}V-|Nxb>QfG4PxSRtCqbTDU5lAWW-n&HAu*3Euo<*1lc{<1hg7z
zb}MfYXx%woMGhxOx=9J!y@k>!M}9^%3bmbHT-ypH!jR9A&#^>n87x8`LT|tVY}a*T
zx<!UQoFSk08F6k9FC^c^v{q}PvP)6ds{NC0a&~njI#opV=L4+tHQ(PfdUC;>B!3ps
z8D)z9%I1k@KvqFX0B5<C9JiN#)tfCU(`vg-W<l9ZPi8>_4yE?dWLA?`Hd7^wLgTEU
zQ`%dz205~ZI4U<FXG8EbBB3O>QAuc{70GEA)F>0g#-`0$^_fB^TA!Ks5Xn#W>MbR5
zeN*szaWzMtdOr!)6>LXS-HU?lDCuI2x6?3ePRSz#uu9mR)MdyXHmAV9C>Jj3IXF#T
zY`@CA{uUSKi;!^vv^YURe{{o$18GhdNmas$1*(v$ci8iQ<3To;#31O*rDsVTNVPIl
z)hZFAl0I`15Rc53mqEndj)~7W)llxlZYs)hXpvSgoaDQ36Hlw@3%6fMzMf0(f$Ee^
z&O}436_Y-``B+=(wmKhf%j&QsQ`LPosJzpzC$kz%%jN=!8CNY0wN_g(DQ2@5HZP0X
z2pKv$Kb3B7)(i<C-r(kzaYB(snhUlx-V?FsBM(EC4QUmxONC1iEy`k|WB;=37^y07
zAf6}0uYGaA^wo_6>GO;;mb!>2aea6Q{snr`_qe#y%?7&LyoDl{EFg{)q#pQp**vyg
zX`2WcX9OBcz%!w%0iP-$D~bA+{tVIsYmL)ya$BkI@Zzh;TIbv>u~D9wG_f9C>Bbk+
z$_!!)&&CZ&1xki+bSUWXgnecP{z8<11%f`4&>nucm>?>Hf&$`j=mClXiWu^_(!gCJ
zxM>noS!+Q#D}E#{It0Vrp>E~C94#`OvoGze_TzkPe-UF^Iq1fTK0D+$ubCWnbqJ1K
zIb-M)s@yN{pwDAmldBJxwuvy0(eiJ-Q}UNHeI5#o1rIwL)(fwCjG)HRzU*K>S4U5M
z)Pg3beCc}m3--__dK^O)6jIyf6kK)&E+;?!YCr47U$2${vh_)?A)lx5>{!pVRVUgK
zzLFNHNkAjBN)4k*>DaHu!XoG4oj?a8bXjMCRi4zV-%HtJWLk%`y;;x@nrS^*0cr}%
z5+h<j$sfq!C=-1AVcD9+Hqp0mX^@kZR+A?v_6*2&R>(F1a}^PdJ_jClF!z=Mlm)q9
zjwpHs81@}0b&$^~MhZI?Geu#pau)^BT2QCK07aT*`oQ3o(7Xk%?Hvg{7dS8yT`)f7
z3xH(LOAaKa2h4K-IY76FE&+610mHa0#v6JA@BzVFiT8!1PaBXACl~MrF?rmSM2o&G
zb5#pGeFKv}SuX(l>UD!u?V@8Xly6Y(=7b?JH*qNR8?+qMpH6MLCaQlw>J>+Q2T^m3
zOJ_Hyv4B)-;T{{@AhX{wJCZ18Qt~?<Mn1P>)@pKcgq75k&HN=Ft3lKV--f>HS<Tm(
z<{j9m^?ojY_RT|DyC%&u1ceMqKW6=&PR?l$^b+yY1K+;c=eVfiytR6z87^w(1}*cg
zG#)VXzA@$`cj<Ws={safsN4<dDYnl7<lrfGK(w%<f25L1R!PweQrAOFaGJY0;&Vj7
zZ~wfEs`wbOe#}6;KnRUUc$I|5z#KTx2a{}-*&QuxW9kSKY1Devvq;ru;e??-L*z%y
zP_^_bQ(+`NNyrtTVZ?HvuRlW)tZY>VAW%Oyxc_B)YuNtziZ;0WbB%YKzjX809j^i%
z{>u}4#a{XTJ0Px$84blGOhR{t8b1WD!vESGj&k@fUHtFOq_SsoCjOWH$mm_NCf>?5
zVWPx1WDyV_sVjgQH2?!DOkj8}(}(8g`6Atm^Ho7!;>T=B_tSYBWS`AS`pu`b(TG~Q
zX{`?XM@D7ZFNIaz%Y*Z$#-;BsRr3E;0zax$h5xlXH1NMh2fGIy|KCVz!vE{yKUN1+
z%I8pKse~&J*wS~J<d1bn6Ro5M;$*#0lYK>mW<fJVOG9Eat_}|%f7TntG948=2(cFY
zqzt_J*?la?68vlJQ~44s%Xt55PqkjT_A06D7M*3$Jv0-3z*I~Aw*`JysY3qm496z^
z^JqBU>*W6?QYZf<53UV0{UfRY?NF@C;Hz_^n8H~L^PL^gdNoMv#-P?eqApT@AN)uv
z$vtcUbND(u_bxp^s?`7F`drBZRH6S355~JD{_Ajb(CL4hNJURq40C=Nc!U*FU0x6t
zi;?)n{v)!^OSiF40sJ#W3AnX^YapG}6q;wRXAFwGFg$$+zJkgAF7ll$54M02)TuAI
zYt7fW`o&|7{V!z9Dh#0N{%^cDHuwK%zuW&CN$u|c@<<iUp){kFno)F2M$%pGtqD$A
zxzn7UAA&RDM_gC3y5sowXBxan>@&JRoMK118!D)Tf9y--f;>V8hjfM%21o{xBzt?;
zd{8=-^qx~){tx9Dqm>w_;{Q84Is4z<UWfm`k+e<|N2)6p0XNz(8x<b~FRsDi8^92+
z@uFAb+C6l`25<rYB0juh1BWbx$+{1z-z#cQah0-=K*r(Q8W-rEj^T+zpccWk)=;#R
zZZ#!iwJ^+i#^q|S)s1$oJz*cbhfH<(|3WEm_rU*mMh8Qa|L+ew{=bp*u=>BwdesWU
z{%qh7iiqUpCPR$9Wl$Sozc-9K#oeK}ySo)B?(XgsDNc(!6pBM}cXuf6UaUZiyIYX#
zliv3^XWozRmrOEqWhXnco4tPe*GX#@BwZ?-!%wSGQER=gyxf27$nazT>am>>Z3C|w
z|B&|`$zio1EnGbSsjIACa9pEjYK2{=^0mvf)P?f?Ni7%HvsV=d%=2mdP<u*W7}#vL
z2B)J{%TEGNmg?%C?;<v)$Ym{H&BVh;SAr@%%S|V#Q#RYjaK63FeR=<R3*r_R@A6ar
z=8WzEP=3R(ryPB%E5*rMYSbaIPQPHsI}V1H)x?-RFv5V^UO+M`0M5@ZG9JZ?u2l|!
zu4JouAf;lK(MQhgvHa{obv8(vA?Y%x0V6E`%b&Ds*;zCYNcQfm%z4g~kuRVDflzHJ
zovc1HXmLwaibCF$dQw)%ZAZzhU8Is_#|up^;&fNJTl_MX;B<$==jSr#N<wU=v<sFo
zKHs+^ICAgxR*TzJ<vYAmQi1SSGsSB+{Z@DVuy$U?dX|IF0-1KI4DtEKieJ7N?%jTa
zKOnUpH2HO$5I3ZI6r6R-!+WW*A0yq@V`Doc+mekZ-8e0<XI|<Kje(_`_2&R-POt$v
zVff}nSn22bQsDxLymmzISDEU81xXL2g4&<PEJj9BsI25IzTUj)n^uKs@^x}f32=mF
zcbPQeJ51F{2=rDtEISm&??WC6vGp6{@aQ6Z6NviJ!q7UnjJ8<s>QMzBY$><WvDlUM
z<5_5~zyV=K{m5pdY_eVjvkizBm}-~93S$E~zhyuFVI5#Qn#R0@KI1-{5d3%&KR}bj
z?qJ~=O35jS;ywt!Dm!-zclU)<hqviS6-&A>{WC?CNb;7{VX2*+<BQp-GoE&87*?}#
z+|wS`k;)H5$b*3tF3eZ?MJN*<S_=1tJ08P<q6m+Dn~LPWY@2fJUO+rZO3`D}oPY}W
z&Z6YGm+6^<jO-)7e`o!YXa0G_)#NAjE{2X2HB37aW;W3WL_gdP81&HvH_ma+?PZ|#
zj=bv=osEtw&mbp@7vj)I+ZNw0UQ_;Gob~9nvXu<@TI=P1>RF(VB+U?x;bt)1q6o<P
zIj^BJVeo}+Q~M2u9KskzR=OYk<XfJbZ87IZoJ{JR8CUmI6MX9C!keEP?VIbG1J+nH
z>r=qeVyO0?z>c7I#V24N9=>y6_X6xAT`>=u?e10bBv!c?k!*NltXm*^V<df8|D1Sg
zySbxMH|Q)vM!Wly_*25}wtwXTz$Syb(}Wk$KM4Ztf_+AZg0a>h_h+aT>HTf@w%IlZ
zlHNqcc65uo{=rf14HFS%Z_naE56A8LiYI@azNyg^-lLM$WYiY{<u5z!1~QK~t6<td
z_L$Q=k}oOd41>pfustgn%O;*-Ozi!rlgnfqLYBTj!Jn4>tXM{MqLl(|iO5J4v3#P{
zc$xe}gi8T}P!q&%*}2QAd)(anPpj=a5_j&eAfvt^M8nmNoAx_7c=*uc#kspbrakA#
z4{gcZ^gY3jM2(>b;j}IZB8hj++w1V%<D=KJ=4S*Kqh%baP9~g5f%L+)IbkzK2-8JK
zos;>{x0opXcC{GZ=4T2}bBC#n8Cv^pC}eg!d=D+H-1*g5NRM3liWZpoksblnxHJHt
zuqKnq&FSQ6lj@~P?JNWrTb(c=QCIy08A^@C+-6)nI|kvyTkF+FEyqT&*xCzFsLh}`
zQ&~!SnN@KzAjTnvCsTO}r$+>pT60ekp}#pxN3Fy~LZ8S6IbpvvaI_oL*kS!(g0U(h
zOu}p4J1DvuZ7fm8g{f7ewz16PbzLS#sih?RZSdV5nU$9FuVT?p?S&S@ueIKVT<|Bd
z-`}}&y)E9a3CfPnWzx)@9y{a5E|qKDwc(`sEfu!dV`Rlzq^1p<a^Kbxd($`F!QhUy
z!gr$_JuZ_X?ZELqxMXSGpKr`&epkkmsMFPYxh>@lC52a2<!xVKBkcS_#qMIlZH@bu
z#^I7q-1i24*xNbVJK4K=zS-N!FB_#_=?m)Yo?s?iW6iATEF0~tDt~)jl>NFsi#)xu
zRe_M}P*1nqUt6UUwXQ<;+1Km6raqltO{+l5kERoyV*+I&z;)`dZ-RO@rJ-+ot}&~k
zoTJt0(}aP%+1gJ>R&C?cvBoTGb_xTX?5Rgwp(7FImNOIu{Y-<1Hav^)TDu$n_SIy5
zBzOtJ$9}kL;jmZVH?Dg0pJs9ecLvb=J9Pq-`VH?{FgU-5*`k&PvXWZaYdVd$mO1%j
zD?9RQYLfaiFk2hwo=x0GlvZn*1wE~%EypaJ41j`G5fyna0QEn~`!FqVK=}i(zD;p)
zcoi%R)J+%5flZGI_OBBXW@q%nV<j2`@~RX2MMZ9A?tPtuklsG^jnE3EhdqB?UYh(-
z!#*hOPwzCQ`{T}U4dXc`(Jpd*)DE;2Mk{<!9yp4@G&Mi0zgu;Z&+oD|t)cC_-ZCTg
zeJQl$$LDn7B>`iS7KDdEUcGS^T`Mo+VWSnI7Dv^oN0$yKTPmjjU#>Hj{jhYhiWs!y
z#Gk!{v3D~=t7Aj$jO-&VguEn#1Qb)PAci>f<wIZ@wqK_QSQqBF79T-;F@DXDFZRj-
zYUDG#p)HiEIMC6VWupQ$_##UWS6>>`L)Oc7FDa|f0@w7(;a5~Oc>z;0sLmJw<MHDw
zFb|e|1Uu5$_gn_Y7KJv;YqBjitiYE!+5UAV3NSuaW5ujYMmoJOHug;XsC&Nftce9A
zIupIwwGAx8gy^0CUDDj(NAOnrF2qmrd5duN6-b~HgMaZOijGPbYjj^TDSo~y`CQVL
zCI{|P2w7<jfq!+1c+FACN1$06XVBSgI&Cif5VgE0SUfR9hB@eA5%;B0OcuWI8}eif
z)j?7}Lcjlw;E$*VEulLcy=`eXVt>l$g@vV0wInqbMLCp59M=d9pU2Ze+SaK3@Z?0x
z1&<Uk2hrn$79!<&z@>QC(L2BKuY>p5mQ?9J!DFcn0Fj7;Mz4L>k_3PwjY5WnMm{I<
zH1fM`C<0+4iDo%LhC5rNZnx5=BODCay7%i%v^Q1wkoshn#F8fS*9|ND@}Gy~cj^n}
zLf>U-=%$ojlTm4^R45)2ca|_$G7&PzeL9Pu7%C{&e;xGQQ^hp)X-w~BGwk*#@V#6g
zg@1kqrNA}lTZ3<3OmAA?EpElo+&=Y6e0uRq=!R0~`y=T|r`7{_LdG-{y#qeeFdE3h
zyyAxDd7Zp)@5xi++>^-&l1TW3zV%Auqwb&{&wZ1a*|Gf?RyC30yVQZcSgsvvk?E=p
z4sfl}Xr`Q}uxT>I#?>y`Ebo-m$d%9zr^*k0@3LN8Ev0QN+c}!_y(bB_B_GIo38uw-
zig^>?+Tgv;9}zCP0Nc_i;54(hNK-yfVci!zZij98!gYcq#Ghj@{^9-}TqWzOIi8X<
z0mas_KxoAEckHccn?F0aZNE-Bf$xo>8Iyc(LnZ!BHUHG-OEz{Utdiwu@w)OjC#<W)
z@NuWO@vWgVend$#{32=?fzgF6<o?Z`m8ip(DArlJf45Tt{1{zsf?*?0g873ZqTdoZ
z{OS`L)bxI^C*~ifmrGyU*(5;trE3!uOmpm?2GI5osD4D(qY0>QIXw-*Y@KoLdRZ?U
z6z+@E`Uce9A=T$VyeA0{o==xWxfic($;D4Vr*E(W={2(M)|x2B^pB>q&@GtR;zK9Z
zricJ|&oN>`jaKZ_QCtg*JK_v8e5zfuFHqN5l$w;se(>0hCZTcha&7g^fq(QUoeVmO
zx4uO&dhoGO23Z4AU4$AdUvS~cz0Dq^=EOSOe~qvO!jmymTo&tpKIq=V_2AJ2Un##W
z`|eGe8sm!<R7={-H%;jzBI|w*UvnZGDsf;LwE23yDN<Rzy^jcIIn%Erqn|?O(0AGF
zQ*~8iyQVaoQi);`c#tRgFyK8_?hEMmQa8;?zF5F<!J1_R8Sx<7^8NWPcJw$ry7Q57
zcb+ODrQPGpr9yGKxO4z&kKHq6ZaDRheyX%tnwjaIz63Iun%*_Z-e9MYfj`oYYdiH(
zn6YTfna*0ULlT@#z^*#0Qm2wAW<(ME^mcQyxAT0m=t^&E2)e<7J?qNoRk-pg%+J2?
z4K2n_rl#m3o7Z34Vh?JtB=g#JF3o_$Gv++dwRroQjy2e?8E51cTR?aVkmd&oyuDd+
zq1nn)sDg2pqZqG?^kLePcI<eahOggn9TKYr7G2C~zJp#=8{f4;6(jwo?u28@Q^ATi
z@PY_CAx)C%wp{3zbn95>-zuK?J7jVF^3=5u7~^(nJ*Zu_i_Uf?Fd6zhpi^<Q=?vK~
z*=?Xk_F%*!UoX)xw+&%pL_VPgzAFu@^qL{MDFrE7%Qi?6CJz=;6nfzNJcN0pTddzf
z9FK$SW9DF2`)J?A4ff)>veF?UbGxbh)-}WS2!US<NH`)(;N$q4iSVu0tx!&DJ1?cf
zKqm#vu=Xx07mEKa;yb?9nFmrC1M<@QK=b{h#)~_LiI|X1UeXIaN#ZbH?F2IsVv~3(
z9;yO3r+PSt`d^wJsMZf<$3)kp+(tFLB;<C?Y(@_*y=ml~#3mL+))s+>&Vl=zE*>{W
zgwM@Zvfak$Dpg4*s?{2tP=Vv|bgPk{1fLR`>!wySCUp7~{i7O}v}{N*X!21_lf=+?
zkGhU%%GBN4F8jf_{zvh6{N5X(u#q=THR@ipvhAZD)-H36m1FS;<*%eh5veI^8U5iL
zLZW?}@N-^_7Rnc)$l)^|Kgo5_+(jr9gl9t4`v0Setk`}gQ6U5jA*P2$g6hJqJ*7aC
ztRaE+95>%JmTo_k%V&kz38l;?8yQRFEwhVG3Eb?ezpEJCni9lV{rm7>7r;UIF5>I_
zU*E$&6m>iK!2QmCT|QeKHK$LYU+=x^HLs>E_V$W_vlj?YOPA1N!Doy*gc`*upE}|7
z$kbI%Hmfhtlm)YFm2t##X+*{Pqrd&B)xO*m4<Y8n^e?Rl{%Hq;@~DIGvstww%Pk)d
zuh)yGlfnCWP(=k7>6a}Pc3p|n3xiK+pFtG4`7J0EA6lYIizJ*Jd1*B$*OMbDo2sFa
z82%1XZBexgiJ3kcEG;3Wb!5~+`VsWyvra`OcG)pv*Pu|lp^&>5YbLy^UUaI+oA|cE
zxG+?cn?7};5qu0X%FXi4J!r`<t9#GKJ#XJ}IjTs%tT3JWuu~Fbx7}znRQvt>&X{j;
zx<<nF;#)}HJV%Tsy87ms!_mmjNo#kCIP8Os2+J%tRT#I5`Bfj}6A!6FeXqmRK@#K=
zYt4l3fqxB94xkVu?U;}cz4t&td?lS{@f_Y&FArX=tX_>!r}2an6}yzTC^cwG&YVS0
zzN00;EKi{E4WKZn7n6!$IIT+4Ns)%#XUo2KP8Jq^gr}k2I2$GCe;b-qqsT{5l|4PE
zNP2kqh^N*l5s)B77w#o4)Yn~6H?z*8Pye}ODPJ8MA=&}8XJOu+I{9*bA!qfCJbQqB
zUn83iv1>$^xxU@IQ$X17<?r5e+e-Qhz3t_Ucy6Atv1yQi=+>%0<wx&Zq4nK`re<~{
zrPKQ&!WnKMphsTL7aPx5LgEuR?TuQ?qs1GKn@1~#m|0BeogO=q<u~It9Y>deiYmAI
ztUS-N1uIedmK|vWW$^QiJu~UNLtWjA81s?<b0xp)&q6JCjir6pbJ$(tWu$lqV<kHY
zuUZM@dFHc~GB20F)X1S1F^XS1!Y96zLDScHzM>A9L95)Q&S;R=1G`mllKpgFNWN-d
zbiln0PqUY{vZf@W;ta6;S6^qlvE*>wPf>yqQEygV#dQZd!7G!z7Km!INdq6~u-vy2
z_iU~CFJE+hb3Xs(yy4XuEv-K9;pkUdexT?mNTKafrCj&RM~lhQ{8XIJn*SQZEv(Tl
zi}&(DQ7dGjNj3ZJsrj9#5Ge5msu-s|dQeSYZ9yn~5}Gy`X`1a+_%+F#kk#miYcvzG
z#BpqC`{27mo46lFOCOWuws?$lQ{1tIm%!T0ewIT?v-s0N%O)kmj*3ed|CmuKe?re1
z(ZOWq4Wo<QbiyurO=Ht^{LEj{5qpD4ADC!Pq&wk61yM!kl$K(SoXqpn3S%re3Z6YR
zv=-3~4w#uJpf-#>8#tbV_#;nT+W1p`b@rGyG}SnOYxuz5!<~NV)c&Ny(H4p6(VO|`
zL9Szmb+s?7d~d>*6gwE6@zV+`PzF^hU3Bg=G(AnvWkELz2gUZNsGOz3jM+7!n_%(y
zu|johw|-iPNpnEduC>WxB}V=u*8Gv@A9F-cSH_UfNvH==bS~37qG=G8`nZTx;lCtx
zC(VtlY6zya15P+@N8OSo<=DV~X=*E^et{`{4S$I#rISM_kB}i)mZMG>I(tJj-aCXp
zuwU95c3ZD7(wK=^{-9exN!r#P;caq&UOoGfGboAt(NLT$Tr=75LIPD}mNi1*lc14G
zSEc{Bs1Pce=ta*ReDD{XQ+XODjQM=5E7YJ}*r3<T*erMd%&Ni3lIe)7uk<mTtIY`E
zfa%2crY-PqS1abxBYAq=pYR(xi@W8pQs{V?Q#_<2KgkCJdH81UVQk9!gPS!inZ7Rr
z)X>*sPM?X?;5IFHxK*fT2<1?ktd3*nE52P)7iO?2(p0bu7aT5h6;&4qX16TFwphSI
zhb1K{m1APx6d>2=;c_hx2{1G#ry4Ris0^W)<F9m*8jKiJD}BY<|4=4nZ2W!T_tMh(
zLD=;_!6v?txK8c<K@Zi}mTGX^_{CoPj|63Gl?W^;M_}%*ghlwSgefDII*i)^<}2!5
z;ibE~7aXxnUz*w;_H_nmqwSwwgGumqRr2-DueyQ`tou5rtWa!2X{P-&iwMC88#8Wo
zgTVTSnAQW-;RUe?1u=Ey^Q(_kgDi&;=j=O;1r&LqUVl@Fc$aT~un>Mfz&HrIFu*6M
zV{^;!CR>A!TCV1g#$_Vci<yt*%+ca4JB<7j_cV{3$_|?<VH-1=KVIVFPyd_iapOl%
zpEGzOLt04sRb+Q1m+xU1?L4wfR!Ky<b)T-AYFSoydtY>{#qm^PW2GwmQisHw^--;*
zTUE}}G=^qD=d7T`UW<1hP?YSiy2|%?oPNUS8tgHr2l$hFe^Y=xL#NA}?XK3BGZ$K|
zGp=BW7Lm84_GZ|(rJFBbtlJXVmiK^~8OW%KKS0+YnbK=rZUV$@9%%msfbfidWc0b~
zaSvGaeKJHfBIYAqWB69x9U<lHrj@daGeNp9##+7d=UGeOsQqY>c<qxNPIUDL{K{tU
zkyGY-@qyX-7MeTyqg*Tk*{p!&-S@f0OyLYOr&XQ1^U;6{2aF9~D~{$uItE;)YXO8D
zn}0b<EL&!0ds>R%4R)F9`@%%=kzaN8Hc&*=b#0)%@nCeTy)`4*R9zs~LO%Gn&D&DQ
zTuSA}BFXNUK2uAOgM_QXGM^uE&0nn4xbUQebgsEO^?<VVZ|O%ptayTf%O^pi&wKt5
z37iO#y<yhTV%Ifv{+G@aKDQV77t6n~lxIep&eMsRS;qiMb;n=MA6(#-)oy@@;_P2Y
z0H>nitt=F}{QFA`%7gWY9w){-cNQi`r!zd`;FIi6jfz2{k2&<^r~DVI6HLMMp5zR?
zy8!BrrOJ^X2-q4JivwD?Nqrt5!1n?i4EqSoo@sEKDmphMI%FRw=f1qf1!xIly)=bN
zGf+GINg8ft<kglvuW@lMSE+<D-7SM@new@J^5jL=gm3<wNvIZIqD@9)DmkgDj$yYs
z(2@zo%<i&2gkQD)zR)>*QUuF_XtM9cTG0|)*iV}v<wt*&bf%n3!Aj8J2ye!_YtJ2=
z$_U}WqJls2pRjcd1#qK{qu+2fWnU_0!jH0a8(%@xsydKN#!gn(UpQ}{46mtfwyzYv
zcve`<<ZCf=(Hl=Ec9*-jt2qh38eFuZauAI<P!z$*HMq!ftp&7=5t^RUw-k>VzCYVS
zAOd$MYku?ON=RDSfFe-0X}tT|)+W4uIRnu!NFD)=#8m|i^ZV%!8djlCIqg5nYGgnh
zb0TEXgi1{E#oM%pg_bgcc@~H_&nhcKPZ6X0V7#jFj0VhkI1goZQ&+2^t-#b>FXELn
zSN)5}rcO)R{2qh6ID^=kq(lZS)$lcm<@csDaz$IQqFuj}D)~=LdqYAj@>L}-T`vOK
z2^-0MJCI23pY!Ji*$yUsDs?!vHlIUTQdmKKe#1tpP+HeOZqA#l>!n%SKfd65dh)a{
zpm}g+5Ym^>qTBFrW_H{yYQo{(o|GUjp1YI+_z#6{t=|DXUvt3X7f*nk#_*)Cag*uG
z$GJruLXS0{o5F<dvAAVLd1!4-AKdmx$XA%P%I=RKH(w68Pn_86H5kV}@D(_Azh&Xk
zADvNJ`|Mq>vvcUKO(q@u1X*1bZHx*~B+3g5g2ly-AfX@)Tc8dXr{S##2Zwh^#=HI#
zr}?yalyp#X6zGNJy6SjkY#XsBAE8isyiOF<1Q|OMfWBI@=>I)b-!o7rUKA5O@3~B3
zC!p*ov2MFBAQ{j4VwBsbLqNd8IEFA*c#|X^17UE$jYC6JP=u7ISOKoxCN;P8{AlR!
zkFZu1TmY#e`n7Bb_^RAm2T?78hI|o3%J<<-*Z}#WTry4YB`KOPa2XGovD#r5^VT`>
zLSe-fMc0Rj-Hh+-Z|V{1Qqd60+Yr+WW;0^_HMm+vhqVi3WgJtLA55}284~yF3I-+W
zg=$yBh`ML85Hw^A>lenT#8MJ9Ms&k#wfbz%V?DpqpNUt%eZK=gz{UEPi}t#Q$EGwU
zh|clU9@KcvCHeIzqY@pDx+%SC5NhUQqcBJ2Ti!jhELCj0(F5s?p}0EAHtsQD+VJ)e
z4eYso%i>M8WilQq#j!s3-@7|r&w%H@caMoHqx1y2m#Q<hiQ>6$9?xRmAh)3~oN0W1
zsGgf3skgJ}FEyBHE!D3xScMfS@Xy9_s62}~9ES3WOT!B%D4%B6({zsuZ4ByMvgj8p
ztJb6Hol1+Vi1wFnj2W9~0}W$694~V#&iGD@#;DmGYqI}lCI)h+&_qeYLhT6)WXShi
zId>IcSeZhhbr3znjO8*G7r=S*S=WTG-qh$5#v)Z)+t!XwSAEL6@MJ1Z99%Cg910b-
z)N>Vy9hT(nA5<>dEPfH4wuE+U-+s9rL8b9Lb|^*EBluOdL1C+}m90rK>-GzMQrU5?
zM%k4udnoASTdMeG#o|Z%)L(@XZQ=C26O^mT8h#PJJWH7jAHwf89aH02&ZLd4;xl;s
zKal+r(o_B1a~f5E)22rMMa6^XdjnF-Jbzy`54;>@sVbNq)1Ruwh~VLanq1U6jNb%|
zbS88t3i8+}w!^Cbj3^$%vE2mL8~jVgbh2ZMB<|k%+4!_3>Py}8CGmA1L_>X?0jvDu
z{EqFn0F51hAoI?lZ8%5JLmHW=W*bM9(&u3PyuP~aVcKoR`?Z}dGW*Bw`q`i55K?62
zuf*FzoHrhxDaq&Wu5*(#_Jk+je-|ylITM5ZgTd9Is0>*A<r9i6<|pVde{nC7Lj`X~
zJpy$?mwgXYkA1se-(~<$n&ar(;MmK=fkpoQ*~{!n11kyFgzn*x>9)hL-*@jMB?vDq
z^WBd=*9}paa}>?V&Q7#EG;c+Te&K8X@Q9|ow7OT^1fs}lSy5zt5~nq3lEBmk=MTbi
z|0mWq7`*wxZ|AiyG)*3QnwTC+C{#rYl%w{VZl?J)dxd3}+fTCld8SbH<bxWkpWV@L
zZ8S&!B_s0Jp`0Z|QG1fov8ZQ?(dcxT3;g-$2ZfnI2knu3UP3-~uQMrgN1yLQkC$IL
z+%DrIvdFPy1w9FxWr=QmLLl$brDTbwyWlP1mdm}c?}Zgv_W`&Uwg=n$r4YrJ?OG7n
z-^X=z4d6==0+}j-`_fL|BDG<oBA0ek^h~~^ZE{2LOjpcHG`QU$dI$&y{6f@u1#HTJ
zVV@|kgI#&dPmnWpBt|V>0Jr520wjrDPnRSL;zEF_Pfqf(fXW~P4L<i)XZ<iq>-tEe
z&t>T#+s_YP4*kI4m>~~rkamRzu+6_6eE#lH=(Q}qn0_26N?TRROYCijBw#%1@<|2E
zq9P?R&{FED*-6E-TOiXDOoLzXmj$K4w0WR0(S)EV;+qC~@S{gsnX4)E0|=jR>>x2w
zX7C_Boo=wu86*m|F)>%SCXM{K+SG3Nj#MC(0!GqNL;#la!F0eXm;jXE!F-!BMbs6G
zZ`~=GrF#5_zZou5dAsV#ZUP{I?yJ;-<ipM~UxT}a&;A87X$FIhlba56R|X#Y%PF{3
zoJTA2KRNv0(!&eDC(`(JWxBX50qC4B3c2Uq@NviW9qMn*4e6L&N(J~~AZMKdBziy&
zxv~cEr;rnXPvtr~-lm^@24*O@8=XgIDK!80h!BtSpz-b7_JwcXVDQF=XRLD|%~w@n
z8arW(suxz!_t<>ID~Sf#POEH?)=jpM4E{LPo`IS#krUozWYzCM<ux7|juAC|+d;AX
z9g#K_R#7N+u5UN>HD}S2H+6#&Mk?_b5RzheM%~tcA+i6adhvF6G2mhgY<%cM1OW^5
z-38c5V>c6SE9wgRA7Cwx*#<33DKx3!pm8nu*ohpbKJpMY-swur=TnuAK|sF^+6%W@
znHf8~(@Cp8&9M5dx9eOZA{uBpx^ZDC0^q-gF5d%+8jb;BVxQMwnu_^1U~%tkd+;3e
ztk*>v&)03tycW|@b;H{3Z_v2n{&-)?_u6+%rbYtpTO1Bv|KQ*O-14jek8T8wVh`-{
zMd&XpimetvWdQ0!{`a%y7q7DauBU}uRhPjJa{ikykVn!C_?B!FqgqvYNY`R|I83K8
zEhDN2IXgDG*@~Xdp)BiF+$yTESNfGPkJYT+=5^Ga4ZHz?1i`;QD1rd)dNyRt<-H<5
zYBO+hJJOv9&)1p8w)^U{kw-n2zC@04vlGQ#0>_8>>zmR!5_f)C*P-6n!B5eq3%{6U
zZ52Y21@^*-J4A}UU#@9p`0dbk#O8TTMyc?nyeEkcwxE?+a&6hYI@e$X(s5b>MdeK}
zYkIS;#iq6PfwV+G^!McxV6%|^<tg9eL^EA~h^*~W*>?S_P^RItNyia4VTk#O{eBAk
zP%qd$HRyd?l*SqL+pPeo`wgc(iw097CO}LcjT?#)IgsC;8=D+TBeguT4r;LXE7U=M
zs8|N&pU6BPq=Ov9GdKTi_oLr3H7cSW{BC0wBrcbIL82mrmpusL&ZD2;aX(%kMln&n
z9AV$3`qUrz-1GAtm88m$Iw&E{eAp`yJ-u)3S87Ij!tP!g-@?vvpKl{+{+-gGl25gb
zj)d=SgX_b8l1L{d*Qyj02l_FprbSsnf~b6uFe>c}wi0}ikbz2VdN|)G$fKdW!AxE<
z)+0#Gb4JJYk;Wh5y;HRRpdZA;5=IcuBZ6<4Ypkm>CZHd(OGCMl&@(I0Es6Hy7*~)K
z!l0t`Fw9&OhwcuW3kv1SFk||~K}ED1$>zvScLgFolnG$#{MS2NxRZDCTN^FMz<s-S
z{H?^La>$*H`*%E(j$>=NqM#qYT?b73yka0-;aQzpq~yGG(@zSn<z(Plb=o9oLW>rN
z^atIV5&+iR6?=O>^qRc2?Ec19VSZk8px6v$q0_U2S|?)EfW6?Zwp781@k)?cjG}eQ
zEPMP9pQz(=`9XH<j^4iI@3^vX6rOwt%P)cw{uiij279$*vT-*jBDTqWhrgobUo-pj
z*yr<0ZPF_}uKQ@hCD_YZ>PMrYbx1}eO?W12lGwjNb2sTEt?Q%}w21h$))ap4^t{JN
zIT;I%kNzF`N^y?C`mj9%xYF1!KlVkW%qilx>M%DyleZXL+rhiMpCnH!KHocu&`bbk
z2giq`H`uIhkwcf915eXS6<;p%q5*M{Bgo!eVFaW)12zj47=A}mTqSY1va`oEOpcwX
zgV-kn5O+V0!QBnjfq0wW7XM(#y$<=Z5beZ5-GG?&mpQKmZ#v4=mvb{xb{(iy$OFs%
z|HUkNG^jMas~DULGY|S;RHV0|Uxat^ecg#v%AUB7?$g?&bx?ZB$ybY^o=}W<!V5+R
zV&w`BtTy2vqZ?^T^lz>Yuw4wl21#o8U9S{J5f(nJ8n)$(!TS~Eed5t5-Ign9Yn=+&
z5#(d#Y<FC$tU|MSKxp4clhuV@aaoN|YiQNn9Q`e}-5dQ@@er{?8dbIV{4aJ9_mulM
zGXhCg=qeT0x&7IQ2}-V<3HG;n&7U6_kc<R6ldS{+MmlryW3;V;V_55JTox&9oh4no
z8hmT7x57Fh9x2X9m&tt82!Vuw`tK1-AMHPDQbZ>T7L@v{NsPl>3!)5Xa7O-wBKtyK
zMs=dk1vhlX%}b2q(=iMq@Q$fAq2_;x1vEwR)qi#@C>iaFr!e?frGtw1^yiH9@2=ks
zEMIp#h5zFhjFytCa;Pu_bJVyW>Wq|CC0+2Y0Vu}&Bkjy!*4M~}abUD-^QA8SJt`2{
z6qSzq;p?w6F$1;p_)qb;C-^}b2fu29)tCr`8#g%RnQaO1T}m&dvWv=yzcXZKg=Boo
zKUJ;?f!4uYd{dpMRLHk#Pe!Oq@a*am{&Qb1L7CRH=ApQl)5v$GB)`v$Ql@#9gM%SF
zDSZ_xFz1iW@+1jSYIRS|3vj=ry_bLow%0@n5AJ~6e;Y7+>$koJsft*PmhO6S5`i%4
zpF?<|j9OZ>;f=KHI=COR3>@YxxjUByeV6$2metNIEv#T`KE1GaxVi6tT%#W5<=5FP
ztEv1fuEVFhHhc@?VGEYb_TOmW)|XEQH5!;*1!XoCeSVe`gndz$M(#8`O3Ss5GmnYQ
zD60{?M%E65o##|hv>rQ*G&6K<di9e?e_bbJ&iLq#ZVw|h5{gy9v;B4J2cqBG7XFd7
zf3>tp5PUG^S!}f*^KZ)qZwlU439T**R*JOdKS~6`q<4GwcbO6)L4ThN-MJOy?CX>#
z1LIfpJ0~7?rKU1z2C@Y(GPIKyJgd#w)!q{#J=l($%mq~z;nyjK{=?<+7t)pv69hjb
zM=7jssCwd~0Ec?h6qM$-n?RDn*gJ8oD+2Z2f3Q2N0kMt*_-t#p(|4BeuJaZGMjhW&
z58uASno|umWzt6<XS4C4uY*izqd(KKY;iLXb7B2STpXoHdvGHAU>3eocFONNWbn?0
zMMg{3bM`xXMqxQK#eRLxNcinXh3{@UmLK+BQk(W7Hm{qWqpL#7O2n)t3qY6*M`tP8
z24VJOy5!4ARhvuoj=x+({9!{DDH^xTPz<}Bds04;YN_SD{;jlCu^9SR=JbC^e6mbD
za#?gs+dxC&nsx7pzd7|Zx^kar!#tr|xZTQPlZ=Aw3*#Lj_H5=~mgNMZJkV->MW4$Y
zHs$uf0O>qDwj>}+cN~r+Ee4R&UJn*`-iR+Sq`&dai#z@X5<b4>=f0^!c(D}XN#G^z
zMb4$+WWp$17iTR~b`$yR3-mmsdATe!PkXV(!=p>&bdf;bBQ>v6z+nW~$N@V%0T)@<
z`92SioloK<3aZh7q4-JG&D%uug_*7x<s%h66NVp1wtmJkujfG<<1?@0d4jL1R;gHt
zmM*yM+bb7uI<VWb2_b)Ij+4iOV>jC#HS0RgedJ(mH6ylF*cpgp&<Xu6m2T<`4}2DS
zjn;!zZBNQlPbL6N+bOAdo)CzT44w-BgvC}bw;=g&Q7(|{-aAO!5ir0CJJR|zFdQ7j
zbH*2nxx$UKcOx2@`MCPth!ObzK=bAt0~o0ETVVdeZRHLix=0lI=Yy0T1mb5^IE&*_
z?}C%YDYF95LAo1C=|+@Lj@b?8a%YYr%q9tu4Fu*t1B>>ob38m<I^+;joIdYS$bis5
zUqjj{xY$-{10Gs3<!`g%DhL2Ml@FYzC`PffBDCMBMyX=|<Y0&9WWAF2xpX51CJ-Fu
zep1xUC)@FidV{+pvvWJHBruTmg|;1&fJ{N>d0v=A4|!U<!}@h1gdxgq6E4KpZ4!X_
zKC_V*HzDkZ5bY0~e}?5yqbU?*bko%K^Pi)^$SK#k+p$f-;kH$2?oU5Sj~I!tJdcZ6
z8}%f%r*+m4d(M;Q|5>#x>lN2(^1fdR`o@wHa=|^3a)%H}<R{~J?7@sd!9mWQ*)386
ziU>9!p}&T(;Hb!fS2L5qng4?=npwU(oUugdAAITX4`}!tgdtVswDZDr1z>1;bug5m
zh-UULld&Y!dW!i0X!Jk?y2*C52U}{#=4TPyWO7WOAIrE{sbr+Pc4vhO0^DT1Eum+R
zvI!=&@0=5@Aaul9mFTH%j1)d1ar0r)_H*>F`_d1`l`LSoydb;TO0_iEU;o2LBnLaz
zvUW%(s*2};!Pn1Edpjp@<7@vDfg(XQR5l}BlT`f@nYlsvxV6U7ol%jek>x1l*xNzi
zn3HxqWUrD@b2*{c_}NdVSx(<SxlLuwpylibslxf0ig%&1uog{Ln1NG1pRqh&pFZz_
z5q!k-*lX?S3h1&;@mlTRgLGoUr_wWn`Vg!yuNTdo%Nh3fq6U7D;ms*M%jJ15IcNSE
zQ(t5aoe=Du?Z$k{*30^pRX=^K-v1@0I{4-}nZ<wWy^zN+`+JJ766CacQ^>KAE~Lsf
z)hu>yd+w^H^DCH7c|MEWMDN9O*1zjv5k=U2^MY+{^U<tq)~EUBl}oADgvuhObE(0X
zrplDES_QoIl_9<t`s<(Y&mW}nNnXx$UOeoUY#aLHBS1FX%`)HIBc8|#`1NVjs6umm
zqq6K^))OPqtG@_(Sm5%HM*C%O{;(Dw-k>g3bocmrXf^qM$3Bh8d~BS0A}EtFK-MK`
z`^Qaj)|r`=oCqhq!+f^2&h4b4r3%(=(#@(3XdHmIU@uNXl{Bm%w)Y67!^N9xGL^!}
zQE8xXu4jVTiCgO=zRSC{gNnXvEMk<uBRI3<ldoNNF-#%|$Y<Z|vQqN80G5Icze;F7
z2ggl41`qaZLjE0GagP7Ki8EXSvC22S6bdQ_Q^_QLQf9|_BsgQa9S3z(%uEl<W5%ep
zal(#W_SOBc)!NjFjA^5v72nI9P;#kRg2s|_Cm38;qR=N5ShJ}6f1XWDl*{}t_n{a1
z6h4RSO<Ovpec)oCtQ;_D;1!y8IzAY?CiEJNw*~Y$TmjeM-e{n0`){x-ohUWf)qRFr
z@6~5=%M-1GUw+G?|6s#Y%Ed2|k}~eGVOHR-TX!e%UrAHpGs{C_YELaPx)U$lr%ln4
zEO#*!8xUEk&}%-nD=pd;6F9h@o97-de+2t;A7fnuemZoK)MJ{(@(|ABHQQYbGv93N
zFl?s}E}Qsww+#`+CF)L^fKOX01Ig973yPwWH2Xts1ay$90^$3EYOx~)M;_U@uqDZL
zf@5;peMtKX&iOae+vUnQamNo8>fbH$OM^<}W&3V|dQ5j8>P@|;&Cp~B+aGx`qvf+|
zHi>rV&{^MG8H2?KdSl=8ng5k7`FJY>m-83(O_2XruUAMAc}+Zwkdj;jBh*4in@f2X
zYOdG{^rQa&I1i#TZ{Aoxnc-GlZLf$PVHzG~ucy8&1_t`d4y5vCU~dbEli%(6r>BT&
zgH5p_8Ek}qCDlHThd7l!$2i{7<D?V>LAE5jJ^=yJ6>-39a+@CVlX1z!%Qo39*r&U1
z;~x>g^4iA(-iVm{Q&dtm0B!trkiTOz?j0$|(BKb5gq`bhWYXrKe&6|@Ofw~gF#7@|
zYPdfv<d3Bg*UMv{m427k65X(0Psv}n-$|#^P-`~dHO@=_u7i3BKt(Gi*}G0AT>UwB
zyr6x0EVVO9(6+{n^Qed2xBky<Ax$|J7imQ~^2D5Rc1gXhZlX*6P0$h;FI49L;Mqv}
z8u6X-oBgdtT?$YK^ID@(@@6YO3XJ-{{HI{b?akEvxst%UW=P_?i1r&1YN&c*)AOpo
z@62<1@}zL@vz5k2a39L6Eh;d3tzrvoEBj%;_6;-@yrkfq=g0n<12N|fic!S_?ldJn
z9*pTsAV4w4w3G?l=abY0kYNbF%*ri5deTPi9y<{Gk1Vk2g>C`z)u7R<e6&G+4O+ky
z{z<n4vb@W72T1gm&waCnJa<okM<|B+opH)rKcFHzk(|@XeYBB3YvL(bVw}}Gx$A_?
ztpu3e>Lmi4U2T6~10Re1+kwF2Z$|E#JWl$a`j=vyyQ}#M39Z^YkGHVKvP?{Hkzb`u
z_Vi8e=Y&$oH12F6)+$NYP@+LFS}MWuzM!p_A%990pZzHUtN))D+kT83hid@uGNcL=
z%m#^uwD|)q$;~NX)5OJermI#a4OSDjjuzz5%cEb-;YefXj%iT!_~kZ0hlTdkw$2aB
zw`>LUr{L4<5JezA0AhuNcmmyNjtfA+#;__KIeNF|e}y}TjTBUtL>Tl?d6IE>F_2qf
za&z=pmv;c>Eoj|qAUPV~CdYUbegWhbh%bXTHUcj~!-4XtF6a%Hsd|$7lLQ6vWUW}B
z&KJ?B0yx|bj>q`7O=$l77QCt3#YZg_KygrXxexhydgJfx(yYc0Yw_9ExU_F*)4Omu
z&o!WdbooEdM2T+DUtb{YjcXg*+}Gk5LN9=gh9%fFI1`UjhTS#SlX}x6j%%k14kJnu
zPG)9x4M8<DJenY_u>~}8qJpCdNwmuZen>a-@j>h+ccEovwoyO&;K{<*FHfjt!W0$9
z91ADd>4=LK4TX6Z?My14sa4zXM#?5PVygqqEAw?zx5+KTcUrFRT}-E-S=$Wd?9siw
zHfs+JYE<CW`NrRL_O;LPyWV~o?t6~~cQw-^t<z$gNpGp3H0Ii$81W~W$su?fg@tuC
zXjw;XK@t<n)`fbh!)P_vCGY*rFx9wtNpQsR`BPafdFaG!<jRZRrA?d2e|EKom)+#O
zl1A}Y{SR*Q+$9rs$l%@*W_iz0!#uYVCz%jiuyW`d`ay4@i(w^g3YVZbYSG$DA$gi%
z0%`wEK_HiU{V{3Vw10LOPbPCarkf%OzzTv~YZ_5+4h9RATe9$Im1j7X$USs9A^R5#
zxZAx*M(C}sRGSZ1@2fc75}il=DE8r7e*duERCJkJsD96PE}@RdTs6d!Joo-r#Hd=Q
z0O1nS9=R}FPDHtzaXKf(MT30wy^GTRbABvLA`3w|`iXAV#C_lVfE&b$50IUEU5fLk
z=&S&rdXN#ImFDrbX{*Yl{QUwPGzHlLlt0mu2I$M-<Zvb!NvcEa4&S4$1R~$3{s&+x
zocsr674>91-wdQCHKylCCD<^L<7o!#BXBP?Fq&wgG0hIm%n^hW(s*`OHX|vDTxyQZ
zMrR{4K9W-AhvSA)K4V(L_;~Jp-Q%gc@>nbnjkX0^Wh+eke_T!_dk+4TmAeffQakg!
zvcQal`%h$ES`4wL(esn5QnlFsX68d_`}Szg(q?rfe$$Y^80I2bgioi1%e0oe4X583
z*my-feSnmjeVh(6STwk>D@v^@ig>UknsoAll>0@^a3lv@;w6TpugO>||G=UtA4PMR
z?f8Adtl~4}=g{ICos(qID?%qGpWk8@%<^Jh0u?04#D^;|M<o`yDz8;Fg5NF-(&II&
zwrf_DuMT^j7ch*pKCI*%&x6E@2?CGT?D4kG)Lp(wCeTphIm;)zW4;$`S{ATs2<go}
zx9hXBqRQpuu2S2Nzi`|ckp1SSgDcmH@f?_3;P6B(m*S|;_Js&NXA04II%hPlGQysE
zqH2v6rBm~E$_YF3p!$8wLG*e#{f{u5NZ-gmCr=_Pp}&1K;Ec~`MrIf@38`F)pn1P;
zDJJv@lP7XhEH&s3SBt<2udf{T54JJb!~Qm(h2@_It~=D=OhSd>R&&DgQ0e|z8{;Bq
z3{;bLr?ULs9Yj$}1aPF8OB0!``XrTOyfn2d)(9bqjJ5Y)m%VDg=i$CD`B){a9TI>&
zb5N*crpSN^iy@Hw3xPvYQ)&@`lfv%a+OM;9o)n!sKmY6F6aMfgSt}11%w4w~bH2og
z8To`IUTQpZXxBpZj6&gg*tiV!?33iENn$U?MP$CQy%Dhk2xcm5jXfqor$JB*Ab7=f
zAGWI93gOf<6W@!1=86xdAS_WWt8`6J6CQvQv<mGfl}wyXhf)zNw3n?b6nty}aX1+M
zSu;}U^NH=>B=z_d%g`Sej%0=qwHuad5p0vBzC??U_ho*>T;|NHg$+i=z4_`xb1~@=
zY=qhn2M5q4_(#2u#(*&^oV<7o8xtk!k`)>iDV)vw$02Le-PlQNgi-w7at<{geV#v(
z+;a-HCJ91SjpAuzHWiy6(oj#8o@+Ssd``yi&Z!!i+zTC4cM&-8&|Is7t&n5`zV(|}
z!}!wpC$z4p5p>uw8MeK5OcDN0tpQZ{!_<|&iV%YRrlSomiC&u<=806Uh+b#%y)#({
z7mkNDNL>2tw^nsz?z%&wM5Dm9Ym)~QsI5dO!Tn2h$w}&B@{lnnd<s^Aweub>Ja?k3
zr-y1P9TvB+5HI-`=b_wl80QZ$^N<YulJYl3+7`4<eS`K<6l6xOieL2Qf0ec2qS+TB
zs=f@!N7Hon_X-dO%f!iMIgzg5_-(-n@$2rvW;UpTkxRmCRQqKsbA;$Vbo$F8qS0W2
zl6?@<uL%)waSGo2lNyXDeWa<l8&Aq=<*xr&2RbIe)=jyBo-WtN`pV`c5A}mIj&MwL
zs`rvIS`ZGTDzepAS3J3<HB?}BlGkpyq8>&#uZhYqZFM}&zq9D$K6AsF2#ou<*X8Lf
zCd#SK*B&nT7wGA^M3%pJ*Q`qD3A3d!s<S79et7c4mZ+C{NGlZ7F!E2JM{GiR3~}lJ
z1A#+?Z>H8KqB0*(vmbVa7?KubQ6VlBCY7`1AG1oCvr;)6@~F}d$gZr@pDC-zk@S;+
zbqVq{EA{_Imo4di$ywJJc1fXCbLegVw-vSjFauiLNIC2mdOb$eU;!cn3WLR1y7#>F
zAMA!ZMuQ~7)a6~{e}tttHUZg}zZYt{tt=-}qyy7hPM#OI_a-f0>NuhG^}o3bp6w^@
zbO=sP<#-%V2C5ve`D+`hNe3VsYDn|N4p+$gk@TVm>UJ4U+|wC*)TdtjjNNPweDmY4
z6*_z?KSCx_w4w6GI~hMd4>f7bFZ^4VbD=yOB&V~I-Bj2Kd0g<BeT*0?O~K2|K4VZ6
zYH?oayRVS{`@CZ6Q62a;dP%Wf2i&DeubJ_u(q?fPkty5ub>np*RK1V>7`PeSy@g_I
z;KTF?%&B|UFY+OMq6N#p1N@hIfDJW+d7x-OcG&Z38z~G88i^2vGMsccQkSE|DtZ3n
zz$U5i?W#?<7-AR|!H-!f0sk#7lJn`i&6=xa?W$*czuY08mI<$iyI0H{EDBLriC$>I
zgy7kZ2;AJsl#N<F0@YD^zD2%nh6z&)_YbyFlZN!?-j(0DFmfkA!4gIU+{6g;4tZf0
z)p&5e`!9W>++e`BeH#Qgzu!a!=r6jgmb=rcMgll?l4K<U_BQfjaerBKk|6x7&JrTc
zJB<C57kMv=@lC9>iCeFKw(sQ%-$M1b6bejJ-?(|x-Jk*4Lt@-SvnfiI!}0EFbozwW
z44}LCva9v4h3IQC2<+-pHV9Fu3^oCO_>bLuk2PeE?IC2k*V~0{O4;5)HFsLZMYd<V
zNrE?X8czud*ZB;(-@zmDB)7^MHqSgJ**f`OJ>ZpLKYezOtym6dbij&P)6_25Fz1R;
zu$jJ8GdzT70Y7}?jEWnzrsbjQ4ReNdd52ktgLPF~^>362@L$0itRRei*<eH7A1AN;
z#1INA0ud6-wpqxU3HDCJjHG5D@`m1uF&QglZoaat2+kVRl(0)viY@(6?RMo@T+zIs
z&BdzqSYoV6MgxW%4BV%7a`FZNiCdCv;6=B(SfDMrx!@(=`;c1GqueX%ZLOaQ7mE*~
z7Hy=`SEh{E&f2`E3+EjTr*<#OuVva=!D~IVCV%EV*wDAvZJI7)1RH#EvHna*VQVNp
zqVj#wx)-4#Yj69Fs|Eq&B4MGr&@1G5lKy%1FltMxZrU$#@_^E^xUYRnd4njrS2Zc}
zO`nTqUDfOC$kC9rQJCQK7Y_>JZ};t5Wz-;wopZ<Fh__i-@@lhZynli0i!)NfhwV2u
z@NR@gGqEwxaF7EZ%C*EyxAbepRr|MA#w*C=5m1n}U}q0`FZtW+l#3GTwV7h{Z1UyE
zFILju7uj23na^M^->1vLW{tP_&hozoIZq+-q({@pyW&c0l1PXf97sVrPBXIk`vAs4
zz~6DxlA@D)n4sP~OrOuwSEfjDTfnQbh9oJGox7ozroN##dmYiviYJ`0%s^e3`xUkG
zD#U-b(kC%@nxFTT0GAa>er3+9!T}LU_h46*AbmW4&TF?&KH)3jDFsfx=FWYhNaF8%
z@t6;pXm?xrMm;cx`D{f1@OFatbia4B$$WLOH#ojL&U|(JdUCf2DP2EY#|tj>jR?Hb
z%*CeodkCIK3!NW$x_1+(*4&fvJ--Xaqsa92j|<p(OcLL{)#WA@2poZw1in5>iA`6i
z1{pQ@GG3n`6#T#t4Tv=fN1N}J;0)fEuuXVQV0mPs3x&8F!IA~DrBM&bmzV@EO}hCn
zbM9*WFT9OvLohqsOSU=G?Md4_Fk-P|3va?a$vs+iE{i5RjJ_bL?oG>A19;g$9MyyG
zt%M~4dsO!WzU|pMS04>^H!RF)#ox!SqqGTyqP?kzUY(Pm)z2p#^gAQ(RN`GYKej5D
z8O2;M93Z`JvzzuSsa)@H<)~aAGPt^bRA*&xgEV*bK(Wi2Nnv$^1m!hmLIt;iJZHY1
z8h%!RDjGPlRmy|n@+M2XGh!v**=U?;h;?wv6$$l4sf?K13XKxLyx(#2_vaBKL_-`L
zIJ&yOqL7|s*b~{Pa$Kt=opL?yv=@D0$uUxG7{%(L>;1}AlpO>c3<S&Lg$T+n^7ou?
zJphN7Yxzvy9ku=(+R_?VbY0}16$ZaE!d4N112^TybO2CO8beml=1Gi0$2SI)2cZO1
z!#hB0sE!HnINNG{O&Xw<_)xUZCkeXV`aXLIa3SEwuzosECZb%lZ;d2Q7uPv^a3G@W
zpSSHL^PT%`jf_hArSDsIUv|LNM$>4ix%h=vA;65Gso0H2CQ*42{4n*DSoHNRw?_q1
z2fe@^a*I$1b88%h7$?0QPJXS9^CS4yhI;6lOg-nT%8#N=5=LB`4s7<QbT1C9O!NP;
zG>8zE2LA%Vx|W`b?fMY)`c3dw+h2BWPWtRhpQ0bCuk1aVMW55qB~s4-SlR0;Gt@lE
z3X3fnJ8&OjRe2VWHhSe3a*PiCEqO6@dw%B!iorP)t*DNze5t5mye1)tV7RAuU+#n1
znFub=bX6cg<9MD*ruZn#ObYYgg!ga-eyqOZiX99}hHC|cOxMXxG{s)t1#r&fNAvvs
z0Pc1EOF;HRJ%oRu6y*g2I<-TWMrfEA#y{*+MGq8cdjb$7Oq36VCx8Cy9g*tRdt-O-
zH4bYpnH=7=4HLIx+65eu!5Y&*<crPg_WXeFe;I-4D*#WrI;@@D<-JZ&O_ND$-dxu2
z?|PeV@h`aOH?-!37^CD$4}f1kP<0JF`uIe2JW`N>A#(l5LonO>5LOq7j>d<Khak{5
zWJ#BO|LC7a&Qh>pzRT@U+K^0n6jU}k5~dfhRR}$FV@n1N?Gdw_RRkU8yIBBL8FIDE
zRonOHl=az<Y?BZiICN`3wG9c_n?d=-5IhvdQ;k<ef^<;nxQOFg%w-HzKbzr&j72>j
z%u{(vznM`2oHw#(btzjj{BR2^fhH(_?;Jyp4^J3FmiUuSzNx|IAg<SBLcf6hp8T|I
z{b_Mm=K|1Kwmp93htITZuHs8($%}q={SwERFYUFK@s@gN&iNdmzpvf$i-@23xgO8I
z-Qp<%Z_rkr>|#SzT`I=jIs0jl`WvPOtdC&_A4VJ(OU@Yf@i^TIiz!?n!Qz+iPt<n3
z2(ee8hT|>EA)!@AtjMqG*bkN^UYHmGGEXte%GwP~7?WC>{Xe<l-e3G27l-)o*y`9-
zA(dDj?t$Rr9YvDjjq*(CIe*dD(R$qif?oq%aU^g1gJnQ(w-_Y#C+7Ef@pIwFMN?pV
zSJ&dCw)_3x8%Q7w($W=K1b7B|c;7t?jteXOKLEc#K)*%V&_jA*SyJ`;?C9f3zI2UO
z#NvlD1A8*x%<<9n@yW&2^)II%PA>BenIPbi>WV05Mv$y5(xj!852q(*S7}QP8nVEX
z7S{jU$^U6ty^h^z^RH^RK3)$?f=iY1ka*YF#BMo*s2S6%xXFwhw(XU*3+jIiS0Xqo
z+-(%M6aVc=E>Ovgz(F~c%&4?tX|&WV)}~sl&TLbqL<cx7P!<X{u$H?Z6u}A`@A2yz
zF}V+*YLpq-HjBF-;tq7b+$dAH3)&$Rhxmcv_Qi}p0M@=0RzCw8znclrQ*?z@@>M^Y
z^#NK0eEAO3L-6IBQ7(J7YRipl@!~=eoWBAnVv}V>1wwb!oaDD9lVfOQ-)EG7XmK|P
z5nxPN7at%ChHpKg6g{H&A;JTcjYy?9sLP&hMw=Qq_U#(8C~a-q`T@O^O78!$Kck4T
zRlR>|;D79m&G)|tyPf~%M$%^eKhrPq;xci8<0n=YSYYh|R^I>y$@#~ppdhERp|!Xc
zZ1Bpzl;y>P*8~&90*qkA1ktK5f&ZxOOi|Ypqq+mNu^kF}(5{&;d5n)jg*a~2$=<-K
zpR4X~3rgpxDQ%j^%Yl0qkCxJ6<ts+LOwo_Y#nsITOAp_D5dEn`I|F5VOI4gmMKRQ7
zskMChlClJAU~*aZN}!0IQ#8e&Gar?5U@BAUembvX6}c-UjS-qt<+XD1+Vv@E6eaS1
zJ>dU!@c$2T?>}}9I{fF2q=%CKtHubhR{_=;AfWR({LX>`g!u9E<4va${=XjZ{~G-N
zV7Qk%|LyE_{C^W^!~Wk*!vr+s!9^#Ucq!}5_=z29tX)|7O!FWjr3mw1>t$2Ge?fzG
z^KNm3jBoGb+ae7+UvupHQWp^4AlA0}ivaD*!SG89uKj3H&Hq;ff3NfYdwgKxzwZn?
z``<>=X7&H#_uuz{5#Rc?vQ3!ST-u+QeXODjD+`lOxqf;n$NyP?DcTm`h3i6qs^b6S
zQ7-<+=%Ca8H<G^O@!w&{=g8++V!90$ArGN95bGkx(97~-pK<7Ut;&e?XE3ZXsF41;
zv7$7w(wbgBW5my};<7r|XfaY&`{&>yh6Pkx8bo^<Z~~y`kvkw7mWZX%kAH@UE+ZWq
z9G#yk<lPKD68IPB^}xR~z(~<=0dZOHRZrkQ#sA$F(3CQ_L`;fu&Jd4&>O{r^r@H)q
z6$Gd%{=b)x|Gu}=#sAny`i}U2zu&(Xyr}O)6r`9^#b{CM?P?wDsy3)pYaq=Y`lU|A
z{`UoIRnGs{g8)^*|96IC)Bb<3cW}`0|4pO~@_*B5s}=&3rkSp9+ddo@jyosWlZ1@=
zD$VCY`Hpe3qkPvcrr-_eZPU<~+cJJo=#kmAhi;J<eLlIk_;e9}QBg9W>r%v6^jQv|
z{N2bUq5{7Gz1PFnqvR8DZV<l?AfJObbq86{ekn={u#-G+guB50b-TKwqGfe+8Zv%8
z5l+x?-P)LK%P;Cb1Bdcnrl3m}5c~D%5vAVALN<U5A>xpG?II7&B902)fPW<(L(z0h
zr|58dyG3)~zHLi(E%!t3m8$mN;=c;0J@CRA_F1x$&WMYSI7f^V3VJuM*>%7m@99xa
zM2YKY$z^cc<D+6`Xw;7d03m5KiUc<PxBrK|e{XN&MiPbb|Me*_os*xX{78zDb+NRQ
zIV($w!xLN9k(6ZT@srmEyFn7GW}^o{Q{p6fKl}Tj3P7VTyhxTk$&R_tW-JnyLZMKo
zD%6F|-_VSXnIzGaO@*AVp1U!~&qCg&f+m%Ptg{An%k%fQ#gL^;zn?M5M;6QLZ+K0j
zxaIi|INnd;aIGi^)`0P(?=fwV2N7%EF!|o`$Zx~&MWb_tN4XF69DG<Y{Or!~-tN9X
z!zrHyC&B#XevynO^Wcz}KO+m~pI?^w@_G1Ysr;8vHWitAtlyveESLXwc6J;7|Az-V
zU-JKbme0RX{&PwHY-T{9wd+=gyiX_uRv-D+8N>!twmtrRyb$?#ne@RAcMqI!$?~7r
z3kCc-s$2djNb$mcWQ@ex1wC7!U7pnN$;g+q<mPLErreq*!Qj%JUN_0!L@0eZIIARU
zFyCEZ98cx@BvUR^f;Cxv$EDIgb3OSUy98Rzk}P*mU^V(kMCKy7epCv<k4=^EneyuK
zjO)`zZoSeO%lsbD(AsIK*1@nDd$1^3)$(*z4;p?!5-UPtF`d$Sq)C@-4|%q&Cbe(7
zaqWxWYB42%{X8X`z3+I+RPPnjB!c2yRzSO>Tz5x8b`j1YRTG;?)MxP6D*<d~JS=ym
zja&G;k^O^g>UqxIjvhhpfb=aADJ^+6j#_r)kp~pBk~J7oGo<@TNi3ZElMq=j!9p@?
zN##KZm1A{G-bFS)ZPck4K=8}$(&QBVQXBA*{A@|ynWdR$7BZJ=n#cu<ZBIzlq-b1r
z?OcUPh3XipHC>QVs5uc@me!i6rD@AC?4qG;tr4-QS_u1yrfTJcOJ<r;iL>GTu&u={
z%fjhuc|gnY-~9dk#oM#<dJ;S0@}+$z#k3hpH{vW!>^oKKZwMFGqJluf!DY~NVS2I!
z*}i<fFVnI93pnWR?e6bXei%`n7LwgeBvTWSCdXvA@;elrqUjk+>HM0-B1_aU+1anO
z$(iIJ4B)Q^{mQSlMy&t&dGPDvY-X!g2*#fEme{(4r7PI~c<JbK<&9b&qK`;(v<_qo
z^A$Z3+}5N>EwDW>XP`|xQn}2`d>2Ar8Iro8Jkvk0d6=EX;HX!oQAe(p3Ef4DV--9$
z8nIX(lM8VjPgqiT23gC%w35NMCTME6A+(LxV9sldSL?GDGY93zoXP5eT8Fb^<ir`5
zKz;MK@)X=3)|Ba5GbXiWEeb03RdRecm@-1W_$ncU-RB&sGGKT8Ml)I@oMo|x-8!9p
zF-m{p&r<vE6Gecm^8f1h8}T0pdtcuFKg;J&=>N6QkKiG(B7YnoqJNz;!WZWH<+FhQ
zqg>N{8V9fy{J+0{_`Lr9cewwh{`Y73{5kx;yqNuk=RWag!TI;t`uOY*Yt;YTYvg~}
z`{Mukc|M=<{BMToUf1eqv)}sI+^xkt#JBl)vG3oCQ!F_DsD3|D0O%_H@9?l+*Z=mu
z`2T#K&mUC(vtA|-3jq3;Mu4_M{0E5paUq}qTIzwH2s>D|33V>EJ`NO2f8>hIIJ+Y!
zmxD$mXl*5k)VA<Ycs!CYkg5lS;y#*h*Nj%RKraec{fdl)#G0S*4@I?I8$h{!IBR?0
z>Qe#<VX}{h@}r_{*XI8p5dgZ1|L-;9KM$XOk^er+=YJCa{{sYn{$X!{b)r8jFE9Vv
z@Xb|t{1U(UM4uJ>|8v;?_MRU+ugm}aoiFyk&+_?m*#A6F`qSJ0-0CcY3nM_StoZ9A
zqQ4eLa7NpDns0|#+|DJRQO&k#&U>cuCya+|4`banU$@4x4lcfX>wbvo`&%}D51Akz
z9IWTiOMAC$ep5>(Sx#WDFEhUPNPw$G&dImr-J>V9<M!NG<>bF~{6s>IX=d-!Cz-7>
zVC$5zm`+9Z9`4bPz-hTWGu%Zr6x7Y;@r=R0JozM%up(!YY9ZGPhCQR2UTYy4iPS&R
zbplAu7elI;qeIh=YZjFL1wWyT#RlT{=<3`;?(iR@SF>JYghsgQN5|}{3PmG>S{1_E
z=t4+g)@^k5_o%eLr#XK=qbW}u(KcLTeHg}j>oxKo)ZzCjSLT?#iyq6ifB*gX37_vP
zF3{x;RR6s+mO0_-cAXu$WpmXQmJUQ=e(e3X64_E>(0s%h5&}Mitut?V-#z%CmtB_z
zc$3c;-Tb0oR#W~G-TaiF<?{c>W`4xaD*Mm#{z3iyzu*5N|9_UxpV9tP+Is$AHvT`o
zc2eex6e%N{B~&UFIZL*P7G%f>6zb4|<b|4$m`RO!Fc`t>Nr4rdc;mrZR&3w8VR6r?
zjwewEt=JtBnQP@s?#L(ltmgk8llc)pEBOEJ!Co`}`~H{uPoL%Une9I%+y3L(=KuWM
zyEO8zW4m`x0gK-N{^ZvEG9l<6kl?zxNdAq9?g_Gwu14>loPIxtfV2Gmf0`0tEB(J3
z{-1~YJ74nuf0oZ5;r+)I1^c|OKabA*)K-b>-!KDI8ycP<6Vy|H6lN?6GbAk!(r(HA
z)TmVU2w>ph04DJD$y}K3Smu}rCa;zu3u}{=ZKTj57U?m$IlXLTrV0{2Jt%Z`E&l(J
z0idh+f4}Mf)!*O!!v8<V=g(^Y`z!&V|Kl~rFDA5q_s<Icuc>CEBK^1&u*>=X&d%P!
zUNipV%lpq~`TSw>zg}BXTb2R#52gtGn=1gHCk3qE^N#`bBa^^NmZv<X>X__2FeR*q
z-pUXcZPdIxU+j_;uYQCQ_fLbNrF*$<lGi85$GS=YgJ~vIvP&sqrqo5r7XnX{kHO3T
z^qj4h0gg4<Oj-6A3{|tfZjt`#gs>r;A3Nci>uhE~bxOE(B&;N-{d}ouKXqc-mbA2O
zNoi{-Y3m7TSEi#iV6-No4KjLm+wbxU9X>MOtfP#@31=UdZZ;gZ!S!m{W}lR1DiePK
zvI)muKsha`03pxpMo2T&6nx!gQq}Fi(Y^FpEDQCAgyBtHwIkao(!VGP?27z=YbJkP
zkoeV7=p(S4Sg&J)YbOj>5-f&Lo5m|)t~FYe?zJ_WWAhL;Qxt}?E{Y#mWB!HNSX(od
zF3QB}jiX`Kz~xz3SLa||mVtF~{?*0VSC_4*nR&H!Nh`CiF37q1u{QICNt~CYa9)(a
zxxbWye3Z8F2TBiXLHfk`VLt}6)?Ba)6V9%c9JT>pEj{Z}=G&S|b)h)04wGujqMFxo
zR)<`xnND?aGSyGO>JeF|Ddp1}XKTZ!ptkxTjmsd^t7vRgoi`#0asRmcKLocNHq7LE
z#c1-g<eI(BVirhLrSoRM9RE=;RZYsSaPY^<Cn0=_|1;G3@Y~arqSp5$GX!J)yO_!w
z_Fo&`^CXGC>}R?CcXxk(w`Tv{+28$Q|NT6lUw_^HhPXW^3Cksmsb&cgIo=*rGLi{R
zhKy%pQYe;?Z?=E`ePaW9zO}7_jyxl?o!-tq*pwxkidp&P0rvG)*9}586Fw#p%VIf)
zu_6-Pvbj++BNCNL(}{XR^R4#wURqtd2UasMd}Hk{Jkv~$Xx!SvG7FGO!+yPA?OHk>
z#!fkR$B+3txnq*GU~vzyIH8IR8Os{z?2+$;Bni`$r;6k$qlyv9MwoKO$fW9cdpi-a
z3bL`YY#TanW9+2azwII)OPa9luO=*=cJ1CrHNIEbHbjxlHe>#G%JhU4Dl+Sbi?0Py
zM!*o)pq-a!ZXLr&$g438U3+Cmf9D#kHGYI>vOf``9Tg_I;F-RLk{4}Aty5pv{tvk%
z1BzxBB4Gm~WpX`Vy{u**az__4o<HKUy+Pxu$c&C@xyl$vT#bTy|6b600W$u;WUXVv
zA*K*d+sZ3yWUb?*XIn2=Z2yn4&{cQiUfbQcU%49{E_9J)EUn?fe)*U!-~Sj)>_7g>
za7O^$zNbu?%bMog7A7Z=P7QC1sre6U<^2yC;+Cz!Qi73sew?08RWGJJ0|a1lX{%c{
zf834ouh|EO4!kCRc%jZ`EYsi9ED<v%8y87yqdyPTRabkO<#;9jm?uz|y=}FPMt_3U
zZd7IXNiiIz%vxM3JSBAUz*fD2x2NYVe^#1i2~9=j4H{b&*NK*1lBINBw{&|%e~<9}
zH~@nImrO0~|E-pVGd#4b<7=&MorSf-VNSX|^pzzoUVn9P;1o=1^%IzYmf(YDr0j>L
zKl|gAfy5;Ux_Ny~93&ovxfC;=7!~b7z>I`MW54Mcr<`Rv4Cqw`COu(fNaI_B?p!46
z?8Rz=Sd6_Dbc3i^L^^8|P3_QF4+An48P@`GxSU>{shYY<HbWw7Q9D|GvLnC2fy*;g
z8Omj`SvF={o3#dK*-W%5NedgSHEd;XmyEus-J(hA<gwX1r8yn)lxuEo^2>qsAXB~X
zsWRHX+p=CPBonF^i|O`kC)#RwIfT@<7!pV{WOo1jo-18<iLumZU5$zDR1)MOaDbkA
z<Z{7fFy?wv454iana^(2`rR-U!|f^M**3eU(>!Hut-7&Hwp(F(Z<lR<RABHkM6TGw
zu@oM-#$&<46S#<PFCZbqyq5e#3oXjqjQwL_8?z#jpqz;sg^X5SYQDGWWwQVclq#6K
zVxvXO%CKtFe#|n0vwj;)S`v+(P)!QOBpCYnh&MUg()m}hx<!bVETOUP86xaW7)_W|
zJxpJ`M#F?<^O_L#HcRKkTwbE(4p=Z%XYILSnvo&%C`zKm>)Z@HI@!HuGNb9wLf)o=
zCQTv=Mf^gslgq(1T(w)REvibuLaJNQ<zYm)Vz9Mn(uUl=VQTUug!u@V9&#lkHFOK^
zrj8#h({2#5nX#7NtvF--Uo;()2wp#Qw6(C$NQz7^=v3J^$;RydisdPd*-4s`=s$bk
z{I6&|C?fj=dnwt7-;-!&zEEsBWAao?b1E5${@U*y_4?5|g7vbwFqO-*zkNG{@t!sJ
z=HV-9!_g;OQp;qk*VMu<0#?DZv1Ce}icCw9rh&-sT8yb?cXWPoIcPofhQGX|Da~Rg
zd+DJ=yHPJ^VqPPZ2~|I^x$8@!^zaf*;enrWjStu+;YDjvH9*kKYF;6XkZ3;kOEJHk
z8z{)@L-JbCgg8J+Q=E45AVQ5qpapqmF8OECDp&3mSI=S`8>Ss1v)Qr|QyIMukR5G3
zsOyDD*rkv<+S+Q!n`=YiE|wcfM<X6v7dpph*M?}pFt0^S(`aj}$;ZKDK-`AgVU)RZ
zVR6qwygW18{>&}+8Oa#Dj*#|A-A3CbU}pg2S#PbgwB(qq!gJW=A&6bwZxtqA`4Ip;
z>J#E86idum#MH+PF7qfpR10X?1YcVF+UEP+7DEO{+p_a1%k&mxv&1($tK@+(XtU0s
z+BzG&V(S`D|J%1ay`8;?Y<gc3{M$idZClV@bI|YRTU#x=WC?wH0b4WRo|m|Eylm-;
zEnj2zdCFt1({g9Qff4sL<aX;({W_6TizK{S-$hoC>&wB_ISC(r8oaxGB+$?v8t3(3
zJBmF~PW!CePrT>|&CcCRWeRMtVU+-bY_nwrg#jb5H0;`*UY&shZv%yV<iK=I369H^
zx2tWg0VyD7t3$YM?m-ilZ-KHNf=gFd2EtuJL^hQS42g-NnmTqfsg1%F;TcSDY_uu#
z>mY2J>-hp3dfTBss2%Eq6^A+)t{!I+!oNkH?>=M!(?V(MnnI>RGNY_yW{h}3C5^Sw
z8*Og+LNfBK4Yp_I(8J@Kkc3g0ax}|mHqC{kk{i}=%X6Y9ToK4`OQ<GuQAi^0G9n=h
za4Y73CxYbshU$1iqW@>}9qs<J-#z-}UDy8Oo2~!tz6<2(DpDSbkyvDkD{aJqRNOI1
zVyYOSX+EJ@F=f)|Q653S5T13Pb>JV+UukMzzRY^S3Qe;G{r_e7ZJPdDRBwAKEUB8S
zEn{TUocDS|o@|l+gHUZxPobFim7JL|5n<)H<S*Zn{)!iyK#}fxMY{Dhc#)x^daIOo
zAGfX&Cuu5>&4Yhu6w9QcY;ER}XL?jwcMYU~WmrDRGZKsGkZ0Bjp%TH?I{CL>s~))#
zgegsjDOVFhT{1B8hN(%1B;b*o&aJv%z{zGLr;<(?5Um#02^M}p&k%AugY@b|PoyZu
zlUAJJh|wziY%NxWms~dWd*-R|*m9Sw`zE&91oo7Kb8crLcWxS@iX6PIo``Zj)6PBF
zLLReqz#K|}DlppB?Ou!68Ibyv-k)M!0+!f8)E3#@-(SoIm-O4;*$GgKSenxNZtR+N
zedPhTL`tK<?mqDT{hggwF6bAErimd{Y;aatDcqy5+;I(Te7C|bz`r-sr7iY$kM@oZ
z4tJ0Cw;GEHTlyu?%t+cja*dnM66EoU^hq}ut-i2-wNLLuKGy%cH(}|Nk24|J)6cOY
z|5JZ|ub%&X_u%kL{@>5?`HEapZMYrWsz?FkZo)D$EO-hI1v!mx>6oeB##iLVh-sD=
zDxxMVP02VFLrjCfvvG$=mQu}U45D#@?`f87d_^)gMn1WjgFTp85%VuwJ>p-Fas-Lw
zOp=smthdoSyM7OaTQ<HTr%-i<{B(M4L<P0c8*{x4|D6;={0FXMqc{Ag+=l<UFDBz{
z^B?!8nq}MNh(j9R7CC{q=8bQ9>Mq~-rZ=Rw8{hQw)cjjWKHm7||K0eC{6r-eg(8Eq
zbG6aSrTA|a>kV@&(QRxl#eZ+~W-1m5+x`P{1bhBp4^Gc7uFpTs94q2K4t93y=YPkr
zgfHj+GknOZ&q+?>2_vt0%raH4^;7v+w+yn|>vzcip;<xYob2}ddkZ^Fw9b#Wx9{%m
zdK9MV2|3<QaVoV9wPkM3uijjflZ!KQ`u5^%a5H#&aZSE^dqsY{KJSpL^UJHZXFr~r
zuRGA{Y;b*ZHF)`>`345q>5(%Ak)q%;;>zkoc100U6Pl)E$|$-z89@m3;#gz}_5wet
zLNUYLaw(Dmsy(@qQ>Jagm6m*10B-}I!4c0`LWXm4jkTc^+3~u`5g6+YFHJ;TOj)Mu
za0%G}EEf4(^6^9)%^2TvtRuY3v<&mPV9%Bw@S4jN8B2;DU%K4c001_oDLJ=(`86Pl
z%q$R~XN1Nuii09c2u)KvjL;Ki0p#u>*;;Ko5LDz%xCZEsS&jL&$P%L<0YeT_cSw=q
zJptq3gy>}ns$n5>q3ja~VAXH9+oQ;i62Vdw+2mW;RopS@bWQ^V&+y+Jb05akDENBf
z=pKIp3`l~H<zP-0Bch6UVgc)z3lx?=oFnuU#tt!a#|<?JNj5p(!tGHLo|}<Ie5B{*
z?u*UPoBRE*w_rMRGb7^NK!pa^KC=gq1xL9N`4$<njE#8AX<8jUfV154zl$P*2O0A(
z8Eu8T4nlCkXFMq=_y>jbVFzIMOvYS+w7}$)EAY=kI>SQ%+tMJlYltC@%<-DmDJ=&d
zDajK26+9K`t(jsf67)|rlXQHpnK&%~6~h9}f+?SJGrJZ<iIKiD<b^@2#N5gqfA(M?
z7gq`mI_~^~{Q(6Q5DQAs-$H8fCg?Pq<9Cv&B8BrYl444xES}Je$J8AVEor7qOX>&;
zzDez$BSHzH2ZrlZ7wBWnE6a?<H0S0(2`p=f%N(<eN$_5-EI8y|vB+lDsm_dpXLrgH
zPT@&0SoY6C-Zq$mQIi2;;6sMe$|Jxtw+w#(5OsE0Q<^YBXOyQ<RR+(0z?V9Pn;HT{
z2khaTP|p_}cguw4G4t%r=3fET+^`j`&D{bRa?si#HsPfYoaanObfU$MrsYYVvn=8F
zWXMu+w^d@{j6n_zBjp-|sHjc>W{!3o*wx#S5C;x$qkbmD2*=<)F8Rz*zZ6sCRc0#K
zE^`*{COn=5%z!1};zv^=*^I+hcESX69l}yN6w>`Aq}%53H2LW6Tr$Nn4cMpTZX!}R
z6vT+Y+?htId*0;7j!%s$$G=1B=(E@})a-KS+`;#N7|EuT`}4_iDuGfAUSJthCRsW+
zioz`*ZpbsB6EvUOP4}Ue=91_Hcce#Z11N(XCPwA1!*i^?<6C#Ueg^!J4d(L*v<J@J
zr5+A5SY=Ouh7&7^_*4#v8|WqELf|{Wq0olwi;SkJW8112PPw+s!^s^$T>v?NXO99*
z1bn<9R=8b;>u%|75eh1XE5r1L-iK^L(-9G)#lp*aw>^pcnp{;tyzf0*79#@5Ii$#V
z+<`JvGzB`klcpb7^QJ{+u}{n?2$9Z8L>WA3RUQ_=zv?W#iahTM=MY%{6PZ$;n$9U#
zT6MxJ%Zoy4t~8sfkcD%l3TCd5816{h0=M7Xd@gj(%32}PI{_Q1P(grggSUjMxKMD*
z!;DklmsX7Y88}{fHL-h#gz8!yJ;owaIgblbsB})IRNflaCrjzbiCj$aapr<=%pL(^
zTPe{ntLQ>#LP>a5dr|WU*W_!zY<B`ziaa3#4S$^0CJm#5Vg{UiIIql89zw<bQLs#>
zX4+WDT;O$W1m58IAtT!Dkyl2nGSi;=<vYoWT-%DqmR4Jpnc$d(T$#~$LIMO4!$O90
zl;S`x_`4_wH4<LVbU{-`es@Bq$sIScMkcZ@?7ZSL__G^Ns2m%`Nz7@g=iQNHtV6hz
zY$jsE$Q!r0)&I<dPTOJ~BM!n7bc55C>^v`qDUZ{+A=Esj^G^9q&Lm#73cj&|MX0xh
zV!r3aAS^d#Y`M;Xx8Mdn4>stM8m9X{V0Sjzeav!g4jANwwjvT&M4>{oMRHtguzOQ_
z%Q|F2XAGn~2N3AdVq^m#6id^N{V$*9LTcO?&j+laY^6eAGj3%D1-M6UR+{IjQ8z`F
z&JoLocUjQll=7*vZG*)P=Qv1+UC%c&7Bi*rrJ83W$+NN3Xc%{QUwH60)fT}BE@2hG
z@^J|7dM@i7+=5WUwYRMnR>-RYXQ#L`TjB1y9vO_x{(D_WX|4@T`%Tf@+Fj|GnxBEm
zS;c*`ys*4%Ern8DK$uwu<XvSF|K=H?B&Bz%;My!TWn;VqsP@2@GC_?iE@N<TCm`U;
zs@ml^ak)8jw=B0GQ;<~kgrO)_r9>w(Ic3zI6sKsEXUtxCPO8G&!5mSudyZD9asnI1
zjUn-Q>~aNqVuGw-uSc#}Xc_9k)Kdsxvz)EYg<_F&C)-r`(Gn>Sw#0~yEaAnpgLGsh
z8m=e8-^f+98L#jKoUBu-LV%Exw5E*VE{{Z-iaWgD9q&5c@Osr2uC!2^j19a7Jk&QN
zi+RqOVOpW+D`a3MY%G+*{ZQ8={sXR2H|H>z6Ad?|C~fp8ZYz_<R2mYJV#+f^C#XHD
zO4cf>JxQA}jp{xIWH213I&&P%ESaV}>o~bNP~ky4$mWg3g(=D0ge5_A%n2)R$Bw1$
zj$w-lGjdZW5GH^`b$Q(E+Ry~i0#BW#RwXy&o^A{PE)gKm=1iJpf+q%?IH}8vi&zQ1
zzR)Vtk}bou{Qg_T&un#c@%CnLdL9u-NNDhFj-8#uh}^+E;pqxkK+8#KU>5c(7|N-h
z6w*9W45D^K$6C?qGIE6Iw@eK<11<!X&{+qsVJ^E?47cJHh>dEJGOCO^6<X<Sm-4iN
z53D+NU{VKTiR%(W6{=E8Vfc@bnOBG`Jl9nN6yc+i&zLK7T;71q@rCR(u}qz;7g)Kh
zZqS0IQSGFF05M|{H%m{rOuA-~bH6v4kW-^D8^MB6*(2c8192x6GPGC;_8Wu;RHeO<
zkEVh0Y9y2@IQDD-$C_7c^ZwePNn-wu&T#=n2BSF8Er!-P2_3|~;z@;cK%b(SnUrNo
zF?C{Vg<>3ILH*BdXPu`3f}IhArtOExyViglAd5QvAz~K2TePC6)G9!1b-v&5d)3HN
zZiN}dt|J6lNRn_PwN|9u774yI?X^4^;V{8lkr=f=(<zV52$aS70#zim&iSJR<C&=g
zYhDRJ<F%@C3wx<M7E=_Z4INd?GG0@uX#$lE*#~9Ez67AIT1tVcM}EvwrW9;i=!I`a
z3?4|lePdpiA_HSqV8&W#x+*1oGh^M5gQDIrv_3yXHM3$CfEf@B4uPU;;$9!I|Ao+|
zlYhN|`(-FlDKp1*4C<Y^MgTNb<V-4-FnkCy#~|1eI}u73Xdu<BREfrtA>q&M2?33a
z-Lp7g@xXXJLL?hgiSJ5v-NU{G9Q4SI6F^iC{X(1^oe1EZ8b$8lMaUrDKB%Gi;+`?+
zl&L_XQJpd&1O6!_u{4a09nm_7JEhghs;Sl`A8A4|ss#A!;g%Lkiz$_JfQDxzVJen<
zXt%;E9em82_E~qD+`ie{pydicOda;f8CRe>F=<-;Or^og+#doD>Tr$<ENI?F#VXkV
z>>?;Hr4_7GZkRp$sst5W<`|79brm&i&9$m-?iLa7;uoD<lfiXFUY=YJt{rlJ9^8EY
z_QxCY^U2lK$;Hj!{F=PI3ZLcQen(C&{!V@vT%2_X<M;x6pWC=Zr<?*`Ndhxzd4j-B
zN*$k?lRHEeC`7W!V#SEu3~pYZcgV%ti|*j!yQ{&)tMfPK7dIX9=KSjP`;&{Clb3_n
zgPXqt34J%Xxj4T@_kj~T#^uS?&EWLM*C$ux^2e*ox7X)*+v00s%2K1Nsa#}=!>a=(
z_5rQ1N-i|drN|{W;yEmML<+E#0{xX7H?WtYwNa^J3c8A8*IWT-S0d(KO-80}-&w&L
z8$Pr)m06^{7d`UYqttYI%`ub4yhjG+<|S-qXxG4jV`PG)VC>WrCgeOYwYZloEu;=j
z1{oWte9W?#ZFT%>cc)^?^_HKN^uCFLf+7h^`49v;0B$UWQvTh-O{ocuwSw32_Va<<
zvvPe1NrrCAQVtVaivVmbozijDhHrX1mw?ha0AkWhBOA|R@JO~#2}XcHn=YrR8`N=V
zA3Z^+#5Z$ui~GA;6{)T(x`55X^Oyp^;hEjcfUkxYgUzLH;tnda>{KAZj)h3>cpBOc
zZ;8?(&*_+TKqe>*;5Pd{dO@V4A}fU(xCC1~L1HnT8sZJ{ffF;e)d4z$c%zyj&W_=Y
z=`@*fcqAQJ_YI|NsEK!Ou*2gCIO>s;*xU&Q3y$-enNP}#Iye+RPmJhZJ+Ae~!lln`
zP6~}DLZB5CES;6dcCfh;N=6L$Ne6-%a!s?C;UaQ0gIex42fAa^jB9@${p)S&U?*aj
zS}PRDE!&3e7|B<;h#+%btbWB+<++FT$oJyTXhNt;dV~Q!gMrKSfk#W02CpGr=C;ow
zV8pdw8%A2PQGgdDo$?i><mjcPC?ErC6E->%A0dA>2OiHm;AZ4;lduuX66`S%Y0_dk
zr*aCM$O+dTi{)`Hq%2>{tmT+0#lQ{R8c{n<yYX;tg^hAS5X@BK)C==>0W}6<qlX0v
z`26C`+^cPFaPa%d<>mRs+2Fs9%@%^SAkWjebzcZw_snkq%AJ2pB81$m*`Z_ID5};3
zCsqrdG6@O9tv1&wHTe-|X`%?r;#4SP`a?+}89#}B{XHs`l$6Hqw(|jC80UdnU!Y0%
z$mW^Io_T+P;EcM#|FT6uTL(2&O+=9<7`9>Iu-ZXzZ3l0&=B%iBrs=(Z2nD4c0qBvR
z8KJ2XL^5n`?WB&2LtCU9r7(C5)GiP+b9WiLr_~`VT~^?Q)Ip*kehtEFSVD5BB1Bc~
z<<mO9j3B^HasM7~G3VZ0y?LfIa!?sh_{?$2@-gw(`FuYAot&U211N9cB@E3haU_AR
zR3)2E=m<(SO#|<1x%D4r2&ad*06Mto0A*Hu$B>#l<-ig>C3(>%(Dua;tYoxes&fQP
zwIlOYuBO)ixx3rzLzi_V^F=a;^)=fFt&<geIq<luG*~2gf27#$1a3gvHDeVJ9C7;;
zJ1Nb^1syXo7BeQZx<{Y2l9Y0~YObrd@dx&I|MIDRtpESj`N`Rv^WHT16mu-~|KIEH
z@9+2P@jw0DFZJI)%jYXw|8QgDFYkP1UdWjJ{FhCaoRCk)JvD)QyvN1%kS1fcZCiJ-
zakpaT{@+T^Q}*pBrMj#BQBcXY$Y0)_<oUy<C_Ah>%f^OH?Z6cgIm?{)ly?9gdGm*J
zV*>YroJw@S!J1ducq3!_&b~=!EY^JHT-;MZlObf+0mX{xJJ3t;cEGDPh#CcLb|d_?
ztVC(8S}`*^P_LRhgDFBac}?d`lIPod=8~~in++|g7Zxp)ZY{22SD6%uDssn+4y^28
zhju8<V$l0HppVrlM`S7zCacRajYTX{zZ~-Y&CO+pjIS<FVb&k$=$7_2Hcm*!?#OGN
z75C(p$&95$vv`t;RE*~&rr_((US57@c89uW<RVMFc>+<;+ZgCF$Sj#>bjoAGGb4Q4
zhA_%-t{J$+@yuIvgSn|DGYr$(2=k>tB(7h}u|pvlyzNw$Z3{+q9FfEfdv2KfewwFf
zQ*{{c)VE^By<(b*F^_wG<r6-hr1K3n8u6Gr>&qx*_k0L8!@s<<lrUmcgO)uryUFg#
z(<14ejdv>)lhy(W$wMtaxBmm#LC?ZRw{1w4rfh@vZs=Z~jkh*7zWRz>N(NGo;+m<A
zjc>>g#n9kWGj&Wp{Owz^)7#zY^}GEK8{d%cSvtjUpZEG7p#LkTLCv|=)Tl}u8#i+9
zNgE$$%Mq&&5j?ZP#LhmM@~nUoSsTBRH$3CF#gLKT$Tdqx-8a^i@rM_R{6<cu^q(Rl
z=RaJN-^eQ=#wjDOemEzlUo3?=`Q*g>xbfR@_qg%@8^4ive|hJocnFFoRBE+7rAjmD
z&^oo_^wey;RSwon^$pn%*!CE)r4U)$w=Y!J7O3jlv=ZA}1R$)g++*-#0ls~qVDFz4
z)^bZe7Cd^Vo*tDYk$fz8V;HF$r=m!n9?lB=el#ZkS;!|Q%Z-h<vV%4h@{fYYx5PFo
zRW_F!r4mYWys`1&!-tLkMJ6nr8pU70qb&mBGa{QG1K?b9H-&9o;di9l_4WO~HOH`v
zZqP8@#>q%CNlN*^j>M7<XrwX3g5;^N`9>`FwGZaD+r+5fVgtPw{oD7u8q*`M3V2>I
z8vDbsz10IoYMm%fMZydl{%cF7=*r^%R$;&2vozn>xS23AWJ;4e3P$2F(*}z<;b4}6
zzm+b`&S6#+bqjmRl=Dm16Sm>*qwAE$x8Mtvv9w&5GGCVq+v<^@&GuWHLEyKi2nD}F
zz}YwzL)JmVDaZrqR47eodPnDqC^2Os3j>3+0LT$HnBKwM4L`6s`HkGnb8|bKS!y%?
zDlIL)ZT!|XAN;TTpUS`BFLTq}{78N?;sp7PeCU55zXkb?F#0iJGM(eI2Z{}*ixzN4
z-$||+p@kORglR~NVScu+qnI8j5lm&zwDl;1K__P2Za5#O0t53N>k+0WeGK+g{T>;(
zzKBNC%A7!ZpJz<}r~RiHwnKtH{<Cc3zn|Tw5WkX;^gez+VKmi~AXcVlkmn1nlHXil
z*>B{-uTd_NlT7my`)hRkYvk-DXCOmg#}k$mDbL0Oh_|<2pTo;D7g==t?$;=#LzcRF
zsb&nw81UMBtIVH<_s~3#j%_vV==a|{krp`!l|Qg~bPQ<;@isK)$}H7zf#~;Ne*fKU
zp#w0$Q<shn&&1WiL(*?#C`4)&re(oQw}E9eU~R(#fK7er%b@>-&{vEm^Bc-DjWmfx
z$jyjRCK48$eCW~5gziFR;HXJwx6IqJjIN+v0GxM9EV)=FH2AB{?P-Pjvpw?j#3(<Q
zf`wYz0|vvLm(>SMg3yHtTnd=3p<Wf!l*wKdtsmg5`czFPz8$&aY3edZln@(v&PeYp
z_Q7b*1x*KuwX`5G3@LJp&RaE{i#RJwca&QLDfA4s&hahZh;=Xj{`T}@5N1T|kqe=j
z^G7y}9zp_bTC&s{6ir{Bv&JAXhU%|i7q(*>UFaATqZ4y^R<bT`e!vUW0{LMJt`kNR
zyNZ+#>5!seu*O2L`Kf76&a2D8@i35&{qRCvV1?GkP$#wtxqYF42uP8GPz_b3`9Fj7
zL`Xf)l&?M83nu}qUgfC&9*pl|M2FxUh2~E<CL-^qY{t^c5woKxvguEaGZ^}cqhb3k
z1SIEIR5N(GuAHQdrv{W8u-o&l(UZGii?rn`U5a=pQ(584K|GJL*R6NtZj({aZ3O*j
zrWkW%6j<eahwK47fkmEN4iN749G*?yVz<58-q`}2205m3NXLxCB26*KBBX2%@mMfH
zhvb-^mSrO$ZH7}gl}elc4pR}|`trOks1mcJ)<7mN3vH9Cx#;B@kbW3zI)-8v_A8jv
z`tUi!Mq=;ykz)_OwQUG&fw^;21!o)&%w062X_cYwPx~rDCT)K<&@>U|0y4>z=7bqR
z#B=S|<fqoybAtuoYjfg^?za&>^Mh?D8#}VFx#-~d-JD)pBf^pyA*q-bIret<LF%|P
z-&%f-=Lln6uv2|YCNxXbgx)e$nxn?xU=JH&HUq<-3@t8%1QWl~WXiK^fclc^NfiZU
zRc%*JdmGyK%wK>VOiyc94GDk{aPSI--x8LxF)&)1bGtaMAlQ+?bHhpqO_zs2Xxig{
z9|ET{;<bR-BPTY@$nZg7Rh<e)Fz5HJOM<&{MNh+bVX$==E;QU)36`U7k+q(O=k^F9
zy2{2xyVfhlUwth$lO1mknWn2jcSXK&*W2aS-%H?ei+!`|MexA6mhNR`y0GPg<^YYp
zCX6S1%#@CfBQ>GB`v=GSJN*M1AM|&24|nN{7Y8r)lHtx?LPv+A{k`E4-P<2M-x(bq
z4u?Aj^r(L@O!nD}!^8ap#tw%^hjG-2%;hP0!lL7>NYhS~7io%l(4*sMFuD->662nu
zPGppL#kG*;xA7#FMr2euAB~tT!w;ZGok-JhbR6yUj(P`CCn^*>vyhv+v4JGJ)CZvl
zG>TQ&ca0u2vSI5^Rar59rD>I*BpV&$f1Czgm9!HPtL<21G0U~uR$htfvKfaHwoR4d
z<E)#Dq-*Bc{>uDUdB7gDrd%Y~)`op5GH{k?S($rRh;5S^BSO}LE6+uudZa$)M5Ku_
zzd2^*Ms$$?%z0ZwDmMQ};-$6TN|b4;ZUJ$qNCA5MINNT*u3f_RSBmMbp0IBHm+nZ&
zE;ZdBh)VUOcr4$E{wH9w1mU4Lg@>$@7(!5MOb=ByWF4Idl>Xx=WH*gt>D<bx8}DJj
z-17W~V#rdae`2!qt!WDQIHyauOHQ<A%ACzx>`i7t_hkZU8x&fku0SaH4Wtq?^SfUo
zHX5<m+yNKDnqFAcfl|1~Xo9G2b7_G1y|cP=SBkVg0$P|K-Q8xh=;kTS*jl6XK%uq|
zp>+#Ik$GL0B~d2=qepZcLB?G(I*xNHxxsRJk|ZKiZ?kl6?m8>0MaL1;vs2OUztm|b
z#Cw&aznps|l56W7hvqr(;0ilh_bq$7X~oi!mE^=-C`MZC*@o7DJ^=}yK*}=z1jtq&
z<E8fqSZca7OS&b9+iO$fO7+%>Z_wP5I+#L1Ex{0dddmpzy7%r}M`q*-YdfqBtJzeZ
zjW68uK%3Nw@cI`7LQ^!XL1*B?n7P4B%t!F}=^P7715(FkTIskPDMpnm)e1lQ`lsGd
z^<WK=FW!CLfAM^Gm^>f$hiw0d9>jZxEIHWQJ=z-`#q4m09qkOC?;alQA0F-YhX+Ty
zN3<VP`r`Ti^PRo^$B2B1(WF4=OZiYzIo}=@YCaVAfyDRxptrL?<TFbQZYh-d#Hc1O
zC$0kSx|qv?-3~MtYjA?LQQO9YM;}^$!L?xB`D_WimHLKV#z!g~ZniZv4maT=R1P}}
z);hQEECDX1qTRjz(LsR6(-W{?LoKS4pRdDWg5J&K>iVQd&QD1!=eZVRN%P6vS+kYT
zw*7DzRpHiOkrO}+x<L8BJ!V;0qfP{(0Fd#I*X9t&G0m*KG&;tLJE0_TdgAlAJP^Qy
zYI?1Oq+`~@0tRo;m>VGUiqYg}$u)bM#YmkeSn6PEnp%@(WmnCpMB%U>1JRoN{E25(
z{GT-p?7ZSgP3D(RxnMiQDL84jn3=D`-=7+gwUqcH+8-Y64xb+#9zNgS*=M`^?BE66
zJBauC$@AgS^PS;Qyz}CqKaBVG_UYkK%!YgW^hJL^ro$J*y(d@V5%vdY@fJ}JQ{x?m
zGOkZcXSqPs{iQiU<pOyycUxgHu#-H{W?;u&%V=O{_!C$S?5dv7Y+%>^?`Su$$b2fp
zfh#ZbZ*Dp8SjGC9k2bG2_`S0pJQ9$FTn4=zKK1mvA-vhg{J|yOw|01F=K@2X5P%2U
zaO`c<WRs7z;<ysk?FN+Qt+H6-{}-s;2-8WDKwM9oxKa`IZM(vT+*zsDze$n72pk36
zrk`D0hbeeKYt4%3(A=$dlugzf_sCx@^1;*YZ@s^It?6$)HH$ZU-)tTK)%5OS@4wlQ
zxvfqE1h4`~rbIep;49)_9?nTB1b9*xdFU-NxI~{j2ef<Q>Jf5ovp8dco@27p@0tJG
zIeyW9vC|<TLG?oY&j1Z=R^ngFLg_Oxr97*iB9xHqs7??1?z?jWJxGFGY>2iwS0jcs
zQJ?}lngLm>Sn-d773>-XWcxzA)8E}QQ@kv|1yKbuvUSXJcrFw^P}=mP^+#g}{0|a?
zL6+5&OljU~nULUHk_-};(f|KGC2RpA2)oa@Y{Cf7_!F8XDcoxoL~#c3_!lB!R{}1t
z#jlB>AqtXnisW=~c10w1bWi7ZLf%?YOc6e+{tapNA=(hG$Je{waZj=FwDc(peS?<y
z{nY)69^t#R)NiTPL5ggCXn0xG9hinROYV50C$@xtjcX5wGCGFUbRs)~{rmS|d43RU
z69acIk!wCRq;Ye438Kc2XO}_9jLjV&?z{(1*L&b-EXIrk5qR`miUji%k@K?~vUv`5
zCY2^<ET<AeC~i390=MNiASSiSwHeeH?s|wLGiYEiX~#-$IFzlvSh40aL(DH<UcowJ
zk&UfWt;^wTmIr{h4!oLnn#kqZNK&O`5yP4{AwoH~@f;G}g3PQhUtZx8`f!}r_SG!7
z$YK^9{~DEnP9P$<?auMoxb1G;|I(ZB<*Q3KRnHCHtB$;6jnr57vx%8;0AF*%-UDI5
zb27M8%^5Aw%ciQ04JLOZ%VR$~;OcEL3wFf<d8T;cO#1&p*mMZh#UV@zQS^r9xFxSH
zUF(Yb9Ejrhg$UhAhU4582fs{dR<|Qmccc?37E7j;H-4Mlb#j+&Vg;|jX+A>lSuohU
zNF>Fyt$V1*j7xAvGN1zsl}>_n9BIa>UHi*dmzRv08`Bn2KfOA$OuV*|)fh%QqM6m5
zBzQk+AFaOf1;XbNBv|dMItoW1N{cZj>J9haN;g_^HZzEW5rA{82WbysYs14S{^G_g
zp>ULBe_3-PNKa6aXhH-ye@kd(Z*v@?YA{C(gs)c$awv`Y4052;#MNvCpz;yaAAdvh
zH}t*~A@+Coc3-?`Iz&(DJ)ag+Cz6Vh^X7wmCDy~Q7Y;4n7}a1cA51Z&n#W`cx`Y^!
zmzUpRmRG<4x>A4eLw*SAgriS%tvy#b6iW!z<b#1n3ZXxspP9(&kp$rXkJ)&E0W=)W
zbAbt-3uVrj_4*7U>JYA<DI+;y&;f`K*c!8MTX2T?Xrw|=Z4jo7{%1)D?M$S_)IMWD
zURBc)zw~~EZr~-5`#B8#7z~uV6zh|0UfKTLgWa9Iy@zbS(^E5%b?rs#{m@)31c<T;
zr@e`vfa*+xHD^qyre^64YyXVtiJ2CDumS-|7>4e;rNu%*wrLoGY??k0ZF<YK``>Q5
z+ac+&E3$OHRZeTG&)RCXgUdH%qUsj5a%KsuY)__Tht1QU&bzz)-G2AQ{{CJ$37&+T
z)BkEYVkej~hPg8PxfEkbr^+Tq)A79%I-y!Q8`F4BbWA2f+$wWY%BLWV=~X38t!_{=
zpi7aP%gtYaV2(C2i@9}vVlv^eZfgMXz0Dt-Fay_&ow1Q<*77{RL+m~m*8kl8G!+@w
zwz$Oi#jrvfIBL&8zM5H?Ru+!N2$eOi9?H6m&#?WXK>;tT2ZLsfF$`mS4V!9oGbH)u
zW#&(u%Q0tbu}Rwp-o5NIJIEPc4KVTrFi)jvd`mVBP+OQ_)m9LPqW0$a_+aaF?h>gP
zuDuChY#B8V!)_pO+=rfXjR}8Ks7H#ye-nlYRVw97>~#+U_i&y=(jTTrJk>U5o)7b?
zKK~mmr9*e%yg9B_r2w7Ch0VBv-o6gHAZ2eC{2$Iyzi1Ek_n#lE!||MqUE_S<*5qV(
zbNL3dO=*6HLHpPIpX|yYiu^`Ksi68`4<hS&{r>KLb#@4wQ~aM$FwLBmG=(iPLzjiI
z%6Pyjn+iFvS)&(*SXwQ8n+@~Pwi$9efL8sZV3M{+)mQ@0Fxi`7iDmOr%*WV%KO!FY
zlkr$G&u#<p3e)trgngk&UW^D0x<cVQ%Rn+wW^__L@)J#YVnbh0+R8-6IwTc$9bXK<
zZfUO$-ghY-SM7)qP1C4;CXG~QuDKC3*OHINtOf|y3s#I}L9#5VG<bp&o1MvBk_|W(
zM0ltc{OEbkW18Z)&R)}s8zi9^Hm#gHpwW!#j}!siQZG(!>i2!d_;~U}!^2oZ^G9tC
zk+AxqwuWFog<4y9GQwMRe7qm(Gwd8ZfAJvs%$yB>{o|E0r8(Kmp*Sf1u+<~~sp1Kn
zVzt3z@($jr(PYKsFaB2#n`G89U{J8c=BG$5SvRmExYQvA1~e60mo%OkeM>QA84D>C
z9W%(A8B?RbK&_6HYL><G5=%x@u0^1zx!NA7?O{G@p<vW85FHNtHTA&_t#c{v=gY55
z)7`A6iwyGS^6Kq>{T&Uf0Iy^=hnmO;&o!b%7OCBPpT@)h@6yBIE|p81r8IkqcUt|i
zqy!|$;cer&$WO0NE(lMa;Z(zXgn3Zx{n#V#`oFka)7)%^-<Ms&l-hWWLfnmo=`<Db
z?WGjMWh~pEHHOGHn*%79V(4y{s!%{QhX6TH)@h3K#7ycj%jyQQGTQm~P82*XqD@6)
z|3?h*xBtd}{N9P!y_WPR(40VDQ_=CeUn*bQZ@^8$3{-an**Q2$j-HQ_7o*+LQNMqb
z44)5=lKnVNo*%}$!^8dON&o1@5!+#haq?os4v$7hI|u!EZ~us~(cb7|96|n3&^dVP
z+GGQW7ViTx>-Tnh{T3$>uoU_@ZV1};uW7hkt<!53i!4!)n&CU1aWyfr_s)xczh*}a
zUkI!O?k-1^sH;}=!H7&y(AKE}b3kv(^h6}z+CA#n*hORlSbA95Y~kiq1vzR?v4_12
zo$6~J_E<tB8y6{+Sa51nvMr|}V7A}zjR#7nxHSD!niVun=M{2W<~&#pWOw8l_FeSS
z-A<WnJbxn+yKXY;U`-4<jBM>t69Uno_6FMsQt!HfXF>bkqTwDeQf&}ViEBT;*A|{T
zL%kbu*&Ff&dTW;rAnBNZRNs7@O|54)z9?a;6bd=1KGCbPhq?W{1-JW)e&5<VO)Ekn
zV~Vddi%B_|QGNeg3}Hp?G$ahahv~*r6pe=kXRK-{*@oTNNJYypjiz)ZgyDY>&*?Z1
zj62(n>Z}3hlPm?Tyy;Af4IXL~EbW2Ve>b?Kd&`Z2%?@>=pasdT^bcSgY=OCH9c+O8
zX^n)9jVohXo9B3taZS9xAUQ><I4QKijdXo6pkI;yUm1xW%;lEW5>{L%!*(h(eKD4J
zITeV&DzK>-<`X{lC@wb;O>H>&xs{l&Q{HNpsmnmt{#5Da9&>sN$CWPkLM^^%SV(ib
z@Af+p;4nJg>31M5M@7f|-#fm=&c1JP=o{?xD^1El_I;E6ejmebUYkk9C`iEIwOr)W
zmAm@1xd!((lrq^P=M=J-1GzZ!g_!{AwZS2%B(=5~tB;XEACptZ2asV??KonXI=h6l
zhyQa7mLpXtED+|14IA<xk3tR(O@`s3vB~LD&=5|mO={si>LC1OzuzN(OPmP)`S3}w
z+u~Vv`h80$DWloTd~~fBJxZle2|G<u!SdEnEa~IjOe#*j-a90G@;sw#Dza;)dxZRa
za&<Adcy&yERMzz&rjq@oglG+LjPB<hPd)~kfh~wsLB%nI1FZxVOmjV+)Ur$cnDKuU
zj112F+_oioV`vj95<v@_I15Vwf;q#mZ07=EOF1GPW*9oNW9V~tf4@iGW>CW<D2L;c
z_`G3i(t$MELq__9k1D^ocnovadX;rFUkq*d8}P)7;HA*7XE_jPsBKMd0jRXWZUgOV
zESfv1r4FUi5+tc(@{Mn7{YTBYg$!fQcgqSK>OX>pLpJ8<XTUO>hMp3m%SsYcWf*im
zp;<9ylE>u`ZUj2_Gp+1{JC;y2DFAXnjlcbl@LYOC;(KdZ5)BxhHB&px4bCuyxGPEq
zWZkc9)s(5pQ{|TkhFmMHPuaXnbM8Zsk_By$@oY7rcYPPAMs0b>a>+(aJ}eQL8O9EA
z!{ih^VAjt~*0$IOq$=w~cZ`oG8n4OL#AR(LS%NI4;{-w|P=h*=<E82om19T}3pDVd
zeecYWX2cIIB(`YY^K7<kT9(bY6sQu-sN~kc<EcPcCNExFu~xZ!N46ytQqXbI2ugJI
zBG$xx%111o$0=)>yZp_%)q7b6X0E!tFPY<`*7x|OEsa-*z@B$0`HZJ*%+6IzQyWWX
z-E3l-V~G<EDxZC|eHWd)ejQoTUls4Lm^$iFK+Beaky~%zp`?1BopEIo1$ivG=Si3Z
zBEPtT;4k#Oq`=mMq;l>QpdpQK%V%OEJw8)DP~1Jw_<~nl-FC?J^%)VebSky6Wt#?`
zEht5Eb@GO6z5yHc7Ty{7hs%KG+_U&Jmtw{egctp9%(VvD&}=>^Fb!MPD;6kn2bE|-
zOL)f$y)l|}TorM!X=5|1R=JDc?ZVQ7x(;VraE~~CwQ~Fw9B2V0weh8uQ>|_FYMryi
z2DWOdN6)f!0!#yXS;<Ux^x_3btT(5Z7#!feQ(9-SnM6-62g@c}F9z~OJlq>4&-=r@
z!{KOm81L>L#mNEf@9eO>{hfHUvv;`vob4ab7yaSzh>iL?w0}hRcaBE;yQAS#n!Z~v
zd2a~E5(NvwAx{J0>Ev=y35;BZqT3m;82EOj+3JU%u1#YjQTM_>NKE62y$FH|3f?_2
zDK#RSz|N}{{<+^MQTAF?P^xTgsMk5<A+T#5?Zyl%j(Ir2gAaFOvULx7IP1E{JDhC6
zN!)2YiQ#1HoxgCZ$B8QyB3nah31>8S63>`Y?j^52?P((+XMIXP1U&AoO_IyRrYmPA
z^tKboj*OSvQ!M+_3r`_*4MA!#kdLE)lIO33h^gT?v0BN>z+f#fTX8vq?QNLS+ni-@
z?4PbE+ZxjvvF{;s1IK%sX{U`;4@0VWY(p<~>HL#0O?g_%>2{R=u!i_KdB*NF%M_on
zXPBx4YRCEDNS-jP%`)K%a%)W85NpF)%}RQ7bnv|Cci<D-1VH*oc}SJ1h;#Q@KIKF1
zxNvhqI{)ZB3V~=Wzs2RnFTV-J<FL?}ba%<5^)vCfDXnkc8}y)hn4O3wpom>phFBmC
zJ{XeKFB`r-xb1;nJe5>4xfD~QvK0!#O`HnpJqY2|rKPGu+0Vz^w0<{C#Skm(FbqCz
zYt@ZqvTcFn*|--A$%HcVythlRKdRoGPSa)PuSK{*Ye$<C-A-GUWED%AGk;(<Lmu<k
z>G8KK1_m?8t=$rz?9Qb0&Fo`Cd9SWTO-}-`Tn_8izZk}k*w4mw`H1O5X7~}Hv@qz8
z1m^P++S9}TsmbnXAYLO;#V2L|pLds^;=p|BeSHv&i!%<@-XDaDj-!-k#Xb7efa8+g
z{1%_3Pn><IeKGL5^T_wBc4U^mT#F_=<4P7_PJLM<W7g&{<mD0kiCi{&t&cAs{l0Br
z+fMvIHcVlCK&SNn$E*}_O3yAhF%>WE?VQP&W!k1%1gwA~fPD|1(u9#B9PD9`@a!aj
zqj`LJwhk~Z@P|PX4exYm9k9T)Nihvk4&lP>gRU=;L56ekq1xt{WJPK~S+=YPdJR67
z;FhM+ibm>{6h$5#AMEcx-|a-Q$WGe6x)2$<%~`iP^WBe%N!#ip9#&SZKym@#r&K{;
zaaC6EF~qK&t&1L{M0x1N@krZI`!o-*B1s0JU#fPpE_~dBZy<|R(<UrW#k@=!vS`MS
zv{gM6wSUydy|v!;)Pr+=El1OLLP9aoFvCO#sJ5JeV3jAV1qm9Y;pJTy9M{E|mIx%}
zjHVF`dj7-p@<H87hD_61qHB7my45MT9s8JIw(B)8g!k4pgTn47rDsKOZofZ)?ARZ$
zvYt6180n>jyY&=y_nB<1ubn*vHuP%+@tc#PApeuN%M8PgCDZO9+_?{3xn~IuJ_<n|
zY>|0qBY*Z>o)?Pwdcu0CPTuN~6FVA_tXjv11}-)5gqtNUn}e;HL`DUsu9{~tVnY=+
zM%#uV04}a;*a;(v&<XLDrF<epf-B&POlY1%jhPOF9+|7yIslcS(8D?UfkCk_mkV9>
z$fZyUas;^?Sfoqb9+FM_?!1MbSPS+KPD8mh);oQQrJHC*b{vj-F!%`+Ym5l~?_#1b
zZ7<l2$%w%JEN=OuVxuC(s4@RYqpU-1@M!>E&mCOiFJ%-{B&K{k(dj%KCShYq4c7@D
z#FGLNTEMDDz*#Fq;=>46oG%-pdxOEsHt$JW`aOR=ws#3)aJ|=S@D2{~zv}?xc*Fw$
zYVYz?0Hp!@TbP442oNTX4n2&DRyH+$7)je0+xlC#bEDTU{gQZwo_m3Ah8YpLa`hA|
z>4rAF%`spyJH6e#|NquQkpO|;OEF+w@ncf$){cjT%|8_`)>*I7`l|1l&v&069+`!{
z&F!lxTDeg;v?2F48<TzQY*Jh4emkYNhFMBhM@GriFB}Yp&6xYjMb+~W6zJ$;<fUPC
z)Fy-qqdTYy%5TPnl$ch4LKOqcpUG`zZnI%ACYxXF?j0QMZsFbO=EjgS%xC9agnqcZ
zDq}LsNH*#>#Mf1ZKncGNEKq=@$SM!^HY}s|s^3A!PMbwRNIvEn))uvi)yg;xix?P(
z$}!Wvey5O<sa#}<`Nl)yVm>6p91PZv)PiGg(+-hrOl6WX%&YA@t27j2R2rbM0a9eh
zQjv{)-9;S8%52qTtwVmz9H<U-&-9?l$MQJyja|koNn>`&BnLGQ;;Ks82cMedjn`Eo
zmO+y$EbLd03S?48$B{3wf>xj*RqSAouq+nlYP>vu<Dw*&gMu@JftrSFa*3JnZW&(h
z;Klrm7Fs-Wm$p4wOYw<OoXre65oV2P3AGO0m1{obQz(&p?IkKFFm-JXnqv?SPSP}R
zvBx|cRf>bLoj;7KozCi~Q069`GP22gtk<yvSr5Jl|B5Qeb0&=Hr_4Tsm0T~rwIK0P
zTV!dMOt}q;Jtk<ZpR$C*_y(2UBj2#w9E2fc0xlVk*T!maY?{4=^D$#m(Jcfg6Qnd=
z^_=r$Y+&gSUgnOgeqgsG^AY;+c*kVd&FpZezzNaFjZoGUlL)m8g}FJ6VgSdsR^fCx
z!mFPldl<sWCTu-b7Jpl22kbI{sLsRd25E|Us;anGDHnm@DX02LSk937ijd>Gv75Bk
z{j00-44HekdbI&p65=9E)CR5%+fJ7*gaL?<D>7x&Xgx;uhcZBSE|#$6D4m{w{DGQX
z7#QQuYEGqgbOd~4HDeJioYAJ@94J*VdBsK;JZ*k~yenMK&#ZkZI^O9Y?RV;Ntr&40
z9Y+(EPU}&tW!|})*Vol3@iM;MXsIoc=q@9(S>T$%=2pTm#6+mB=EBu{y42|9L+IPE
z(qdjQ&3sN$Xouj!rmmR6Md_DAtPNRxSHi@^N04pkm8akeqGq-uNnB5!k%Z2d-|%kg
z#U3kR4R)Z2a?^oXlv`(L8d80RV3lT;sUZ=U?`CmajZX^YYu9>a0&=7U1r2q`Dw)*I
zh#iuObMm5jE=4ZkzOXWYk;m><A;wx(KBcr_r}%W@hBJ_1lFgRnc96CNBdN7;=ra&=
z38t*dX8s86z@EeKx~+DoG{&2ak|~QPG~;Soso4!0(Y$3spY{`cVcZ@j!tw$etSW$0
zSoR26w@SwDC$#$vm$tyrJtK3)S~YHKmxgr4Dg5?9r>g6S=|dUpwF=+%68w}jQ<dI6
zA?-LL`+~KA5Aj)sIaq^aFoWEt_jlhu#iHGL`NWIuRTkB7ias~LLX`oK<N{-V0N0&=
z(}OFyq|5aI2vE2HhQXyPH1L#Q{F%~$ELZ`?DPHH2(d4v@rERR|QW%V3Yoefe7<>Du
z_q-xcsAkvN;CWmR@RTAoYx@z}U>N58bs@(rI^O9-)mL3eL=YJrK01!BDjiWaX$1_Y
zH)^GwzXmAUk?QB!%A0spvCKns9AO8SgD`5(j~?icE_GHlaY^&g;m<uU<<_^w<xKDm
z?6uCAjZj-G4%?xVmf{w*)!4Tnh+s=H<%(PQObo42F3P4@vr?-C1uTnR6)I08WHAgR
zSHr9Zmt~5kh2XDt8m)u4F6wdQN`i^&c@|HkaCHJ#OsZ<F#V8c(D+8;VY0cWboQi0h
zg54~T&eD0;z8$iJj8ieBsZRsypTq3Z!8xpbiEmD?Pc8@6FtTJ#Z;Dj&u2bT!-9)hE
zu5)dIDZM{+nF~%!8g_}F_xGLst(i+Or05{$CJh&4g&w#OgRprc&WthJiY&4W9I)(Y
z9an0i66{nN)T_QhQjDsR2j+uBoaQ3_8`<68M;mCuFrQ#0J)%uS2q<(qGpg;}*HvlS
zrGWCyzy{v^ot-9q7K)i|b3#Wmvojb87x2CsyT-vY-W&4llIlq<5st|9cAW9;A<tTD
zZjkZAQtau)fDCy?<=p1ug&@^3>rKzk6i+BOThlP^HC{kmOBhGwhByS6j?H9wT8w$N
z;2|^<88iP&?^HL=xcTQO#hNsvi&s34yECRI=5K@lDa{)Y-hd6f4aO4y!Nu)@^#zOm
zl-aZFqXB~H9Gkq~1673L`dDJygw>K`T3BLo#i+?0)$s&PT$RZ!g>qE^$9qf}K0Fdd
z2FdH)@GirIeQp_2#qlCXpr0w2p_*E2#8U=(r7Khej#yk9xdviWX}Mpncxi~}9yw9&
zk&32pA9ULKxGm#0|4P}!Zb#WBped1!zT+vz+qKZKp5}&*yOkv^p=f-8_F2JTKYay{
z;Kd}!$`yjr0s+%8oTQBDUb4nnsv>{Yk#ey8z-n*2<)T~Wyk&EDJ)0@Z6+%i;n)uLe
zmX)F2EtKJ_TmUSE(qd}HYAw2b%X5fIhhx29M0*l!iXxW_WmPXjllEaB%^GFaY-@+{
zm%T591XZNo-2C{Rkf#@eQ%8%7uR=^o{^sUKFV<&FyPU`Xk{iRxKYqe{!*=<MwHO!P
z&|A+iphmj5%a~LXo)a;%Ph}sfB=n(46Go-z5Xmw+1%pDGLY)LVZUbMKc;g!@?!6z<
z+Yc7;=-^_sLM&NiH=@jei580nFD3~jTB#PbPsCjom>e?>N!JX0oN>A6yqYF!9~paC
zR~(!m8Qby$>}r8Gw`pL1X`jm6*Y*a49B^1n9Fi6VnFQS|sTdoERa^Ir%1ZJ%%uQw6
zx1|slV;CKo_r<_`G3KtUpJe9b8rX90%W-H;ov!?Y=>#LVo`F3OI6b6C1MB28*YhCt
zZ@HEQPK%NAQ-ox>c@Z5)JN^DN>O`1B0{(u(ZRMe52~2<wnLDA9z{^cvWX&z}=k|(C
z#cUCEG`7rq2Na<ug*KGiE9H6)_2K5CcqUOmp9Qq;BkKL@v_mj-1Op%xOjyK2VH3?D
zLuQ7B@mb<d6ar<R?0j+#npr^sjR{(iu^>f;mh>{ecPz3DYL&b?ZO^{muV-JMh&%5K
zmCnhS${`(_s~}Bn?Gr1{h&V2!-y)v{Zbgxl0H8PYz8$8vY}!_?wvfehKXD6yWnz*=
zkbq|#x^XCP9mO}ASWNRmSDlH=Sq;@pD6mHc-I4o0Yr*p~D=1ZOG;5i!xSXYP%rr-e
zoD><}d0tEKHMW34Zp3&0_v`}CH20QPnfy$-zTs0QidsI){YLcx+lpt^LQWtYvU?*n
zjxdVS>F2e$0KDUAT6dOjvwqxAZp6JbwS`_l1AzfBcc3d1)2k1?j*9=Fu@lJd*Rv_h
z5gl)BwvbkLv;{4>kxEl%fPo*oMt`_vb5+T%Xj73SnD32(FmAM3I`3e1H?PAwdD@zu
z9P`^`_c6=88xGc45E<Ko8NgKU(w*S!AkJ|G(DevXoslRYHGa$z2I=9AOfgJFeA`%C
zkC2yhm$e8zhhSVAB~n?C@Cj%g461{)ZCPGq)Ub${JpsksoyZX%U)u$`gdCL(Y6q=t
zgBG-0y+MJiZMddEW~G`tArl3gR6d_5i({JSj7neWBH-fIKYzidb?_y}X<!_a(-Chj
zb6=QA7ZM&YlePCKKx!55D?AVF8FDDhor+yut|vW5t~cP)h4w<ONK~T!*oiXmO~?La
z?k%UD^uSSG)vO_gppb4REX@hT4>*oIEO?r9-H9oNv6xP2mNbg0;t2~haPS$SUBz;W
zmVU%V1zoaevxijWvqtq4BZpd6DhrT$Z3@zIa!euSrc#rkpfag*(Q2WAM$yd<rYek%
zqp_qTn$h=uq{#jTCMqLfMOf$17J|%*GzF&o3Oj}%0PhTwq1wTL)$l3U;ezJANDs)N
zW=^;m5!scuj3C(F4!J#H>9iY9sMKm(OU5v;-hN>lePx97m`W%NAEL@&jtz@-Ou*32
zi?(IY8IwbyR+yi#5!Z7})}gGsd^jQ;U7L!{yJ`4`d~7>qO3|^EWHC_yXkRXaIhZ-)
ziJ@Ryh0$k;!y4Q+qPRm?HWTwsDQ1BNY6SZ&v~G@4aYw8r2S9)a;VKYp%C$xpco#?1
zalfKdLQuO048LWa?NEN1aSGNP8nebhvT#RbjWh#zwACZzB!_^4&|KF=xVvthq>JrI
zw_Iu0X)v&bpwrnRW7oGl|1pz{#uFQRxG;yrEzfgnKv=UFv?1-vcU0O6N2Po5qN32Q
z9G^AepI)6UtHOugIyN4%n&H|AVs^+(wfXVmGtI@d!%=C-E7e=oBUfv`FIoeC*RG3a
z<Lx9<5X@_T+x`mv=;GJq&SdIRiu-vl$<!4y{Ok&zHWWK;cydZMGRMUOFKtT_yXuG%
zMlkL1cT^@jfh-!<!g}`3@VRp-p(l*}%d=h;EIgNInK~8IT-u<LMZO+pO8~3j9uDs1
z*vW%xop#(C4cs^el$1)Sem$WX+27eEFXx8H?5%Zvc5&Uekay5u4zkfTK*eE=f|Oq}
z`MpgZ8x)!9H=}$F^$acnF2hkFKe0LKpfEsp;0<A!#@f6*N!h7q0fB>ZtIBB94X2}`
zCSm$RFpkl8xhRxTvKp1S&^`gR-&q1!PKCHFa@<OE_>2XZX~69-<ug_TbV~2fY}(%v
z-ZLmn5yorw`~Bs3l1#fd%{F)dPyndAsK8hW63=dQT1)y3k6bqT*+>K(!$2@OyXv^O
z2QwqYlYwjl`ke|CyaBSJB3D{6I)&!m$we2^907YsVj+DtYc(;Vlq5GduRD$-7?};S
zf}+lQbMrcQL9p*z*P;CfFLW))KbaKZxoIgq)EOrtv*dkq^IBP;0zbqi;5F3clAY3c
z(iTc=`aniQ#E_Hf;9lUM*Q5fXx=Q1XrcxJqV+wIUuLh&Q2ED@fQ;=^&7QEo_%w>i5
zT)@h4n0Kk?-^Tl>alF0mqLYWYUxln6Ef~Tv#5aa~Q#!BbS?NzzRDT-<L9)t@CL)FE
z`M&;Eg@q2;NI?B=d{pL|&{P-!_sVlFioa_kW+-7$r>Zs_BhG-IMDPfju{$!j43kRM
zmZ*$6reE`H%w%bb@MqDn4D<D7c?`Ckuc%OEz=^lpxXZbU02k}xNz0K{>G|02)Q92<
zCNVnJ)H=qebFvBRyE(liSJyXN;RxNGB|}j6%#TdYKBNq3d^?t+$gGUd#^%a+MK!yl
z^L5IdV+S(E9=5t0)<`vLzJ>yXld>!-oW+#UnLW{!@R;iC5Y=czeAv1hEbiEDe%lH7
zyWarp053r`C{fF)j*pT$uDGpc$ErFetz}HeX2NpGVhTZ@c?ys2hJ$`sQZnU(t2=CC
z^ejx0gKO?(n9iUr6J1&C&dT*ra~9>cYL0^*>751v@x334A^V9*<<x^rF^&EJJR={B
z6675wKY$ra!HX(7`-3(5_JtxTA4&@46=!xV*z@mA_dBXUF5!l%Y?|g?MJ=H|RxqgA
z=fE#5{q?0dBQt6>qaw8;S(ZR?K7zU$d^x_YW{{=HtjrjTC>vbP_FfKNnKQP8^i3=B
za_|byqOYuvV3Y+LEmMTXudd&2zq)!GCPA=*dX|)FEJ_&Ov{iqtryTS(U#+qLGr8kt
zPMX6QM67{H)(e5PMIWrS=!1tW`rx69K6vb+4<57VA6}>%7vPqSy$;iyxLFChRGh&P
zGhx~=JuxaH=CZLX=^|txc=L=1ncxTxgJUDP8nO+-?Ls(9q`(_6+QpXbQw2fxVb9w8
zTtWhP8wLsP;dr}3d(jzGgFl0%w<{+>VoWAEgpT?e*5yl#A3%)Y);6T!-;~@HZ%fZx
zUlCV`KCsnRYx_XPMJsEW@w~^Gl@s9RjO;Lxj~X^(gQZ$egko+Q$ZqeZghCtW1b@fV
zB&M>gHCL(u&Yo=<+k_g$9RPPX0+z-xqF5%nA`kKVUpLnvn|w#p)ZEcaFbhUo*UT_i
zsyVRqIZ+}l{Hu_UTDsToQSfmk#it@EQjB!s3cdRcU|<x@7)yd`Rvx>r5B)_CEM9=+
z!ALtflPTnvU?dT7;iHAEJxWuaDwJHAwf<W>jZ25LM#b#XF13v|sP{Jf05URce+6m7
zy0|=t)>zIl@^6iI8c8#iQ!tn~Ye_IbeL$Wo7WeEIEO|R)5=G@j;}0$si;3?5S`PGR
z8yE5%jA*<lZ&CSskg}*8+aB%(K;N=?^IiXz%~hjV(k;VR=g=J?a1+Hqi_jNw#;N`G
zf==1u`LC?)IEajDJ_b5{*atybs1TC|HYs!vL+R9c_^FKhMvj7&BS9)jj8d~0wx7*O
zuedGNlG;1W++joDDUOaighFIW5b%cznu8}}F;j}7OH8;1wE&{&0{;`H<85dGxVp5C
zCZ#i&-JD?OoV%a%Bxy`l?p)173r+6OsM|^?twf=%n-Q>SKNma%H2^SI&w1Hq@i7Vp
z0{5mux@zIV{;#9`n&BJxJ3fZ<nGLB30H|e=i0-&#<ATa0YQTzdN7gsAk%|fv16_!O
z4gBMHnTv`i(nj30_~2Ju34Z31y)pohOOfne3bb6u+Qy16gsHa>iZ-mG9Wj|_bP8EH
z#BGsd)-dqy28@QT!0sW?hiM~6FR~1iNxByX&_6&UlxPI^zc{TJh6W3_l?m|=WQ+N-
z1sWu_d19FE?#_BN_EujM4;#9f-=RFT0l{OGX^))Zwa7S#o6ywY(o<t&{PLIFXkJRQ
zO#i@G4)(}JJ~Ud2RD}y^=_*{vJkz8P%9-VHOF)3w!<@#fMTBWcs}&i>N~>moE{sr1
zI}$3@UPVS3^?Rr+aXMk(I<vYaiL;c<jI?CSQpC2mHzdrsgxY@%K^Xr8fqWhB4|6w*
z5g52#U-zP86@EBv_KdiQMeFYfrC9w{?;zkkdZ%#sOUXw3{*0w;yejD9{9<4($PvGX
z(#Yeo7_lAkih-r#{NCJ8gUeQKVcURR+7)6f{mRS~Za^0Ao?H$B-Ku_C&rf$DI>Ted
z3Nn6xm8d;WsnR?q7gkssc$sMP{9>?GEx%q4%WvqoEd?KZT~<&P&YGCcy=&9?#X$Ly
z#&Nq@$_g))G}P_RUqwc>rt!p%j7QDfJ$)6moHsLN6ZVLUUey&7ee06wIKrU+ph1uo
zAv%u!3bD4Rhq2^u7>*XyiqU2=526;heus?V+zJ#uaz?W;aDQk}+UhkOd%35E0_$~b
zR>kS`O4P+s#No)g@eWSj5Gkw=smuFx65G;WFohvUE$3K%0t@TnwKexasfJFS_rRSZ
zw{@ANXBMx*l!r!Hx3f{4jqnk%2sRk_o~2V%ds;jR=$+c8Q~FPlb=fVxO*)vmcWgKj
z;<iMBjf*!M{2fm<$e-14I{UTZ5hp)i!vPxDUbt18x8KgTtX&2}et4`geAIkZ?}P^S
zv9QJh=f<vu-C|J6D<rRqVaD{}Yz+vpDH)up#Q<TO^}!f`g9kPGnb7RGQDA{;d^U8r
z1ofL{z?bZElh@)ce4e_|Io>DH!X!r4UN9Gh%>hD@PuWt=egTFm0YX2VKOC4vbBRN(
zHE$}iS&dBCa`!{8hW_;^WF3O|g8zr%A8knIr@JQ!%{7xyk^Co4%{A7PHZaB)7H`{o
zYpB04?Hz~{%*1?AL0Ka!ht*`A^u2B|SscM-V83B<s-VIwY{&V%^E1FNF~q;Lz+|H9
z!YZOp<jROd$I*q*gDmPq$X}!5cbMw+m*36*{oV=d*FFa5cMmFei{5VQ*SGz}0$8il
z`x$`jqN~wEKy4|$8w}M83FwI`D+j}`Ra!Y{zZHNpq>2sBYOmQK=bW40pLM&YMVBYf
zocsrjz=ov)qrj|6wxp+IV>Fe3XMDz3;uhlKYR&!ZT*6?EO8%-eg*4bANaX~2C{+8V
zbF95@xJ1fh-4gkFO!}lt_I8i<jt&lYkM{lhI)L%4|14O$)idm4awF5;u7A8NUzx3y
z3fVJ-=a%4ImuiD>4R7s=z`M1d41ES6;oTadGbY9>jfhQ(3gYA4!x~I6c9vr6W?&tZ
z-IP2dxfDqehf;SPzIt7${thN_klMMvYz{?{0a>O(<e(sWV7Gc8xy2g&A-W?W?~D!`
zhT<7|#`Jh#fUB;y0#>WLnsu{m_gBL+@!9;<5YBQ-ODOT8fu}WgSIwVQ>PP@AI6eTG
zX__T86&WLE;6r@v<32Eks>~{Cu2APE-8M&v#kC4*BHqf9e6^yQ!APe;UiBr#WXo2b
ziIuvuU3sv|+9a#XfLEYhQlT>#^n0PeRJ*zkCyqa{?a^%89B<vKo;X^wo@ZmIwMVH8
z&|dWO@WqF=qM!9bpEv|hQf4`!v-vkT;z9p|tvraE=ly2Bzqz?Yue~r<$~x&-*4ZOx
zjkHn?Z$6ix&^c<B?okJQ6+*j48Q{I$gPlFPx5xJTFGh#`r2m}u_x29^$!LFcu*06m
zqfxTEyLYg=ceq3QL)PEl+lxm#I|rlPc)vfSPgw>ylq-Vjzq?1hqwdb(?u+Mp2S<B{
z-G0*FXL~P(qv7yHym$Egki~obWdHERPI7eEr~CVTmh29P$%2Z(=e08tlnO?)rF_PG
z35?!|^0bibW+IuIh%~8tS=rx-_6@{{xFN9c#lo@kW!Y<eeK4P(Zo=YQA057U3Nh}X
z*I3mS@$T!tcfX!?zfQ>4H@&afFYmtAzr6c8{pH=)*)QbX*W=@_zxsuIJ@b!qb__d0
z@IaT+Ik+wq+DFDZxArO16nqE82=Uyj0hTvjfGY1klsFG}yG<_a)&&SvC6(=j&9;?J
zL{Z_4WlEIbZLWdk+A)RGY2R6<^!|N$>fZa8yYi5Fcf?I=-rB0pe`Sy6C6gs6wYlLw
zd$Xvmszm7;h}?01pEDVNSE(F}YbinbxRO=AjMOq&{bLGAl~PD`zz3EGS~Se^@;@}s
zPvlg{ODPPA870T&xB4*y6+2@|RI9AwMyeykN>a;a@73n3LDModAg|WRIpVu}>O&Yv
z^Z~seGOp`YT`W*b>j_zTaYaF)MO0801zixQie_AM$wtS~(b2(P)QPIq-pmfH49Ie9
z5n|evi^8&v8wKv%og~Ar-Wdhi=b(>{qyP2m&hG{qPz#;P`!0I_-te>c<w5!X*n9Kl
zwvBXO`24L;(FdOQ*qR|JlH#gcxmB{HIJ%K#9Z62k+$1G8fhLI&h(@qziO2V|ztvAK
zXlx`%Q4%F1Q&YAHp!enXY`^Eqqt+GMQdc0-{=qIOe?r0&5hTVQDM2^3gC6Ku?kpZC
zF_(H6T|kvJIv_Cw5Qelw&{(O-SZqhqCT<od_f0PD+>(X-qaEciseHTmH|0u}853gP
z3q^93sW4c7R^5f2d}#jM;PoWXO~ra@RJOn##5zI4X>v@juxni<mn|Szz7-NYn2Uyf
z<#eg#ieEi7=dx?)v665mww0d^GSvn?-fravCz*v)NnVe9jDA@z!RLefpUizX2l($6
z;{H^|yW+whg8b)IQk>I{_guaqmH7V^r?@N4ikdJ#>~J$;T~%F=k;jhSH0n5?q7Yb)
z@=Ws7aX_Ll)9R@dw>OVpffmfLr^U|bGnq=Y*U)q4HN;Mhm$7krba}OZ`0@DEs2Lak
zybynf^`{3JWH1+$^d*K`4Rmw^j-kK`Iq|U@Y6>0sR!!6I@FMEqXh(c>>toL&KC*o3
z3GRKpey&y>bHy9i37X*E!ROZVDNmpBg>~rt@#*2!#nJgM#|KAWfDU6yxcy0$d7q%r
z@Nf{s%}o@kQx$zFF~rw|c&8+MZ@ZS*r9W`g@eYC(xT*$Nbl4cFNF=RYsWIE;7-<h3
zi_A%MjL2+6KmZWI+NmOV)`=0x%!7U=Xj4~m^{}oT;8gGOR`kz=czSzsCM6cw)YKKX
z!jrinbJ53n#DSDYMGzTr$PG9+sPBR~g$Lw>iGH8F95`iwEydU~f~KJufCJCG3b}-G
zaRlEMN+#)DqBnzw4=z@;bPG>hQH0De+G=*u9cl;M589D@|FHIf7GjETY#RARXX(3E
zyBToTTJ#UJ+eCM0H`p#}a=|IyE^&w_+O3seGQm+R<!Kpz#p5v$Z(0^`=c<wmShm0F
zX3`_bg(a@#T<UFJLCl#geOaG`e4BS<X}aqK!*zQ;!?iw)X=3XYQc?@^zr!v{PK6SX
zaOVw_%sP$h>Q}9YcjNJCG`sYpASBjL)C*4fT-SQU;{=l`rZ|6Y$iF~ScC+v_Ve;I)
zlg1}v)q(XCB3L+O257~m1Y5+9ceV&gJn2ij5^=}W7a84z-VXdQA$?|vwjaAs*Ld4q
zt@Q_G$*^TirTT^mc?G|k5LX<4{0B6wdh{b0uQ*AP(iEhd<CD<8F9<B{rbHvfL55=^
ztR3)t<PiMIV@e4ew8TPMW8=tpOXC3ji}<uAj?s`4KUxH0_fvpOG*)D^IF&3pY2J5m
z)RBrJ;oT>8o%qy{+PGvn0^PXr53;L#w_Y4x$V{`LZ<8CMl550_s`DD!5I#gXv32}`
zEG}+AY-&x-dCnwes&k8C7vwNVJ)NrsFNlbRxCx3RS*Iuweo{6As=z#}=iDQqX_Z*v
zkWXtS$wO3dNTLiGF{tBgc|IQew14{HsQ&S2uf5wJ8VQztC|mnnmKX%Nq?1Yi<ja$b
zor{YTe(UM}(IMrf@bUy(?eSR|*XN`7ZKd21L4e8Pew8QtVxqqI;?ATN3KB%`nX=1h
zptK0ZZ1FWkdGyQ20KJ2cH6!`9>eFIVcnU&iOyR-^o=NZkL!dtufz$Ui0#{WqeB3KJ
zfg8y+hc^%Vct*5T47O`Jk)>ro&>7HTVKLdPhuh}UP^yGIK0Rdf?D5N4;(5vWmUzhD
zq7%B#Ey+&4S={p=(etuKe%{a=BY#QrzW%-V6t3^$cwV(Zex$xhVg}NBB6e3r%Mx}p
z+T%FMuZ*3=uwT_B4IqL0e+zPk{j+1SKldGPUKGRr$=N9<n0K5QY-F+_2sR1sgaF^b
zB_{7~25)xSH6Hg1Sf|x!WjOixCk$hVknb<pW8zClP3nA+r$sFpXAGa;+QC$set2EN
zM_nY^vR#Yk^?|oV(1-0OD`*r9Q2ffAae6PZ#H&}iK@yCf;*@*$;pnX18n#;7FreCy
zapJVNo`RNu6}CiMI2np3UzD@=L6xVY#&`~{sO#Kc3Ew64wG3OAVFm0G=Hay91~0tU
z68iB>!^_?Q`jFVJ+`@4Ngrt6rNgKR;p_>w?C=SpqadHN6xpeFzY72Oe<sk4-eR)$!
z4W=FN2qSg&B(j5Rk(yEmBWFaQ9c^Od2xwXRAg7_82Sl|JHiB_NP3#y21ea-EQP4?#
zVP~%h;!!j7!w-<4@JnN%fanuoxiiU*=36Jix9YYR?7Wd9R2So>yVq$GBL2$rxGUVM
zO$VEALk}d=a?X9wK8|(8I@zcq(G@ApIKs4u3ACx$G^sCn8#vt>XKfIzYQ&vuTo0i4
zH?5sSt+tya*ZBkjke5t7!g=V}(7uKFdJ7xiZB3675H?fn+~RxSgmVexYvV)0>d@=0
z0jCp>s+ElE+NkDDZqD}0q1sTo)cBl_IZDZ$M>TR!h?EmUG`9($R%vJ++Bpd8Lf|OH
z8me?pLMfxj{H6FkuZ2jfY!4xn_8!?o;5?FfBK^Pj(6#Mab;0qN>e?Cv!<rG?yQb#m
zwFV*a^5h~%P@L2573IXlJ-?`mQnH~8YS+*Hw0yX@DmJ3Ujsv1R_EKWs&G0q5fP4a{
zu|9_2)I7RZ>kXLE?p;$*v*z_Q#Y&);CUZzh`b82aYR%ce8QoJ3d0@;~sL3AMJt7I=
zJT3Uew<psO0Xc!#U7FTOB&ZDpZ#~1C{w!t_puRm}H!@^geH&;Q6h-r|%LH<NpmgGp
zWZtuh?Gin56pEWBB8*pyEN*BeWjtwzxt_E_GSU2LrB^-#JA%=|Pk2=EcSTk9WO`v@
zha8`og0^shaLs%1Q~Eoi#cRvdNVdnHDP0Du4F&8o#k0jpIpmunM~}wKVMS()QDg|c
zV4(z(fE3gtu8F-MQjEkV_I(DsgoByRQjpjGlG*sQjwBQ{q93Ac8iYUEKDp%?JxVJr
z)KxVWA7_gz!@tJ~HDcW>9rIEp8>fT<32vmgDz^MejD~zQUwJc)Mk9x;E8d8gRwmMj
zzqzfq!SbnhbVJ<m2#BN8?wWJ_;Mz0rti}P4ePal3Dp`drqh@fRcx4gSCYJFB-z76U
zL^rJl)R>^i2BSN5lgw5g2G%7oOgDH|dpl56fp&nf<4v*R36wdM$AnlA_kzPbho*$%
z_YR~q4|aBUhy8A2-pCaA0=0R_dL4b#NMM!u4d}Qb6pP)BkRc|RUyB&ggbH)P(DM2Z
zed;0kHRSWLLs28!h$&&9kSXd4dp3i|V~5`EoFDBUemvTF!&=FU*4w_&%kL+?GT*VE
zv+6!s%AN4(O9TvXQWeN7#PbKJzkS5sX#$L~mO6AI6Ajc1aa@ASC8XuD2#@X+$z35_
z=OYfT<v$&AhQq0`mr2mXo46z9&7rJxq4!IaD9|Bx9OK&`H31z}zBPdlGrTpt>W}#D
zJvOf+FEIAH>Zc3)FY<9@?6sOTBVfk>j0NZ{PwXHRS!#)UAO9=8S0B<%?o2A?Zw!i3
zK2JGQ*N_Z2Dg69u=S}Q4(Q7^kx+YD;cx7J@89cz|rR&^i6e7$uTnq*RbP+^Y!JGkC
zNrd(B%|+>{p@t6B6<&`Wn?M1W)O)LRD(nJcL&wi+tq)oU+4sPoFVnMf>rc5p0K`c+
z0zAVa5JPj6KdB5H{B!@~i3n3E)34-`$~i0Rb#%$jM|+HbF;)Z$5?{*0Lc9|yF)%4y
z+}fcDYEo`W;fc#sjDJ9!aZC^&iWGGcM&`9Tc@SwN^kS`(vF&o6QcYeN!P`5&NK_0d
z*5(w>kF<0oQ?hVQD`5Wx>yk#H7lr&cL3wS5Xu`xWQD<Il{Itwt7kiR}llSR@H$v`=
z^wE%hYzIh1?egvK*kfYeo07psbdl>yL{9wVPT%XaJKPU`-_<2aA=?2K7w36Mh0+Cu
zR1oLHQLLgMxun4SAajj~@6U;Y?`sGLdU{ySS<GLsrB+8I_k|0d6`Sacbk9%S{3;Vn
zslbc}Wy+Doee#Gae4kapsv;3y2oWU1VXv#=NA}ZgTSr{UzvxIhByVJtNzDkI;6PsO
zz{9|q8qz)EeC=@k69~RBY6iKp14!xu$`tuq=;K3|Yhc8F1k<6nFSE$=UpcjgQ8Q)*
zH45$x+%WynkjFY7q9`D;PJV@dO8^|X64Sd>3y3IYRvodP3V+KTQPR#EzQ*f%2nyr_
z<Vi-R#D!F`NxoM+Vn86-ro0`~*u2D2LI&O7lv1f7%xwI*oc(Z4v%_qfTrjqa^dfRl
zL9#w;Zbqs=gxGSQ6j=wvVgv6Ns3m!tR_Y^I+3GEJPD_nt10C@QoINHpi<;Tr>&SA0
zy+0%3-~TUeM%v%s-{%jQ^vM1an*2{l+Qj~1n=}3kn;eAxNh6rvKv(pqnymDc0B8<Q
zj-es-dO*U0arwdcn%A@%YgR2Zy&7vyjWwmln(@s*d4rrL$LMvlDkOLZ+NMvXOt-?X
ztpG`mhExUFlYcqIP3lw-#m%c~jd5q9!;9;hXKLbDG*xmko39pY_(^#3t`LvbC_E9K
zHy~~C@I5eQY<}SqALN9yt4Cr5XncQ5FM*W<(@NLyNC9c3>wgK+WyPHd9o`}0HyFIi
zSq<#6?R5}wP09|Rv!joS%TZL80zcveWX0KI?qZYVjr|-jQC~-JNt(CfCZ@j1Hdd#@
zzR2ak)|<sZ1F);l>j=;DBj^mQ8Wf<uggk%Tk79A#HGG<J5j$c}f$RvtQhd_u?FBQO
z9lqsJWoSZN!qX|1s9A%-1(nD4yEWI(25Nolij}sm^~5BA1%`@cgn=YTm|dP+ELvKN
zo0lCu(H4#?LtkbcMzL-vwd4=>OI4IH&5N^B-&1qyV2kAjJ2pg?aHFukc!D_V(D9g$
zjmC4u`N##^nXBzKTNo>)1CO*+vNj#;3-04sBT;+?B`-yf5MP{;4Ph!hr0j}M4YhFN
zaloHS8rsFL$l_lJAH$F$K%M$@pAq86;OscmJX1LLjES9OBCeeF@$)}vuI{uu9cT_b
z<FsvZsp*y0xSs)dzi41JssDM4G75PQ9J-FZn_eDx`&D=ciC&6M@o(TpcU>B}CgI6}
zsLwMa#fOVM=E3&t^we;gR=-ayY^H5F>8;5i9h2WhjEu5t#Hu;=w{JBg@}2)?Q=`6&
z0^%RLW2zMM*LZx5p#aYY9!MeG>%tpv6WHLG)C~y?v<!DLKPQvrPVhbPQJ)(;ayr&v
zO>c;H^IQR$Ls^CtB*K8W&6eKosb5?g#)Ph#T_2mE*5q-gU*IFoukwWr%onH(62J)Z
zK<?cFvl7Nzj3=Vx`Qu%pVr^w6QcXPMRf2pLONwBxWB;-K@@Gi4T>cZu9>xFFQRrin
zh&(Wv-+5{${bxuCS(o0KxuT_t@5~b^6B4DEA|+4)pK8HN*?DB|tG3tT_SO<@G#0H1
zHc6$I1bcZeUIp^W%Ulh-Gy3fAN8yzE_FsIP=}*8fxt@CdOta70{ezKcOD(5;g)=V?
zsd@UN_z3!Zej=`$cOQ-}x3#E}q|&DRM9BK(<E4l3f#WFam#-ELlQ_EP<mHM-iM<SG
zbPbWlq)`KwfLq9X%b@HC2e!$utV~~Mtvq<5RnInfqW<E+gBz~FueWkb>}U4H+W@>T
zugU!~Lj#q`vEg+-!^r4e&K(#B7m|H%IBj;8i&|&|LFsUx)6I3dh}EIY@{VHs{q1b4
zEE_v<`rj<~uZ<l=F&a~eN+E#5XQA6reD~a^fG~8%P;>&Ky<?{UGIpDRvE9fvXR$k;
zZn$Lq7HY_(9}}>J<n*>oh+SfU=fu}#3oaYMmZ%{c$W~PFvSsEKH=$k$O1BAkDC<i)
zcSS>CDMkHYxSN#0p)6seR(`tk%Pm7YJ0_!ElZ>r?uTPq!Kj`h^VW&43jyrf@jk-PD
z#HQIdTUL9t+w5C}^m?6ko9tR<yNjEH;TmaY_0H(Dv#nlZw}3+SC%yl<OtOgq;luY6
z4e}Ij@N>!!Kt{m2!p0PHu#RjuK2-D!ig~Mr7kQT9>FcyRT~50S7MMicnL-}MAS$%i
zkmHV8h$n5Iaj&We@PP1gfOnj=Z|4n!w5V35`|uEo(!^R<6r<_l5ADE@;1YfxSranX
zF<Hc6o@KvUg+_!mX~$9p3DT{F?Mrf>q=;o?%1Z8FwBr%qByPxdH68OY(0$Q>KqAr$
zE7bto-Pfwm8XSZZ?}9c6)rn6)lO!{ISR&Ids9FOO)=;XyGI&H9YSHK(eM!Ev2X@^r
zxxHDEpSIi@n$K1{4nFua@{GM+x4YYh%F@NgQ3R$eB2$g$({Tgmxh(-0U=Ybj-T?54
zJR)=-runx3uW2zL;Ki3MFL_<{n!Wa%#+JOV=Ck6)*=mbPaTk@ph#FTY)s$yb@41+9
z!MWtymxb)GNfevU;fh1Fqa4eM$K=t>>x-wOVt36orY{<%^;p#x)$%~Q_wuv<sAllx
zo8!-K$g-yEq6RQ=*EVsQS}x|^QZM+C8)wJR%j8+kW@&$BS$;7k=|zI#KIyuWsU`o~
z1mdYV0`PlmUeob7rmX_uHuUdRlq1L0#nP}HGfqkZ!UaNbS*p{7D7-w?X`;?xE_Tov
zEZJ3J`P4J^elzw@PK-ak)eJv!_Y?3!{B%m)b4o)Qc@4jP4v1d}LSk8HF%$_DcV;?A
z+!@@1yRG(aM-lP~dWPdOBU`I1DdjX;RAWQdq4Dmry12jirSeSEGI?=+EnZ71#rCNv
zY)*aI<jHYw;!5EyI#%_hEwg-`aJsIVWH(R+A?nX<3iZSH(RfV!Lm%7joE`J4?5{`s
zx*!J@aYw8WG=frO`0f~7A2Ih)v;$=MA`<%s47v79u$f356kL`(x#2r7gJ4Ky9>g@n
zHale;hu+p_)FRt*v$gW~THLP_;(o+;@s!E~I}s<r`=PVm^6rR{4uo&12yqw@VXIUM
zGhvl~=Mi7FShld$Z00ra5%@gC3B}j`;k?5)>zu(mu-F$|xOjgn@E%Vg&vkl}iz1-|
zB1$c?8~T2aoxeqJ+~vtdIwxj&+vE*RL(FDsgi4KzlnIijU&d#HCx!Qc5Rsbz054vX
zdk@>NiG=Ns%Zbt*fcsv=8UMg%o%Iq&;gq=Sg5YlIu9eMVFS^M(sPfqbU^{?N_CRr{
zNFJvVqz^?i>_%|!*kip6b|>it!TjW}H8G$M_Jb=N&6T{CGR=E2K5&_qKhO^>F|I3n
zfyJ#7>$GtHY|JT<yIXU-EK|F6Ua!}*$k*lSnQ7kBEONaQ4_xA<oIJ@APM)!k<>CtG
z`F4`!d^<~4yOyo|P=`*@s(kkEVxsSqCZD=bNAsO(IJfm)cs{|_0d<4W$7$BtKe(ZT
zO&5O~1@Jms?dtu-O1y_Li?`-7izjMMGmC3239fDLvwQ8*TlWB@wd2De#|n6HZF_Q^
z2-XRhnTUUi%nADz*-3dipyoB<<e`amnIC8iufvl4?AmwIk&~B!Jdw>$nU(n7h(l5n
z#D+1}NQclxA(goEBV-xzkAom0{y7<Qr6zj<On!EFFZ28vd#&cMTTAC1n~`uzEo0A^
z5@%-A43!If&uF41YN5aHbkN_8Z<!AtD|)g7bWM&9AhDdw_Q{4ODWWJ{1@D9Ir!3ss
z(?YmHlX<PqQ4g`#cy<|vl-YY+CQhSVD3f>M2ko2Uy3^yL2f_~_Q0;?q%ujUeMtrET
zpu5Pz_d$ML#fJL*D5Q1i{hxBO1_4|s7hr-?Y9aL*MhE+F!6w=mDxz1A7$p5oQnX-S
zCFCQG8k61Pymk(<6c$KCu8V>+8A5RWSbDM;?0G)*e48~_Tx28S(A)g+;&Yfheqc?0
z5t%w66DEHtq@2UIU=Xtz&+Fh575hbkASMcn*romxab`#h%Ha8T5~bFW=~MUr(9vE&
z8Ca)bJK*m^tK&l5dzAh!F@G)%6GO?q1}{7uCbMIw{|oIIfhNXVU@y}|cv_dcO7HD|
z2_}bPmwz=+@_<Orlzvvggvqyn*-h`FPvR2-z2o^D91=)=O4~=|&a=gHb{lSsO!=_=
z?Xm2S9UwzYhym-?wH-l+?1B$d<U{NJMMuh&ms5CH4Rp-$knqOk$&pAsn9>m5hg=4p
zL+|<eR>PD6#zAIU_%tNa)Xr?n1)4wsx5u_0gzVe^!h6t^jcMcqZMPdv8|X*squ|~R
z@m&q+)}rMTi?HFT|BH@-oi}pU>b&Ii%r5jQnnjRnO2*_Q0w939LL_ohG`TS+N&tLx
z&ONg1z@(9nCxjtL9ncDX#T!W@OSpyAqakraTTm0rpaDUV%C(Lv=djR*EaX(xI=x7O
zUB^8yh0o-{SyJp=qrkZ?QS-@#%m;{<Pai$_Tv3DT6D=PqR7Q4zOK_pfZDgmvU#qWe
zWG~@p8`;~b#*8=#{W8v{k&VPxB|K2mRV?X-s?}BKi<)1>N~ISTT*m9ONt%RM!&bl7
z-R*Q*V~bcF(l@P9bJ!d8N2G^$M;4pQE^b>^t2t=3al1cijm;jhhTYNny*?wmE;<mq
zel{De-9~G^>!&s@S+7rRRFe7r7dx1wviiq>Tdy&8n~t9~8?E*~ik5CF`RL+iq|@T9
ztsTYA0OyizUReU!;V#mY$|LHnDCw<cX%^SZTQ#F^i#!svmdv%67ff{8q@680AfNq|
zTg(m|zLHpty@Dd&flyETPUS3!cN<W<$RU7;S0-Y~gU*~{cfu3hfK!4!R{6}5=c%2@
zCc@7;$Sod3qdMo&z4WmS{v%&@z9g(jfY+lSq%+Xu)DXFApf5YZE?u8tZ|6&@>vL9=
z40Vm=Qtht!e4HM{u@BUE%O1D#vvTKcvXbQwTvgk=6F0At)ygj}y3C<V+GM!f+9jjD
ziO0RpsM+kbtf7UQWIVF4)g78Wv(syhdnRu6yX}5&FzmEPV`AZEf7mm7k8$WOeb}lI
z$vth=cs%@okwvY1!l<?^bHu3bEjnYg(gEw)Jit8Ht5gl62$>C%)Ji;+FybX7DzQ~M
z#<`4Uru3K1H}^5Y3m95}8LTdx6$KN(A4%_2u<8Bwhpr80hnQ$bv0qPQzwr2k$X-Wq
zLS$#$<9NXv8kSJdxF?E9D60Jh1|;yVtQL(>uxQrh44)C|3Or4di8s_sbR1&@9-+?;
z-1O#O&ec+Nc@;m)$X?)NsRA@w&1Ng<Q>p#J-6z=(GD}U;O)@oC@fhUHRlWyh=A2Ht
zRCX7*R7Q3Qf6BP>6=n65&f)X1sx-fre3#Ac8eKNE%GTqr`T2NxXHC|K5W5z3s5@6q
z<6fFz9g+k;oCHPaqNRE*ZVPpt`<mi7m-$@Sz9OzgToW>m9ET!~e;heXxWJ042RlqA
zyhl?U$P{v#5y_8@NRDJ9x~CEP7v#RdZkXK6?3@$Ib$KqTPj74tmYSO06}CPU@sCAa
z0<V36DEG*l_}C(xjpH_3n3lKFbZlWC5XtGKFQvHq>h;J@pRd|{fF~C5!+?YNoaO#2
zPxHgNrm-}ChQxbuK{eqi;l%V!+Pd*Mr?VX<gfhsd#*=DbAr=TK+sF--GBryYm0n(J
zbkqBMyfz=bWW&~>R?c_Dl-lLE2P-I*lZ}0#wlyBahbUZMpbHPQ`VsthGPvUjJa-~H
z?Y6@wNF;N*-*=eQ!-n7^n~Wqwnr|5*vPjsqC6JO|!^ti@e&2mDed`OmKfYYw1R?dw
zm+fR-2cRO-e9e>9iKOtC;F(X+Ew)4H?j8l~C70aBHB(pR;*NjhN+?ll2?a#2ZMAW8
zI2w`hpwq;iUUN9aX2<LeJMES^Y>o$=aeH7jTLY`pAND)LW@p%JwRYP>jQivEV2uh0
zK@?Ih%6~tVtXWe%z+cZI#}QcuGYdBMli?%88XV^mWE(JYWbl?=JcoEf@I6q5+=gWD
z%YgzH?DXTenI<rc55;X8Y8gCpUW${!I&%wygsh0Tp>K<`0%AJkiy#Rwj5W6pe8@7Q
zg=8!dt<<s=^3A}D)2eN-bDN#Szx^Rn7ebjTD|Lwm$YhgcS`nvfTt`#Zl6yFlxARdF
z4;M9lp8cSB2|Xz9a9&d&f80;(mdbTqfXDn6<F^D2LNvuUY`zuW+vUjxe_*?EP#fsj
zHR%lSgcvg>I)|YbtIuS%(8zbuZgaq&65ppjV%I*uOyjh&NS)%gD_Gl#y7gS?X6Lu$
zHDsNg-@{;vePW%679|DFL37Ydxj@D_;z9h(8CJd*Co21?M1Q;@0G2>$zt#7m(HFm*
zypQGRGq4;bEeVD*vOPT0LLRu(pZQTrxFZtcMq<dchw0x<helRo0%=AYCY|v#cgNYL
z@!SWH^HcrCmFz%<?unMmY_ZrELUTyb7}7u?U73JgYlr%B5pns)!xM(GfaXlDA1ysN
zQu)DkZ9;Zf9g3}ycr}a2EW-2JTZVoW$g_-ni{!^Vxn|bckWX(7siMH8YvN-!a<DJY
z!y2c(oe~l82p*H#2#ED0YnH~1J!FWVv@|GsmmqR-FRt7`@2HOq-Y6MHnH`lEm4$h6
z^H)s9tj_<EwJep7S+3dqT+AhEd+{lm^ZJ;p#pE&%(X;+bm6_r$$x@<-+AjH(twaQw
z+`nenE@*MdsZxsaqI7GNqtyv|aP^Y*;P_1bn%oMagK(baRV0K-y<c3GWWUr$=>yDm
z<z2xxb(}jHBPOjm1kR)EXK9G245JHXp)q&d=jO~o_89JX!Tu7<tZCnZllQ8b<y8#)
zgP<<%Rok7&-*(<4h5!t1tO<3k2@CrCAQiTl9<5jNYs+1ux$0&^Gv1;py;VpQ?mt-$
zk|u99&P+hF^ea)_h?-;ig|<izI8vAEB)!}qR6?q**x{hs1{b?=0@mEd!ifZCbK;t0
zN1MPK+Yck`)NL==c_X`17oDtoVqoSDW_ml%U!fXcQw9Yt(eY9^FSHzGas4hkza@xk
z9=wJ!CsgTvXTL1$X6)Xjt({h*-4Xs><(hYVwo==U&sH7(!V6iR%p8~SqWH^m%Uj0+
z)0Wr8L)TZ<I+eIf^xna%i`JMOp3m``i9KrmEA1=8(_^v%Vl9@`Ux5MUlpavm4Sj50
zAA69aFF21Jl546x=AR(>BJ$x)212fFkBL)4M3B5aZ1h;kBC#d=)}t!jzPKnkFETqB
zA<BaQ*$5NG!A>O3K08oJa%~q`w$BEDounL(TR?Jxem*-FXW~cd6M94Z8rPSII%4W~
zDX<sUff0|uvGkp#d#=HmgfKFv97P?R9;1MSkteQi?;{TW<od}a^Y)YXXFt|?`aj#N
z&v5W(ozEjLSILWPy>m_XIS0`?)t68rOP35D*c1xH3CT=U8PbzbuA_{39qOEA)#Ch`
zse6<<DMG^IGbHn_@+d+WGCnuuGOLR_D25lT5j$~nB#Rn^J8@}&_vnmT$7g4h=AQ4z
zXUKy`GB!;JAhwHUkrUd`7j%5K|4}qHTc7APtKs<Urt=X8*BAC*nk!7Z!)v<fpo8PX
zb2P)jHP6xuJ`xTA`8cG=b}jqHwj%5Z#S6$bXZs&ZRC`7(R`>~5FT`4gR<i;B+ZhNI
zfNBQ3<70QS&UW;&-EXy<qT=4;^}kot|FP9<?(OZgnjO{u-dg)FG0^_m@d-O?-$#BB
zrWQa`I?c?)?i;a}_!z*61G^E9YB;}CD3!vC`)9{N1MNEjMLZx}L}G>Xnz(2bK@7Kv
zJ#5<HeVJzd_t^#dHyS$>^VB+xOdJ1<2$&2!&J0GSrGDkMidOn$47vgw5-ISCJOrHR
z4W4T6N1nvS+Nh<wded1P3<pa;;Ci3<yHm_Amveq~z{1E{hW8!LLB%@hIksts&V7Q*
zKi*Yrskl(2ypCjaaBQ&__lwN^9HVP-P1^x4i&G70KH=<Qn_|}r6dtii5W;Q4zr@;#
z25AB`tx~TUgxI`}Q|5b~bI-5KdvtNSf7uWr)DG_)W-Y48Zo-SHo{3h@Jja$PtVP#M
z><TXxiI~8ho!6)Jm$!&bJ6Nea%w}Aw2W?+;PxvxjQbd8r3^PDs`XnSsc&OHxARAxX
z+K>s`Yz{(Tt<ocZ#fXa>_u#M3wO*Mn*Wv(Q(4Lry+ZwtO@U@K1DL8>CcOpgDM14Kx
z8lV}wet0`U9<Gam#txpS<=QJ@$blm+z0P~<TIaoLomcDpao73vAnnI4q*@K=XmnEY
zQ7`!@1*EkhQ1V`q#Y0rx$X1rO*>c_@BAd)D=654ot6H_1I~ZiF6JPO#EWO^e_dzkI
zFnG3gy;7~~J!R_-z%7bN9{@5^vk3RM)T#dI1zKYCq`)J*s{+=T7;dD5Shlt$yg}%g
z8!R#S)^V?75iuf;2(9V+XU8(Eg4~%rR4Yk_9amZ_su7g*L5O`pH0jeYbhJQ~(LKYI
z_+Bjg8H(J{24LfZKsDlS`l3scv@^8XNlBxyQ81(p4uT}MY&Bt2*pA^isnuxr8mJxr
zd_(+zt?pK%-T#Mxc)Sc*r!NE^)$|zg0sEjf8q$Ey{Z@l1Cl~btNmqn{G=TW<NnscM
z^kRqdZf^Tq^V=UpfiP8+>Vs&8Fc@>??P9nnZcx5Y1_4TZF3S{Jn}R$c`k5p2H(+S4
z!&%MAlDOJm5%V~dUPoS>6iUj}wmYU;BGPx)(THGcCe#ArEv_=zPBku@Or)rBoT;CE
zOo(@=+!~eRK<1eFnGjDnD#@3T3Yif~)!U?ht+>4oF_}^KLVDXID}<2O(iM9A?FIGl
zYN8S0gP0}F`hPoMMc?7aKzfLTYYWh1$&$cN=R8h${S(1XIQ{Fr?OOYm<>!p~l)oWQ
zAIJ=&r)OY2V<p$Q_mGxM8(;yECPPlEqbNJx3L$^5)ogcrZ<Qs9$u~Mtfy_7i_P4#g
zKXP8~#V<F|`}^4a4E&m<{gBU?(>^8kWO`@^CcPnki4AqqMlSngM14*w0xT*5e#8o`
zOu;@G`y`m=c}DIE0{c(G*Dx;XZJ=7ODrL8o1G&nOC{s}M${xuSt~0_NT1#u`PTDB-
zZMM7;$i1K#5p7nkWg@4<7@Ne{Ge|gXrdhyF+T4}6L`~(|T)H&Xvg9m6BfrQz1n^ur
z-UP(8*n1y*97c9XqX6xnpA}Wv=dN?bOHib!m68ItSBdFQg#8QN_{%9<Ce*QXzA;vy
z<dqNA3y{Mk!32;k)yrp+-i0Dnjt0s91pyz*7b~xD-B_5i#hWIPKHSEhA@{CPGn_up
z89brB9ZqM)p5fETwXS?RvR$KQNN$D1M;<rf|0a^~#fwQ^9h!>`Olzuj4ZS@n*Bx04
zD>(6*@H-L8`jEy?<9eBx2u`^SqW;g}8QS+C8ja1iFoAN`@Vz)p@0~?~vWs29|8sb@
zU6aDkJ66E^vme<IPkby*079x_(oCcXp)~2v^6eYqzYP$<zH=WZ;=|!|y9N>v3Bo!V
zkJ<J5j@2sa0~I=}Gtq6zt}(Eji|9lFMC?$w0VM|3>1Vt!R-9R|clMJO=$z^rs)FP^
z>UHT(SSRmM{Kci_)SP(0Ev(wM=e`3{LnxTvg-^LfTuHMg*Ma7}#<|_4=}mLD8r7YC
zT~)cAT`GG>>qHGX1P9@jfRr^R3R!fPJ0y~BqIhA;1E^oLW7zuT?o@F13*;@u0*Wx8
zVU^*W56cv5(yTTF^G2Yi9Er!&zs0^4J0I|D8nQDSgYb#bJ?PZyvL`a!AZVa7HfG=>
z!u{ASDzXm+%HK}++~CnrekN=&Z)y;#^8wn^26OQsuIReVYLgSVhYtDQa%vpiqgzf2
zmtBduyA{%5WrGi7mTUeL;J=E5<jx0)_WOjNNrFOYL~n?kw+7mG<NO-nmCNm|GW;qa
zq88;)UQl!c{b;+SJ`wpLga@SDi`bmn<c7PV@i3J9{U}Gl#Ll@WTKUfuf(lrO@^y5k
zU(<AQaUX<a2F{~%a{BVS7DTGa1V&(t0{D{8AuDW#Cl0yEu?xl*oOs2gZUBzIA=`9Q
zdB=&2OpCFi@Mn<k2ew5_EPRM(rE^)uagq5Y75PyZd9g9vF_3>2HfGqn2yqx3iAa$c
zoItv^IJpovJ9+hMP^O|8_B8uGSGV}syk@{&$Y78P-Wp}=I?l~XwVTdLCGpUd-Xb~<
zi5u4pO3(;$F~BLqN>%lAdUw6f2OJW%Lzh7FanvU|-M{Sgc24&%dmS{9C1p!5F?HuZ
z9t_&8Ze4g(gV%!_II-%{r4|7rW2xW)u+xKGdO7nsXk25{xfY|Hzz{JlqVU>`LVD)Y
z5H_zLo?~~S+=`hLE1m(^<iGM>aFO_c0olR_Cn*n2nR;N}6rI*D^!pISuGDg8%APf_
z#^slB1Cqz?!SUfazmCi)<p(CeVUtXM5PiwdTmj)EQd5rcV=Ycxck~1ci6&F4xE;tA
zD;4#eW;BRwn6(=C-xD8?oO{VOS>wh=_5oO9r20T_8|dSC%i<jGiA?6IPkZP$qcv<d
zTD?J|)oAXtJ4Ou|?PjyJx3|;l7=NJDXyz=0JhEgDj3R0vl(ok8uHY)T@(CzGtSf#O
z*<*-Bn{quO@up-(eC&vu3Yc9(aVaI*lU#gx%<3^KGuLqgy*gNhL`s$b^e`f+n63&7
zQgvlkZn2=r6+Ixp#d}O>eG)4~0^J2Qous|<ijEm!j~C~3ZZm|XDp_O$oq{6#DAPv{
zKh&X=ZRVm2OWXqKE`vc0gm(=lJd7DgsUBe?^LrAsLD|BKb(*~8I}-9mJdd2Kn1_(?
z#FC-4vSiz}!_q98qH*%OR3Yo3(o}_)VA4#rXFJ)T5v5@e`q=x?PBTdFgfmZmtzK(b
znV;&RJtI8KK2eyE@s-!NqFZ)|7I&t;;Rccr&*196_3bc>WkG(ou^uP2zN#PP)+<ak
zd*8;6{TFXmQGq20@6<HRp}9*ISeD#Qm7Jxt%PVl1veLzri5VYQ{ZXf7c1+yq4tmXY
zw=>!`TSL-rwp-0kuT92-VW&SFje5JgEvwh>HO&s`HHTKO+Zwfp<{D$h!7dkh^}zIP
zFI2JPX18PZiAC_JKekB6!o30M4zX$NwuX4r?%;8|(>8a<1;OR<`qIM6)ex<X)J#pq
z)3TeXjy#0iEFL0{TIof!Jnhw@;^wE{#-6wD&!~UqQ+A#hdtYTF&u16peV14wr-$Nn
zk|m`M=_MM`NL8C^R89*7U`l+%m7cLx=u5gWoI5AalRIvkPlAwosRnp72ru})01iOU
zC-Fa_E%H0?LJ2^>5mMn4Z2v{nbG1<UHbd_`Ul60yfDKjvhs$=lQ4b|6lV`M?lGKb8
z@JSldGz@8Bya+OGH)lr8n2{MjL|V<}M_ViiRe^GG5T5k^72B9gZ^(ppYlr)h*Ht^~
z@%-&1yRuw{SZrCw-fzamKQFF6emeYoa%9wu)1%9){lkyPr$!AP=zl->>HO2DOYx7h
z%k%w%Bgibv1P$9E6V0R)5b&`2<jJ@_10V)F`<sS}j|)8WDok&v0+KX+0@Hg+oZd^X
zTlrnlx|PpYTDJvsJzov!5n}8aM|U<`VBd;4e6*_N87)WSNr-$@cjhwe6qDz~XJKB>
ztJnuW7X}+}vxK%p!fYMMD8s{u9RU}rGsm37iT`|bN6d&T7k>N7!#?Fr%lUs4;Q;%m
zO@#(z2Ya5e7f;Z)Z#6?Q68#LB9`YFojBmosl?U0C15mQV>w)a)I?5w=`N?*&T^0_e
zBZ_@%Av0{+iVUM{>=_dukFkrdR7r+-_6v3*wn|zC52uA_W6h=O1OE_dO~@NYQ9fvu
z?HL%lv@f`<B_viZezA?pJs%Q#M9a!AirkqJXI2L$+h8a33E>&|#Sh}8H$s0}A5*`s
zk5*z7-5@XIlbg9tFN7IckIhuw<Hy_iLt<tvHvrtGVrStWb^fz*Mv6WC7x`gmN@Uec
zlg>QqLY`!~BZaY1E0<e&J{;t$ZM(Cy-j<DrqN18$f5c=6lR6Gp)}+g4lFGh6nJcDb
z+by-(*q=n)%OI!N1tMCy)H#w`vfQ6&0O|J@%WCN=rs7LZ2AErTSurqObXFS7D|dw=
z)1_%FEIF&~C+(^9|4n=@H7G?3s+GT@l;UOKijr^sM6e%@2oCd7s2jUYS&e+0sAVcY
zPWL`fB*u<C!XpgqD~BoZ*cvo(f6z6XWYFx7&3<#x?sf3)*c`QnBhqPhTCL8w*BXwk
zez#{?-FB-p?wHu>;`X357!Hh@fp3F!sh$3~i$`X6jJxeYr{A`AyUn4w+Zqn7KE|UK
zX|<b!-QDr1H?YQ?ZkOziI-P!R*y`;Ly2DnFmHJoYlXSW5!Jv)txVdZYw!7^v9u8ZB
z)~Ihbd)-lcG-?ga<}MlGUa#F7oBiD$CL^-j8(70;f7t4F+D6TQoHw?aF1bhA!*-X9
zJAK?T`#sVc?3$gyc-XZ%CTUu`9o!;aGUyE2-S&9cYIgcPbC<MQCTS6K*jZ;n5rqtD
zMi7n1_8mu-Wr*g|J4Dk6s1?G%(sHMz;NSuc)WYSxHibjFFHfs?Q2lv`-XW(8L8kOg
zV^*Krw#Oz`pI`Y);#JpsvZQ{g)UuhYWGW@>mZ-+_=~$X7lP3k3%h*+$3aN%qWWHYA
ziFmG{!Yf*=2<N4jEY3@iuJxL|)|{p)r~3H?KUht)pm;hX;gm#$&a~WE?EwqWaM;^b
zTx%b>;{|A3770<(r4y7(fl)L5MMoz>uriVaMl%xnws}tAH`|>k)4QMkiOZ%j&7|xI
zFCl*o2nk9Hap8<VA=;6j6^u_K+3n>dU2MVnzep5Oc4pEwFJ83LvM79G0^$FqI8nlB
zV!#g057mjF4xe{=@=i^tjK5P2&;4!W&=D6jMa*8_TXoa7c0?;}chWGaPiVmExe|R)
zUAV_HXS?hW+4(>^4{8Lak3Aw6O`~iLaslUTNA*ZdJga3rGhc$9XRRwOvlnykK(TM)
z{VBFrth8TGYyA1`IA2fwKAF)Qpv<|HeBNn^?i^l`Dh>dtplRgpimBK@0Rg7?h9E2)
z5$@%;3}Fgxl}5T5>5L;O_cQfENWnK-_BGwPINMXYf@0#FbQ#Z}`;XgMGEGV@wpc1z
zimGyP_N#{joq&XFjS0oTMTo;FZ>e37kc%lMb-7kT#^32cF{J1%jL2J|I|r9(98ed%
z<tyzt`0Tw^n)gL(GBX}wVn3*@7ce}6*&@j78Td<rH#ZK~Rsa}{q7Whw)E<C)O86!P
zeAr-9jR=H~s}EyaL8@$4n$8%0aH?`M`{{07+up(XA#mg*eWqf5@@w1U*P|)lS_rAu
zV<1Ua@l19Styk;JcQAJVBUdm?ol)yo9GX)SU+9^Tp;lMF(Q7~g$ls~KMg-R_do1FO
zvCp&E$D$egg{>J$YBiGkps~17KH+iCc{c=qBI;VQs%4WtTtxna7<)#$`~MlWOcn^E
z+x-8GxtSo+vyo@g@@8Q)FUBz=H{o!KK3;y-A{@c1(6!L<!N)T+_VGmdywzPoEQn$j
z)Dlz+f9Ip~5Tyu@sZ?k1^5Su}fG2Udh^uWB)cd$T7Eph&e+4(X92_5>e`FgXLq;ud
zS>9_v0_zB$V^A<FMiHT_;i@sQOO6lEl}}?sq|6EeTSdjN@_;lvFdACZ1cN?XW_e86
za6u>mnh&;!>F^*mL`b!05r}Xk(!@pLq9J-M*poL-4PoaN-}5MAmq7OSa<1tTcI@yv
zc5FBF>CPMeuew$vaAb=)Siim`jzC^nN0KfgqZer|p%>8#^U2t;C(|PLQn0H(u1)=V
z5Y)LfT?CY@#g?u*mhR?ytm$#_<?ZO|o9$Ga7B2^hBYjdA)yB2GORy=6^k<nWN|-9+
zKFu*wriv_UNQ}$Qnh<k~T&lE8L9aOvQFbk82BLTf)|UuZ4ffL-Z{n^z1gIohA7l&O
zG{epO#yz&>W<l*Q$#j$G%97xeD|5AlliplwG2JAWW~Pd@IJ3^}1(PG~m_b6sB^(k5
z-)DqEkO_YT?~+^OP<H}kG7eGGsi%(fh(D(OOa|`q$g`MRqOb)892VUY6c(zaf_jQI
zbMX*8gHA4P;=?s$bC0@^u=#*iX~_VyvVRgqYG0uV`%HvBr!I!WSRu+FdWwKaYXlwt
zX}Q6fPY$p-&0Epnw-izczv1p=U+Q)783RytlYRJw2l0e7TfsUMMRCWTNktTQXhmPz
zxCgn42UYwHc5L?i;Pfm{RjS35-V(Xdg)AmN6*-Ayid`s4W{?Cd8Z&0;oC$Fb8bt&N
zzk>o5PA-O{m<TIV14}w5nSwZ0%c`lGVYwjIWZ~5!{0hywaW*?h?=5UM#@=rREaJN9
z+I3J_@N7tRCce~dPi9A|JEQsxdqJJ`r_O{S>8NS^k+u5HWa$EMN*i)}Gi=DeF$qx-
ziy3>y-@dlKv5vy=CuP3hjH{~|3Gr3DW3D`EU9tUj1(Mw#3<~=b63W)FN5(hyvmXWF
z!TDhT+gL_$r$V@MEY~Hi)S9U*e_j&|;18bQFOWW5W=V|GB2HM139EZ-(T!PIBnLt?
z;^Y$nSL8tZ66&B#$>3DY--gn#BN>h87#Y}cL_Qany2RjFpd`tP_=?OaSQ-r`5%#eg
z5`I06AWDLDRNmmC{ep%uNbj?TnwVk>sSYT$P-0F4Cvs^^zC(GG@nT_ck^@HWJjHtg
z`Z5puSSZXe5}CQ){eyphHKr5-;`!uhKh{uP{A+|cQ;mrCjep%PtH7cowpe&9&b?fz
zJL!RXG(QSmQB?U(<oixMn#;r^drFj<+lP8bl&Rx!JtE4qAn666p~gqO%T{u*DAS$f
z6<L%cI;0Zk0VO(dW*mUAgPWW9lGl#58Fp@3e3J^C7c-->hWR6G7AISjcb&BT(lL_x
zhU)JjB4?k|OvprMDf%v`At^N$^C|9rDWX%%6Bo+~qooKH^NZ)*{O^c{I0GWN25|4I
zF~z>c{$w&7;IeB_h^L`jEYM^>=^Eb>j(ke4{gYSCWgH#)5|Je%39%cAcIVzD6Rrq+
za=BT!u&6XVWgJ;_o8wYmEP}W`Yw!vq*Cmcl!pEt5>XPanSQy!ch8N{84Rn^UwFw3~
z!+<{o`w#mo{|wp?m|;3<HHXFM;^6X3;b6YOe&M)ImQmumhC)=5htp4&M|<cX@_pil
z&V4QM7+I8XtS5i)2?NEfr<`7gogtAE+EYlL&BrsP>S*ZE#tq1+aB&})q4Vj6_yDn!
zsJm3KF&N>sa$`#@R8S9~hB{SMd`TH(7q^tJDw%dGZr{OApMGU+`}z3fBo!yk{(ipy
zt5GwK&kn9mJ{|llnysR$)15m%y7=_@{D3_=+&{Sb^vlut`SBt9=Z~L$Jv};SuN_@}
zI6mZm`FwoH`+kty_oNkinZ7y%yL`7@g#2WWJDiRLU)-5_O=LCIWzt+$*YYz1fo}&~
zB3WtW<Tnk9t(#D8sYb=&?zzWP<O)rPC8((!awBNR#dkq&vB{A6)TuBhdLB-QBc9M?
zMF#}|HTF$Yn*3DV2Qtp{Z2&3q?$MtSb|7Di<O4*9WNf=6Rf-TA$9k-2(8#M!X6Bla
zU}_RSoDg?W>@ghl>|^P6pP#onF1L<7o3m-vA<7Ih37`03Ah@oxEs!aufM-lSZK!e@
zp%VbP8H2i0YW-mP)crqnl-t8;G#WW%t)1gV=Jw{NL~U9}_%}<nygU_>1=LJr=20K}
z_ab{mj%=5(j@C`b-m!xqBEe2;ci4kOGm_?u-PA&xaBy-Ax03rdL;{5ZoZgRF5`bl(
zhQevYWzSpcUt^%>ZJ?hR5El9i4EZ6s{4Y55f`~MD`fj#E)c8v$msq_7>2yfk-5}<Q
zYoJfzl=!!HKp+LkJt$ag?m^K|V<d{?j-VD|K#A*GStD4H!1XBm9rJx1UT{+xb^?&0
z#cSG>oznN5&-I)H9(98hs__Y1aw!*=+bIqOv=!gPS{KgC$x{(iA7Lf%%REVfJ~n6|
zSvXI?$p#)&bJq+PIsy9MKcH@-)vU4K9C}N9_2ibIF?O7hNOojcKJ|<|AXP`a3iM9s
zd$xgZ*QXvI0*4T9e;gA37|7AGYxIyx|5=q~3a)sbp-yD&g!3A%DuL)e2V@+9)XmN?
zhlIpoD_bbW<9t=f4rP89>dBuuCvS*-m03xwT=vTtn_-|*DXC160X45lc=CQJ_EGo-
zv5&M8%4l$sA9Avj#ccN7LitPbrGR+UK&@sM-Jy1%m`h`iMG9+dif?Qh`9<>8yH>jy
z@T55CA85CU?$B<qoo#G^OxG?U(j{8VOTIBLKs*7a$_1>AT%^{xoQ22)?3Dp}XT|^<
zwgzNI*Ju<4WkPW8np2;;_Fv@ZL2$~Q*0L_{@mo2u6BJ$F1R<5gG~8B;4o=U|hXYv)
z1IJ_gZe9didTqfsl17~%iv*@`kGN3zrrm7z+o{6K(MhDr6<z}3)0(h8C6E}mFTt_Q
zp6+-)H5F?m4MG%9t~UnUqnh&tMIoqJ;p8RY!zT9HBN$H;`ka)(G)$}93=;#j6!8T?
z5&IkDVz<Nl!$_uLXf=o3nsE&-bH=xtVdD3ZYjJ1UwElp<W#WeEhenKpc&mI$!@7DF
z1>}O5K2g?|ni0UigZGN{A3P(|*+4E&E>d~W^o%U3uMHEYySr3J!BU9>((54Nn$#i|
zIy?F(4H^>Q9_%Alm_4>lI9Xjw(%zzLBI(@4oeL-k2ka=HQI~xhQY7({UW@=tqk93E
z_}LwUzyzQ@1|x$j(%31lJ(v2t6t0CJepu(~4_{ASs%i)QjMf5u7#r+Cj#8LQ3fPf@
z&_Ksyk$Fc1axlCSD%N({DWNyft7n%Pg$^Vep+Oq9dlbp;!9J@+er{!2o1R?#`WV9f
z@j-r@9QYgYA+of^W#Rikw=(N_9~fAR8-fn@6K%OBc?>-Iz$I48CX657+zT@HJY=7L
z$z;!CJHZD(EMB)7T#+-%wh~mUi3wwZsV}26^0!O+aJNHs?yEd{z>_b^f6Lqc7L9Gf
zafL*vBCosNfErINC-V~?>?2?1v;Z{cQe@Fv7uaO8!(5W!RZ#loj8#sNnKdV-f|nWk
z_o^tBoK4(v(z9xD9YwVLiMa<)81~}B>r;y;Z=gO01YsneGiXdO%o>hsjEhX(F*%O-
z!i_^uRvLhNn#K&x?^kfR6gecIP`+?4PcG{C7OP-4Jq@4DKp7i6=RWZvkfswzRl=k~
zdBwXEcG*D|N8g^rKW!K2dU-k&_BY5#%DTK3*CpQHXL4KO>gqE+G6DWE==9srx?le1
zWdF3rf9y2}E%=e0?>8iI)WCZ%n&P2QgvV)zMO8ixsYz3I(3?94^E^S9O6~5+H-(Q6
z10o5XJk$mwXw|3G6i<Wss(Ppi{x%Vv*!nkGI@T-^TGpN$R+d=Rd9Gc;{r`Z@JRI8G
zZ6ME{n)}|AI38>bKhS))z{f#&Y6;M6s`EkPrPHj3z{qd<HrQ7r5R1!Uhl=e+M5a7t
zM=<Q;v4ba4`I3lgaLKLoG2@H90luh2rX6_OYV_aM*dGJ_$M7u-$4yAQhH2*}Ox))l
z9h#embeH+%^5{(FIDqU8HO@E3YePn>(Gm#_5c^A;=QfBdTzFLkVukbdiH;<Z-8)wE
zHh2b1#JId0kq~c-02F#FwLLQ6k$Y8B6k_L^OU$-!ArJfEz21!g?ol~Yd~G-M28#x)
zI!da5<Fow1Y9TRHEp41;*j%~BkNXE&_6!&}_S<%<_PagxKZNf0wErdA5nSgq1j^*u
zJ3g{Ec*Lov;wc%Fi{D9A-0pT8^8Za<*DbcgAF2PdOz)YuK7Pd_8S&4b-yhY_&OiOn
zKkEnkr~BvsM79_5wc|%TJ{@}=!9F|63|2JIOvV{LjkH)SjP(wVToaNEC4C$}id<RX
zSuEtBF^$~VC`@NFJ47=Q1j40%MA(WvJ71`~-SHyF*=aXh?Oi?+#BqLh>8*Qg$w<ZJ
z@D(ede$7gdY<f1Ag#Keg{}bbIezbr1@u)Gg8WS4MJZG(SG@H$4uhW4)o6TnW&u*vL
z`j1wp-)!%;`|Zx|e>7XWyRG(rpypazQSe_BgxLR&=7Z}>ckYG!_w}oa2Sf(Y#5Se`
zTf{d|1AY6pwUzUN%tLHb_gCyQ3_j;&;Y9f!TNA=x%Xx_bi}`P0&-*1)($-c?20=aI
zO5J5Z$05LH?oh%6VX40cJ+6njN>dmx-N}|rjw-Wy-Pj^QQ8LMr)WB+)bdU<1LP2Cs
z5e~NWr<$3Px5X5xh7+W@BtSS6nOb*uI$C1-t&pJ|nXn?xzscGr&98An9g)h9{VCJF
z@}fcp^ssAf!8hu-VgS=mc1HqI)gAQH<>groP0r5_pw^%9_!>91w)O%1aHB0ZhM<s`
zQ<sxLnB420yg&O9Tz)w|gL7L+;==iU>sWbd1jxE~@ys?EsA3{Ae-TO<-G{{FX-b3!
zK2bO35ur2+wrmZi@Fb10FMBEr?(wHuqTAe%z+`d0NKC@N+zM%I%~K;@OHaj(9Z0b1
z(1~p}RL`gOWa`{+k@1+xZXyt6?2tQ#-5Xn5|M{D=wGbS#sbPTV#wNFaypy+=k8d0N
z24fIds2XxEGw>okq-LbZ7Iq*4QwI88$)X#cJK5gadh-UI`2_H6V232w+WNbumES{O
za`qv+$HhkEd+^KF-@!JyhraypAJA^2`2`C8AlPp&LhOgc+S<DG73&Ojfh<Ea09ZD|
zIHO3a%Xpx2tBYo~8?m-*ZSg2RRz3I$I^+6B0X2VSf-2gd;lHShj()yC|3)7uoj3%2
z`1uH;|4g5<BLVHRhg<*NtM6t0zx8kQ+kgHht5|02Ikol-2O;t0c+W&Rjo@ao9T!&U
zO+DeG74X5@xgG>{Ayw3cv2bS_K?{>TS0nh)244>XSQKk*Ydj?nZ63Z2)<2Z-B6(=@
zCQwoxD3I6R&cynC@JRj@`D<R5TU(#}nlP~c8QG8qlN*;+B$SMBNEluAwzj@}`Lgvl
z?&IqdkNa#3-Lz~Rd#E)|zAmc}Zzm2yRIe*?{vSZ_;9)3G-4@u`H5MrqB3489G!iy8
z&!IxIERJOn(IGyY0vFpBB;APPIDShVdgwz03StjW$nvAT-N?mL?2s3T;zDGfECye~
zOEvYPc0B(?9B*sua!Mdyw@e>0AtC5okUfSmVgC-oh|Me)FoSEDYZ8Pad3QJ^Tk;~i
zaIkp|$`+S6alZrhbKLRm2KtpP5B|{>1njUIfcgQ#Y{7HA=)|ET?v3JeDj8=+!G{E5
z{Q^28)YZc=LJBR<A3Lt_Nsh*I1Mp}5Pi&mA?XbgvN!&Xg4MJFib>iBM5e}vgtYd-v
z*Xr~;DfzG0Y3)|>-&6b-kPy`=BEC=V>~Kr`)3ZG?#<nB>?b65%NVv82h8x19w~_6l
z{a-K8(djXW5;abe;MmvPI)Ov<7T*To0``_2np<zs6k7<x>A=%`%Yz)!8z)prJPt4*
za3uRAh@5ci4H#2>>UlhyFhkWf6i_`3IAq%%oZ7gH8aq5@4c2smEQ;(<r0&M(E#y~X
zOZ_dHQhJR7n>(}F0kBcHB0|uQ+^shnqasg}JA?3EPORwo1Y7rL#DqiJwZpf9@Q{@f
zgtp^A&u<8_usZ?WzUm=Qi5uWCJA+NkB(s>n&ZS##kVQP=TEqq04+qcTlv}<qxAkH_
zOuGZ|JWp)E!hkqqF4ze58LP~>2TwBaf%n+KY0r29aZYmj4$|q{tluW)!Xie31aG^s
zWslKszaisq@8pct0}Qs3iBCLKKSFgAz1{!yqRytZe(=-&@#(+WKMy{go_^dv|C#^v
zcH2Pz`2#YV2KwWV|FsoPiMxdmLd2X>^!AWA1TLxMst_({mdt?37U03@G5Y1~0C`R{
zvE8>&NMXxv%CrpqJ1ziHzxiZqY;TE{QJ4JZ+gEXQB+h?b@wyWy29m$4UmE`ks9U~{
zx#xek-|e@$$@9P6?sO~t-;@0Jbqk@S|2Fyx+sAMqj2-<3|3czdcruD?Cp>nIJ=Chj
zzgjrN9B&$X$f(y<GOT*t&|c%}bYl-Zj<w&XKv$Li)i$YnKppC{GX2R2ziZY|yVa_p
zcDGwYt!=$%?n8nMJ&^dn(7pq1<=T7PjLBLo(|d_$-{8+bwh;QpUN^X_pvQf?kZ~yA
z*R6{R-^P%BTZYR*r3SHhW^=7~#>6Gzv1M>xApVPwz3C;T>^PPqYuF)?u4SmzYxZ`V
z!|t%v?G50mW4qUE!hZV${^?;CB0t5H$q6&CW8(k@F`ivM6~500_RV0}95>tg7~KlR
zE_-UWx@N1d21&kUj4+hQ9eTFZG6<$8#GQmw*5+p7carzIwraj+=O~UQ)ms<YZ0wA`
zeLcLmIy?XL@#ylWqt6%LvP}g48*aZ(mM<jI<cJ_-@XU$q*Kg|QZ(7aD?FYs^r#{Eg
z_XYg$!N-;jp}Hs@kBM(vXEZe<Y|Og)EU>cL+7EYn83-Bo?BAJIOl`{|?gjDfoDqki
z>-W^Z9Wnt|NxdETW|IC6#s*x0bDqrbUEZ&@oAYZhrMKCQ9?}pyId5~3O+Lu<)UjQ7
zs+R^o-r5#lf%>o7Zh@a%pvAK}Whh%v><6{Z4C*D1L?jpNi7G17AP<`)Z~4cZW0?s7
zMKfC>QJ_yh|2;c@KEr}OfsH$MXc)IQfC>MkuTa(Q#3F|ifql<UfSUg79^cvQSvy|-
z;&1V|1x39KLTp}VS{#Ig;q?>S&32wgpwDS5x$~f_K{R{k<B+@)x@>5Aa3#*E;0hMd
z*Xu!Wg+1?w--S2X??w%I)cWE7{ciltqt@@nx8GW`Keo3Sczowks|MbG&Nlix>NS%C
zF{b_uv&C*OXne&7H~EV6%>NN{3Q_$&R6FZORnFJ1P}#R{$x?hWhO5BXH|C7Fic(0e
zVb-`GeK@k@U7~(JClj%NQy*MR?Qxj>B7{rIID(-?|AmBgFYdJwstf9?zN4{Etn8i+
zfCMOUUcq+0l83wPTK0`?McB!n-0~f`7vl!piRGDqBVf8ob%&ilVpl^N{wz*Ny`6t9
zsq-giuixXldAlrLK-8Nhr(7f&O*Mf%pp*AFAep7a57^A>{DjT?taT;t65HffX4d_E
zcEYh^Px5XS`2B>3nL>35SSJQxF)ZSjpYg^VkMVe1!JhK4r}>z$C-K9oxMx`5o(lKy
zc}rgQw&T1f4!ymk@Z5G&N1+&ReKv~E)VQ9K<!l7Pn%V9<TZdS}Tjk31qAQVTV?~(7
z@Kvk%=m0A-+_})IVAA9;;G4+{9|m@c<qyOA^20F0cQ1SxGMiit!@-6C?Sr$==rcI2
zO1*o9v>%4F#dY)iICdf04yJ6*p1qw<hqq1YIM@qd`OX2uiJel27F#K_*zTmzVp>Vo
z&8#WFgRNdmgD_Hm`bT!Fe&C6{jm)m`>8+95-$MCf|CbL}H?|)}*twdK8TIe4M)x7C
zZ{tn3Ip}o~n%I3Forr$npP-NM3A{WWTEp>BfBED7{}h)^y4Y+c_UA`@msf6g(CPFm
zg)e#@$!D-&DfcpsSS<InE4inVdvf>tJTd5_?aqCDMX6}TVl!9Oa|uZ)K%95pmcYc@
zkBxs94fCqP(F^H*!M(W_!RUny!J_THaRO1YvFJTOmr5jhkVrI23?ixoqWSI2EdQrB
zKrj&RlK=up6KBd5@1H{Q6+nL$kBl@xAFKnQcjg0hwzBqvOW{Y9S$L0#-yw_51^3RX
zu>CV)`{xC|Imj>fjCxeu!(MtADE#F^ezQveqvdho3ml;NcTfHx9WF6QS@G%V2dV5(
z9G?~qMWLPPXhVSXxo9`y?M6X}!>EGN6_ozYpfm>RCo5Kf4@kR$&6@$6TfH^l=HXyI
zZmtyDuLJz%A9+fp9PjhQv9!s~%qbW|J>p)Ct&KoF1*5r&!Z-);ZBkEXw!4$?yGV9)
z3AJ#Je6&d&#W$0A9etRbvq>GD;k$VqJ=_q0{>dXQPZlkM%ouj5@cD!A`G(-$3ZGZ1
zZj=oleSh|&6vrcQ`V;(>#0_npry?XXWV@ylSv>Kkr056US;?$Ak~~@s<0VT6y_9sY
zFwC*l$~0rKc+l!EkPj-o`gbo{Y>Zxg<c+Up*vt46%<x@lttk2j(n|AuI(blW%fq#4
z?uuTw4j+a}zb=Y>-dBUR)m)S|7i8vQ-IjvaJ{LiV^KO&1&eQQ}&OB|r8RG&lQT^7o
z2uj1JN?2M&So+)FrZ|}XOu*5bCxF;%?e>b6^JZH-@;lQn>df~pcD-cb=||gfPz(?e
z9rFVLdqE9_cp@aD8TKG+@9P$gGNI6`$wtEkK1Z+6cJdg~Oj)U={feZPBr?15d=dna
zPf8%CvVJRR1he6sDdI3fawIBrvMzMe-Ytw27F#cJ?e$#iMyrvk>ybc8d$(1A6!G@+
z#)Y=}nKjBU$F8Pinim+le|EfjQ0R+7WUmoPWtPKW6(H4Z&j(UTC3EVy<S;AsV=>B_
z+7>yQdEtFNh35YyKFvN^RWF^somN9_+R0LBrC$cV!#9%z+a6E?Ut!NyHh-b$;yfTh
zG%L#jva>|7CXL*11x`P9%CSE^98MqI;o$36Ufs8E=<8Qj<Hqy*?VlY(ekSDLkhtbO
zdWS`<q)RQbT|w6edLcYNdMkjU-!aOpfY)XLudE7dHRQGXVB}R^!Sw*>mHx3pUKR2x
zwn10O>$^c-GkjN}t_pQksH;L<&!FyVcUA&j3&_MObyo$tUKZ$DQr-1Z(Gl8kc=QHI
zfD}|ZsYHVxijJsP;iC#4@!u<aREUo<TB#KQQvbmKsnSYS0BM5&(vn)K3LrfJK&n(n
z6*#KEQ3Z~k3LK@CN4u*e;A(Y;55`87@~FZ_8-$IXL3va|J_#e=y)qN`KYA>nq}BHA
z8+w<AoVGU{Ix*nHyMb6YDg{%r!4-z8FjR%1o?gMUB8Xaw)uaMZ6^Pn&5S32vUV*5W
z0iuFvh7?_7g`z4H^%_ys^M)wyW_ghT1@yIm@_7-8oGosNAVrh9A;$u7)b*U6J~d8T
z<H!~Te|9?auz)-+X4t>B=&fsH$Nc@-kJ$ka$z8ZwSZD&XR4Dy{D1ER9rDxX3O0fx@
zm*FP2iALb$a8@9F6_B1dGag0JIr7F=!F^z2$GNg1AG6VYFhZvu;Uzr*B3E^7eBi(v
zNe^2&$5p8NS=*V}1<$6t++a{-5!0SwK;-RLjg+$b%+;V$w}MI)RC+~FDeW&;L8WJd
zN^5eHYk#LONxRCL1*@#WPjlO;lU8mNfU1nY&+9<fSta3JtJAEoQf2ymE~xYb{&RD&
z(lUG(s6t@Rg1|KVrBjSeDs5Fobn%_)sw$}U%zkz&Vy!3iv#VfJ1)CmC#Z<wj7YduI
zAkPXmRj`TwSiz<>!=^zBHKi3)-S$eLX(=}R%mR7<{YBoh^~NWppH+!kzZ<+2Qt$d*
zw}$f6RWs~eQ7^cHi7x|)x~Z@P>|L=NQHMrP!G9sDg%E_71C(aiL)5Fhppp%)yr3$G
zR6(T2hDd|;K%}Jz!YYVVL8KQ2k@8ei6-0U#h*as1DtJ`EqY5595j<-3)`O3hO6#*u
zeDvrH7Zp7EZsAdy<DwKSqETql8TsLNV~lNQHJntzq(v|(h-Qe5Z{$}j78O)_olxn!
zp>^nHW6(IP7_{eIe<f%gu5W^nCX)NVW@?Am62;g}Eue*t`Q70vpmoq$2DDa=`Bf0(
zh6gb!yef{pD+TN%UY+me6`0f`HH6J40-;bJAW&ZA#>3AyF-BiAm0A_8SVb$oEOc7o
zq|L`k8L#>kfl@_`RRN{f1eBD$vjR#_0hB66hYBNA7^yOLK06*t>y3IVWs4lV3^M;s
zghQ2`a}({HMV|6G=qNW(aXwh$kVSx|ZM3seH9T^0nTnnOmPs&%6hhl@Sf-IXRF3!$
zL}gW^;tK7opx5^by)vq()v(vFBGam{*K5RHX&3wod%afdReAVVxU0fl{KpD+JvE1E
zZzT)hZ~;ZcraACePWp2JRQtIA)Z^#4k${HW5H}32{)|YJ&O*6aw!P9o=KY2MnIjlk
z<P($FH^i!xNr?tmzWA>a)_ga<`2B9CaDV_h1HwwK_&lp6a!Ghg{cB{qd^OqBU8i?`
z1uvf$UiMd^Z5_1MiY_alxHh2pnlx?cXwEV9Z?SK2P*|SkA_W&M+b2&26;)juuk8Af
zk1es#8Rm$qf`t!)g<b^<HxU+AaAdRKNXE*z5*}%_DnRmG0FwOk3^p}rIzF5qU0fv3
zGkKJ><{UShgl<OnAz6aNs}S9wzoS8gaPkn&rH{vB+pG}I!w}A>LO3q~;l#!4JN6Ah
z$o6hJ5b@E(-6n47OGtYIxzw#+9-P6O<DoSi5A)yb!5h6+#~SVyyn$pngJzG6`bBT)
zH5Qe3aEXW;vU4l0dxWj=xTC*&NE{LpEA=+-^=RB0HJf>Ft5*iY=D67|dL_}$xv%yL
zDm>{Ui?}wikWc=MNDvkjb<#&;b!h3Y_Q|N-v-DRvz%kyC=6Gl&M%d!*;iF2dCTZq8
zMSO)DZ#tbm8JR`~3K?&D?IGzVRtsPL>PhAxsSx$EAnLS&Z?FnKTz5eLX@#f13p_0k
zk6b|AUU&<ua@hPQp{VUR?}<ZiFDX2?-P9GWN8>J0&zj27kHv@fU6qw?TTWRSl<+KR
zuWVP!By2HzIGkRY)MabXyuO;4SK?01l}>^Xhf(mu@2vkfg#9wcGuyfU;dg^wo*=;Z
zG^8eVe)!$EJUGjWG+dhDpVfGItE*}g_CK_Oh?AMNT*0Pb5$HY-uVzR~4jj89@(1pH
z`GK3^yYFt`GKY>DxPzx&apLTHF+-PoU#a0ceCl=gLWeJV?WrL=+7M;V@!3rW9moj*
z0khKPJj^$HGxQ{tKBv;>RQjAspHt~`P?3dnC529_y?_Iw(&$tgol2v#Tv?Sy=cZR_
zbYA|Dz7mbj#tz)(Yjiet=w60KXVZu8WoUGIl}1NzaHY|yG&+?=2UQxKN~80-G&&g%
zooqIxG76nxrO>GqI+a4FQs_LYTZFhvE2Yj$9M)H&*xBg8+kEBDMi1Z1Q1HBjA$%E1
z9^Gx{RLE(SqNh^yREnNT(NigUDn-w0QuJh9cUIE$>@J{CuQWZCrl->MELT>g>B$(a
zD^1S}9@bZ)>DlPP+k8#WMi1Z1(Db~7A$%E{o?fNtsWd&$+Rn@dczR8b(qwd7!>*ZF
zJ+a2dYK?pC7b&%CnU0^8PFqOx%?C*HOXs2;u96RJ(4Q~MKO`Mm`NU?aAFI4(FG2pF
zce6hifuVq5ws(as%O^olfV%Ra6Yv#s{IvbM``FOw>sMaY#`6^JI}SB5LwWmhNGsS>
z!KUvEHd)ckyMi6=M_w2pCEmrRA%c6IUebax?;{Six`S4yX}(CP^#Tnf%jcL~2~+he
zPuTAQA8icW$<aE&+2fOdgyp%L^=zy@!4eGB5W66sAUg%C2GW?Z+TkxR1R@=Z@z)eg
zhtbSK=P>>iTB^{}_kflv^zzK;C8H2pDN}2+qS~#{i+J#O=p~(XH6Z?tZIVEyU0pTb
z#FJ-T-Ee4f!N(PS_ADG$nwy7Wkt(@rg+yc%D<o2gM6!C6RiMbA(xZGANF@I_Q+6iJ
zLn(57g3T!&Ipk_euoF(Nh->jSC=jsyV6RM>k6fz`@#>JO?q#@ZYDyw~>|AOsXBc~Q
zK&1~gwC>?Pl?8oIubYh>hWRUQ<Ffi6P}e19Xy4f3J^BgSUZKrO^Ht%^3U5BS=Bw3Q
z#csD-;mz*?Z$3XH(=}g~PrXD6d6mNShu=j4S%yfKQib^h2T!5};}vbZ7VOZcY~s+-
z#3w;erIfFfVc!opiHq46k>I9@cave~A9*CVKN-Di_4+l`>Nabr)oN{5o=N2q&Z9be
zXEbW7L7d@k1#!Lyh?9RPDh1ca1tHfT*Ayzfu5z$tF#xotaO<@c6@fu*Ek&{3In=~X
z-DT@>QE{1@WE1SSptHNejw21YJ~4@XL#&l8xlj&Zsv6>##WwmoN_f~l5~zimFYi6>
zjK=FOgt(icemkWWK}Rt56|Q|KuAMzUUaW9!rF45~O1G8#%~};C{VpKs25Q|#_aO<^
zu609yM}tc9maloc^znFXn-xNN7(y9Unzt8#P~u|tg+s|H<%gm1hTzd)cbL+_Y0u48
z*KGAG^;>zY^VI6MRlv@$H6QCF*%mU3@e!erPPtIQq-TUl`G=~mxf7>E5@BTYcX@BE
zuEkrTw9Ik)T<WQeX3C9b8|CbkycHJXxPp1gp=R9NJ{PQ|2h#p+aDVgnYc5k?X6HPy
z`mj<QR{nag6PTOS4LL@Nxn7en_*vP)3UO&Gg-hF=6fVu^;96O$Fd$Do-F_BU$sIJq
z{<TGKT_bxyoKeR%?~Tm94ar?-<PLhFG?Y(rpXE<kg5;i;XK1AQnPI3Tr=0qpK}+1~
zX4<h>aOze{;!66-J2?`!%t{^saBwUtCUaG7f)3k*Bl*hdm$k9ikRLe&xQ1D;mG=6v
zL2%w6uNu*_o&iwz%9D+Os`251&-#WzI%z!FD98#oTpG$n9+hzPAmPX-f4&H-#fG#q
zv-~T+ithw5XKf8DLFU~B%+3{LejSi`voPu0Xr|-SWgIKIRX9^os5J~3Vq+bkV;5X2
zDtJ-_GrfLr5*PCk-yx6qKo)^KpPD2HY<F^L!@4ovkaoxFw9^h2>Wjz=LZ9H7dS5Ux
z*Ah2mk%T2qD*m+bcTJ-5upf{s;``JOemA~t8~J%Y;WflxE2FhcTz(Y<dvc{^ySV}a
z8+PU+url5rg~>HG%-LgZf{o<ZRM>49XOE&YE^$b&p!h644If(add|&<wjy!DE-EZ@
zpDl#ai39mjBC0%}-rZlxnYr?b=iFZf#H6kjTm_}v9MU0Gfk{2GjdoB*gE+4)K=Uit
zwlZip9-5f*>sM$&DKuZOnsVHUR#&#Bm-v(UpcHR~jf-MCV+#@aB=D#k5X3$}@Ahvd
z+m(3pK-ZM#7aA(zrqaA_Htf%8URT2Xt=0nIU#VVS2YlZ^)oW2m+j6ScDyFSWOq<ZW
zRzYo5P}}zdQqtF$@ut@qHBJ3=FhF92XG3gu2H414W_kICdH0PsJz_OU<-m!`gQ6!*
zGu&#gVvTM!D@^oVV50o<Q>o=<3z(;7YhsLAS2_4*g7|TkC~XCW<P6`fsie3~bMAxZ
zK%_I<O(4?Hw<i<g2U2OqIkT=z>^N6e<YTtjA4{dVRNc>{;w%Y_Gi!NO6=pRzYo8l-
zZ{^R;l97zn+^m1!r0<%I^E2i_Rp^qBIXV>MTS=0yU)jA8By*Xy{~G;xDqowIrgUFL
z!0atZTUt5WRFbLq@0B==q*3Gd?l7_hBgZ1wkOyG*wfTo6M`sh9L^j3#lItY$5#Lo#
zBHsaSuIw+em=T4$CXWt-@Q@I|&s}Ub6U)kWwWrN~x1IRZr7o#Z@^ho)UJ4{<j4->a
zIHv3_V9|IO{b1@uS`{Ow59i$DF0d`~tAMqs^RYtDuhiEi39w{Z)GOkSsc(`Qal@-1
z#9>rEqpSAm^7v|+E7HOF8iY7!N2Gk4TMtfC5x0Khvr`<&B({i8AJQ6+_^g!$Zy6bS
zL(p4hjjV{@^m*iGnfj%oru&ZIopi4m^{o*e<+#xJlM#M57}ij0w_QX1UJW%H-OhHN
zOHF&+?RQD#QnMLguD2F2*J?KBqq)kX=5-*i{3CN?J!&#X=W}_YBvh3?;oi`jmF|CS
zo*gfsuWR#^cmaKV0iFk-Lp_(HS7}Zw=I8GXUUTw&>C*%_+3F2;lTPVlu^Wvyy;jE>
z?xt{f^7H&xghv(khwt@wo9z@tPZrW0bUOWh`W3y9u}QFrD>Ppo&9~Qx=1Vv*tcd5^
z6`rr~d>K5iPJ=b!`n8tFPs~I~n@Xr$(qDbG48~8Bt+;UZ9??g9lgC3|>+{EC{l3|o
zJSI8_SuB;TXFT8(*wFFFIib`@9Bztymh=oikK9T|tI~RZR}z|x6dt$DVbZ-t+7L4?
z-Pw1{DRw8zcz;*Y(=&$`@2=wgJ?PGtoi@U=<te<sE1_#O=kLUcvPgJTy<>DGZPczC
zyW@21q+{E5I<{@wwr$%^$F^<TE4EJF@9cf{*+14?HEPrt^`mM$HJ@wV_nhkF3f5^7
zCh{C@rbm(SKmE)ENT-147TO!_d9*tInjZW#&`fB|3st{n>0TNSg_<R2K7(UK*WYm0
zcp4239Wa5BWrd!_{LzG2ka8*?S6@rHRrFi1>DGAc*R3amRjPRYVgOavx_YM8=xS<R
zFAiH}<63r3XJ0u1vkEOmA4QSRj<c#)aPh@Ii^?gCj{H#0omukbZVEZjkE#656lfF^
zH7_Ojlt4PKSX`5>oSyElnYKXPSAH6X;kM5C<L>VDgetjHiP_z8Hx`Y%y0}Fxb|WSa
zY-{6-FGkqe_UR2A^QGnONh@00zm)vvLD@p^?|BH$`=I(j0uXCGUk;Y%Z=!J(82Nu(
z6vFBDai>O)Zhn~W9rt-jn*vOix|$Cvd{B%6Z=xm_A%`+`f9Wy@%mSCXe=}TRy3CJE
zNhv`hppTKRDKAbm8P==KYX@fjEr#=%x|?jYv?+B#oDYvRRrM8J{be26X~`Ngg*C6-
z9>G0qTA2o=VhIl;gaaYjH32L^dk8jl?)!Dar7I!wdclFZ1!sL-a`Qaq32|0PXZ8^?
zWfw8H-i)gt|E8SeQ;Sfkl6EGdSAwGrpv)^@s*qC*&d?#Uz)~qY3(hOi56*aiP%S%q
zEG%hFWB8XHKu-T;CYC-PI%S{WMI0urs6gn->CMRKm{W1>I?~k#usPaQ!^*zm1<Izu
zXJ6JH>ZxbSik(sc);+VUch*=_9aO!##@0Q`EoLwV=i)~e+kz3$y`xTdWVR7ZxzR#I
zPdcGnwT9S?zs(MlPzTSG__0;q9g_BCnhi|^+0x}aysX8qPe7gTgsIp7DK!3cHmZ@D
zoOKboyMZ&#kgXd6IQH3Y{#1}U)P)9UZ?IcXK89OXO-Pr7G*mYtMk<-@Tf#NbR5lj%
zl9GEhT3GO_cr=r~{{(W>?}a^9AZ|5UOg6dcfS3O4WsJfnQQk~t^A03cT5rwHfJ70-
zRD>eJ=H)x30!f)NMBw4CGI1h4R=`qNg^imKX|2V%a^dN{`KB$qteC-EbuK157A4th
zapl+^$`25~2?3V&mcE1kKuaZZG~#)Zpja!F!5UbhGHiZzm?XOtP9l5$j@GYj27$Vw
z6Ysc%THZ8OBv+B=qB=u4x{Yf!I6Ruua6|etPPjawXCQfjIrYNbeOGAA93`9i%-UBK
z4%27Xr*tF^<}otjMQDYbFTb6!-s*PqG119rtO_%~;{P0pRz!pXW<Vx(m<SS7uCwrK
zb?Z1Uwdf&T7m6zxeG#<w)Y(Y!*GW?z)U}G_3iGD7LGgv8TML_;U?*2IjRW(2|NBv$
z-TBCP?Jb90gDiIdlPl-<BjUVtI4avhsGg<!HaDu~MBufvpQSq?Ir=0)Ms>d=Sh`!w
z9K1&NaB_N_Tej@(F*KTW_qk>?GiOwa6G|Ds-4_w%%?Wc<G;r_Cc7G{o&rW;;7dCA_
zp|T?$HF^H!7Y7#74k;ltA{PW1k++t~bq(G>?X!{<nC17#UJsY62c|1>B#TAOh-xP1
zMOrD!;=o5G`OCQ<Hma?A7xb{C60c-k)Hp=!x5JE27MNBt@U)HgbV&snI>>S@f-`@2
z<7&Fr@Pj2UM-6>F*t2+nH;<OQ-$S~6j9F~B0Yf>sh~FVE;!&I)WQlEUixmbLc+jA>
zNmwr(jvr-ut0sMQIN4_w>{jJ**D#^s`4x7n5C?Tm$1^aY-gN9%A=i{}D*AQTsDa8R
z7tVrpeMC?xb3u<>RD^ZKlgn*TR-~1W2|!gzmZrutKJGx5_60GNQ6#>bh*1y2gE1(1
zt^&+LtM)*Dz|myhcpFxf#3i`P;uQXMkBCXC8!tu3l|Sp1J&=r76xYvtI4PqkB?!H1
z<RNdaQ9%?9u8xxFA9kpk2r>lZ01=s^^$-*(0T;uN^Vo7x<vnovE7&5*jh7`sTq)Zr
z^mM_=Xc&?V7GgY7GBcz9YSv}IQrIq3Jq&5pw>$bDh?5Z*KKdh${n^FqO&NZ7_r+M7
ze@_?M%M^3f5W+DK$oi$YiTI`HKy=*GS+QH5HeMhnf&o8W&&>n^;r4yxIWq8}X;thh
zfTvQnKD63VRH|wq(K#O<6vH6q!ytBX@`G7dAj*HdM}(cOc9ql1Z$?I-+A*!G=NGJm
zN2EMUVZo_@h`@3WP{{>R%0280#DfSR$f1PCQduPpi3)1|u(JY5Ri%8QuRKAKwYQuB
zNOKXjCcoCa0Fkl)ky?b`%HstrRFRb8N&*Ei$l;J^B;(7^a7r=*$qmD7E4>{W+cfX#
z3&S%fpl%|gr)V7Nrf%tsqh%O~z!fihuJI>lNkJ`(J-mf6*4uP0y}#+9K5-v2WW$12
zQ^v&vu!S;nasLAQQy$*))SdES-_6BdPZ7+sc?Spuys(&cp8Yg8Bf1FIM+!Bg`^lUo
z6Hdf(ic|SB4)T|3Td&wa4ULy%D*daL10Jr?Ml1N2BO%q%IyDeFEButft8!Yi(dsJv
zmJ&fKo9-&MHnqW3S*Wy>_bOImDyK2LDrOfW%+8}U{ujumgnJyPR}$rDCJM8t^|#IY
zADnH5=qy>y4Os>wk}M=|^+JiE+*fuDDXM&GGQccceN4GqqTI%&ynEanm<hYTv--{F
zX}i86T5|>ayfKn1sD0Mq&%3&6BHrJ<_KZkiZbP;UO5*(nc(9*PZm9m-rbJT?<eKrh
zmYZ8bxnz{d5EO<EtyIoTTm86_amc6Pbw64kox=lZi_>X;Bg*4=bG(<##x}sV^>2U;
zeuvxM>&KVifQQrDhSbZjFoH8^k2oTL^EfGx6}qy!c^b1}GeU?HYL~;_&k=+|(g7ft
zp1M>t`TFm=6AFQ>kQx;$j{3|?EbimjIWQmLBz>ZDfKA1SSA~lR&{=vGUhIJUzf$g)
zKlV@@F^qM4!D;r9jJ&GQ6Em#+7*u_x*JwDe`p9|Nb&|vB$+sTKa^?v^II3PH5<3%w
z<nII0UdA|}K-aNgbLKpZiM4zY)kNc~whiHc!<?8|<9c$gfm=wd9BJa7f|C$@wb}Ys
zLdOTBk}dhW{KrC7Xmy87|9r$(t-A)ncZY1cBi^<8K^}4UAmNfvUO1szWWi<rZTCD^
z-b)(hz!3I+E%~~FgzkNP(Yzcgkko*=X-TG3Fxag647SPQ&NQ%<{1(e-0^)ywtFXUP
zw3$X6I1&*C-^T67M>{FQ1Ubs+%dj;N=J<9PoXTiNag`ssVYyU8wl^e&gtleEJ?Qa~
z#~vG_n6W6IvlHIvhTqZ!{GZJ^_1yxD|Jd(2t)=d2H+-EK-H)v`dR#C08n(mOQsAzC
zjzL65deVJhtBjF`HdQVoS}r55RNAqh@Kq%9PyDxZ7g9HqJ|#%99+3f-fZW(k$ZMq1
zRn<mA)(Z|<pFIJ_S4AEk*<i_1`=uAa8(+lTN(j5K)!)xK;W>`<n%BEDF8|wgKg4PF
zV0%R#%g@O8Q!MMIjjN~S;gFA>EgSSN-D{VPt!qx~nT@SSz&&92&GpL0_0#=?Yqq=3
z?Z-z!4}a!*rP-p4v#EMV{I3$7g1fS%hNy`_|6?Z`aIey_WaIpW8~+FX3l|wb1UQ`^
z2h(Ra6#C%&BeW1nB#LFKFlik#6z6?JJe(p$jEP)uaXUVjj|~_vAjKepMk1<OI;dF=
z43ZG0cS%{D6I-2t&%y+sh0KDA<!>OXV~_wryEgKgaNf7i<Hn|`j;4&lR~lLDWYTjq
z-1kSDk9dI|E1sVIQYReVejM@o^9Z8Y>pd{}lMEWoZ%TA(SxqV5^#~<DOUp_3&1VTz
zLif>2Sv@eZHVSDfWDxSxcVqB$<zv3+B;@ZF(V!?nFvCd=-t?++ygaEGqP~^Yf^75b
z+7_RE?(M%jowZlRe@1<z=MZ&uQnjiy$R*e_cr^M77>=Of-VKD5tHnOsla|RY^mU)>
z=-%blcs{Gws~fRWhI}3@cD`5(UDiH2$1lVnY&bacVnR0YSEhTE={0Xyw)j8u1bi-(
zmrFfb_y>N+Dxq!%^^q9oJ9=)Go(34KCAIt!Ppwvu^Lauv>8$pB)||>br>l@umB}V!
zv*j^W;B#(NA1D^irfEZ7>OiF)O?4W}v?r@X2|&TE1ZY|QuFO#ZaL3w5>=wlaB0hr0
zkc4yd{G$@jS2O>*-k}7Sk-#Md`w<iQSCTMC1q6u0&JtiYlUVBtNl)B86Q|SUM;_cq
zH!1o8$C!bgDfPPlvgh8lwsqycL4P48#PP4Jv<!Fjyo4RUk8q!SocCx|&XHx2b0-ST
zPme;TtI5p(F`vv_>OXO)p+xMp{sWyv-sJJqI$u^lh80(`-84z5L$ewI9|vPhhKH28
zY1Oay@7|1Rm?zG(J^M+%y$r4aCNaj{ttx{0BE1KEm6olCUm%5fx)`kDc}v;jQQ!gU
zQe`Qy{BaEUCTezB#`gz|0E`HI8fVdd-1sL!a>x?6P)pT1_8|4&xj%~fG`yU=Zk~3n
z_ccAP4jGQda+lA{*m4rW$B|hCxx&Dps;V6LF?M+lMv@c99SCHl?<1evw{s(bU7uYB
zz5(8iNj#G5w-RnjdrwesW9qQEgBEBH^Oi`A9VwQID+bZ1{Asd(P>^ZnvCX|;=c+JU
zwy#N1BRncfwO82uQ`0e6bd{F1)E#uTMoweF7^XeKOz>6x%i9}7%#?-epoKgSi4+!W
zj_K}ub8MOJg}@3)cxQc}R)`LkO}I7&l(+dQKqsvm{vf1pnAsG1Yh(YNahrPJ>Gw8Q
zWDZ6`DQ!b>r=^~+TPs=Dj}5Kz70|~)2Z~t7K-<H;hgMtp5RlzBAN7&{b(tXE{;WJR
z(ySh7NEK7<rEPUIaUTxOst!!b1q^UmUujv$0`g4)`C!zWLW=$@u_%bB&B_8~;azUS
ziV@PU>chnrNQfu}n7D>IdQz^5$AthLF9{cCW5PdK!m4`5Rrcs0a7nGzMh>#)RNvnl
zkQ2jqH9Ly0m?579tHN3RO-EZ@H}2Kgf8L;q8lQ=fy&LCzzp_n!2b44VI$?&cj%Zna
zRXzqN=&w~9*fux1b!}-Bg7{czHmfLpT3;z1Nj#LfSPXpe!M;G1AZ01N_d-?)1Ms5i
zJ=_%HCxM1vloAg%4z_KIakj$kf7_jUYqh{a<JC5nPcd+hulYzB_E=C&$K%0TiF1{O
z6Z(jQIH7j+CEY%UF|Z4Y$+K5?kmsJ4Q%5)HC*OOqbv!e4P-vId3zQ3wLu608Zp$S3
z%qR5eBf-6sGFf+dpJo)8i5d#h;+}?HOG7$ru)$vZ+C!B`#UYdD6_?@7H4KoSqw`j8
z+L<1L8E3m5j3nwII|+jcm-{_b7zd}filA__o!cul5kb4a`rn#tg{ihHE16JqKzV<|
zIMdA#JN@VR+(f_<a5C*vvHvX|MSd7m10EL*2{xbiP?6rPL4aZB^09L)>RE~L-LeL#
z>3Hc0eTl#I{p5|=51QHCT+;tkZ}5vibfn{-EM;f4NaD7o6W%Pn-lxah6E~(QuTbh@
zQ>a&k3LL{=jUwvT|6*n$cJC+XBjgK%$zQt{x}XXn*tsy<LJAhb=sOSdI3iJv@m<-w
z3oczHi<izIJufZ<*0QM$uqkbXY0u28%xhGL4;$PVGXehibr}?PCpl!&p4o+U>jyFk
z+w~}lwC|8Fo!2c{?vP>P5D)xKne`ByP|#K+rUOTes)DF}^_Sx~0Na;6Xh8o8oNXvc
zk2WwZnf&q%bC9)q`S&=1OCntPR&-RkQZYiu$cNr@0w{HA&v-GA6b18@Ys~0T4Ej!_
z^8|x}KuxW@IIWEFc6dTNajIjrMc`snqaM#&izNx|#LQH-5pCwK8Rka$1RTu8NYYDK
zeK$Utcgdn8XC&qyZ*8?BMyA{(#^h>0e1TH$dsO3K9Fi4T9TklTX3I61;?1foA~#--
ze#NHMAtA>SGZ4Dm8`NYBF;0<=Sd!;0n`_XQ-d!kv40!@Y8>3*Yrw(kRo&}<+-cfCc
z&UK%Z(eFLF4zHg39q$MXc)7uM6lOxFb$n?K18)}IYs~c^pN_1+DgSp*2?TER%~Tuy
zR;2cwjA%el{$Vdb&+cNg_Zg@j+@~r~B>B?fH?zj81HIYF!N&O)El|ww-dI`v2otHi
zbMy6%VdlM4bLoXX{VnDtywxXs=tbV;Pl$>gKl@RXRI9fXyN-ZZ_B!pInNZLTUT7hV
zMhBNY?(M0oWDWjR3ZQ;z2F=2&Eo%9sATQ0|v-B2UJL8&<c`f(dR+t5pU6+s7@b;yF
zTs*j)X|9~)$O9_n==TVajx|2c8Q*l^Hyye#yE`*S_##RnhU{ktX%wU-tA}i%ny|Wy
zgc;>sC59*QyQP76s}hP$?2ArRix1+nVM2f5CAn?L<rSE>!K9pyHyh7;2iYM100cDE
z%tb_eS`Z935uEt-EF_J`gt4SnYM#?&6T&7CuJM!0wnwoCdrxLi>(hkc9=(yded-!|
zHo&>MKnb+l@^fQp9P*At^GJ6?aI*VH1kfKpHiBt~sFZY3<D}%F=hs?+9qhki;agA9
zpCPp<l?jlbBY^gQrk^7G?29?QAN=;|)8P=ojiBzB4(fsw{Wg91a3fws<p(1>_>t0)
zhx(u(iSbZHdmY1s&iY(u<OF}?3-&CRpVb3}n-W}5w)T3#%@023acjcsu)EoRe>&al
zV+W&WS9A5DJL0tAcH6z|=Uh@D8_5lp#Mc%q;0>}SXo%u*t-8gsqcTIp9HIIbI*j1<
zw<7fu)H4OJd*$c&cD(Gb*W_(Y|Gf!j3j8^vyP3&!D$NIX+kn3hea!ZFn5H~{?r`pQ
zxN7X%0{bC%L)2^M=a(ixV2UV445@1asZ0Jg0E_{t_uvSrX8|ld2K*=rHH@i;<2OeK
zVAJZ-kx0<Med85@@r_GUhxSxsjB9&WaW=XH^+Q^kT|!g)`dDN3RgSXtaq2znog`UZ
zVmg}*Q!L>Ir%w1IS!_oBFHt*i<bxrjm-^b(Rgvds09`3;v8jU#H@w(d$sK#fAYoEo
zSCS*k1Zl=h9*+{&a^$FpW0y58?k)QqLf57%!_!Qa(OSu~_du)_)&u7<F4K1Vrx;ns
z=HNz?&-JRWQ5TYJRrE@;&-H0i`LT-17z5Mm(@b0SDw^#Y+D5e#+a+JX<@5hZo{NfZ
z9|DTcMvD$-Eer}6Yq398+&eaSdA44TWFH^6iNR89-@`u-?|fqu`v`<x)@>gTHP*T(
z_?Yf}UAZ)8HfCU7d$=yH{-%Dv6Z-I~o_s?96{&3(1F@Z$)vkfrDofhVTCKC6YmOgv
zb$di>Z9le20BAuaIEc09Qs|k$$23t1VT5KC)idrWM@qBfit?1&I#73wr@|d&yZl`a
z&!s9kDi9=LOD||iX}k5?0SY`rO;5_vu$*e0;kA^+?A-V?jYb7d{4j-&p@eOEf0l4y
zsPWUOrS7|^JkFVvb&1oT!Ng)6ogUM#YtlpC?PCCQrL#W7CD26+U>;!s1Da&>0MyrR
z#c_^eEpI+4>|RW$Yjn+&O9z%+hb{k!T39U~d9pn0uwCWdgh906+cV~F>oBL4F<mm>
z?2n}x{M?W1+yiA7i~C}f9+{8r@|Wa*n<cXAt^4_4#Y#WYKuF|~_F^%*_#GZdLGnPJ
zN%o<@!>2Dw8D_4zOX0?|{R5OK*h6XMu@`L(C9=$GG1gp#Q)03lbi^5llB^&X<Tu!-
z`#q8eA$A|9^G&$lonFU?x3C4;>cDmYJlKPnc|oU2bOZ0Ly_nJnE<j)Po+#(5qcG^@
zJtPp;&wUY?w-G&n&HX^^rhD;74fM4(BZM$z5slg1wG4@BkwyVEEM&2^w6UO)`xb=K
zNJb<cK$uln9uGun;@Wo9@8=}fS0uKVB(;g1Z?6Z5oyCba_ZEE}Uq{HA^4wVWiR1i5
zr6fs?Q@qIOUUcp5afxFL`JMP`Z-*AZxQhMZvi*>Vb0y_sbVZ)+g}b0ABu-QuR}VKb
zGF%+i?JqBfPOm{)#ARHLF{1`|uB+zGt=HTPI!L&keBrN6`^2|^Z$e2tjTcLw6qoiJ
z3j~I5h_JqbFELOIyd#P)01_zK?V3Yr7tHTq_}roUYhCZVbu<(2+i5`*1Yk0#BUM#P
zU8EXzQijtefmk^J^`}ZGZoeJW!5LAM!q){BT4zVW2UX(s5;pH&9C~Vq;LPad^a<v9
z&TSkVm6bW|&X|M5g*NA;w0^@nN;^IPf)Kj_mJi$>Sm=UkZfD^3t0*`ak}*DzYnTZh
z-{R_3wk<ns-~gH|vMPZ@p2`q!IEdC{wOSTap9PpUfAh?JZIKi~aH0YDdFj^q@0`zn
z8Xw%nUVtMV?IS6VKV-Jb=+e0KFea*ZVgaWQ89ycv&mox;6gdr9;)7GOXg8Bkau{U%
zsq~dM36xV4lh2Yotky?bDQuf1K)%%BMB@@~aZrxks4`Q4)1|PE1zEUioBK@&>Sui3
zD7vGSDL7gl!jE7VCV^;b_z7=9T7TE61yaU`#|m)ym35$Rgy4|&^usrSjqXX=@eKH;
zWL5imaq4QuCUgR;TC_l*LaSh%*^RVgtI(2s9>=&|AM1h|Rrygi3wZkwC!BS#n=d}n
zgMT@Bv)isZrz@`*-%`?;;Vr4s1<|E7uetIL;k?sVO=_i{p#Bthc*yD@uz%FhflxQw
z86ttt_EUO)o~PL+o!Y4&wxAEqbNF$9D(9`1U)ilWKOU?1YHQ)2tvI6hwW9Y^5>I4u
z_$1r`%n>q$X}_g?eXX#D?yDb+z)`2xkFqUp@suN3W?d%08+;vS|B3o=F71OLzRM^_
zYRWXfRG0s5$+DQk70G#$9|W$0S=#r|Cd!W)(A7oz^3XB^e@}E1xE4&^-)aByc<yqf
z>ud(|A!(Qz+ZD@)zeLU9aMtS<lEF<=g`~uTd-`NB$17yd;*8$)2ANL~t%HxZ@oo#k
zgO5KSkwuQDgnBzqB>VSKzl#?|S0t#}I{t%p1wYgEoPK9|3VJlD1CXD~#Hb|TArG@D
zuO#~2LbWQC%$;>SG~rv>cO6!Gi^r>{%jaP#m`_wsl+0xy`1CQgmhl!}Q8-lH$%3wh
zpmv&{^0bcF3V7UFiQiJV3U)C0?Zh6$pb_x)8SA34L_R}Ep?<f*!99qFd3zGKbM*<U
zvK{N^&U;j?RE0VgyUd=@0tn_@{X5?dA7i$0FTd7zHu$(#cPizCTQ?;5W0tP+p@{z+
zk7&#9%Z((8;L6aeQjwmM+^0A;I48X7lQwpw6p3;|=0O&(qBt7UQrbJLkC~H|_9$?8
zTZ4XyMqlYItiflcb+3Kmx1_9Ckns#Q<5&DFgH?~(_+$+&d14?CwDkCaortah8_+gn
zt+^GuwD@%wBrTDcb_wsW5&$5E7-CG|2gLmi3xH+(o~L?hHi2uv$Hepf9@wkU>IvJ$
z<^2p(3eN=Z_rjU^jQSC5WgQDbW|B(&H05;?41C6>)-&HRH$d^oX0*bV03Cb(Pfox}
z2wp|LSS%+PALzQ!!d?XSUIfsq8%Xis>0%t3i0`5R{EVaDfI0kpi>@GNDl=sB{%bMH
zj12dV3U}jA`m{7^I!q|LDrEL#ETkLiC37+feHw~BD?_#`{D7_sNQIxJt0a9Wam;Z<
z_OOTM8IDRs3QqjOhmK;0pL6JFZi6|8U-~4-S76yP9VL_ReTz7uq5!}zp@p6|8`5<4
zagE9!!sa!u>DVWHq%geb>OgVoUj;n|oSbo*fA&jQl2zN1RqJ*;?Z4#=Jx-*`XmQzJ
z4L+ivtqe6jE{jGtxey+>5?24W80%+WECi;PuxX>N3l^+_<@h5=$Hk!xwJi9zSdL!A
zkMjLIsUY1=l_?|^sRhmj8k_5zLHD64U_82G>b`rIM`S15OFPMc%#i`Hs&6qOPjzei
zZy~Fw(7M*j5Imm4RW5FOczai;OIMReF&K(0ux{!P9x0FxKMpc~TQYxG9oyV;S&)bG
zL|1XY&iP6rrRgzaxrB*nq-l<R??&WzSS^$`b+;!L9h9~MG_I?f@XiZMqG~2Z6Mmj_
znLlBQuF8krf~(WZ0T?b5+O3EDm!FmKlmMr)-X2+?3l-TN^wt%7N0rp;>v^c5J6s%B
zkA~9d_8yTqh82<HR}+@eRWq)*J^tZrv+*LhGJjZr<VZoABz{{=ysR0J3^=Gg(W?)$
zQLHcor}~xAqrn`RbHB%Z8_Keb8eg3{?8rV<&MXv<@b5nzZM9NK_zxKD%RH_Po9Z1|
z)Q~$l)O0x=x{GaL?feR4<JSU7zCB@)<CJm6`1=MzbJIWh-!$qgm9D>Z>cWZBVGG(m
zHp|1Kcu*nAzDyXM3qft-ex{@J!+&2p3Y;L)ZQmKeoc+19TqT_p-Nqx#pBG5O4Bahg
z03sF>JM97w07Kl0jc-x!@7y)82h9&p%ARy%_I4)M|M^Eh2RrV)K-6+4+t6SpFsT1`
zW+)QOkSz>S#AG=ZA$dyjKOMK`&@^Art^koCcuww&%!2Xhz^gG^Dn6TLG`TpyR5|*t
zP%Cf*L=UY<KpWoq4cJF&h9n{}%pZ2i7n<nLEn8F;qa?I=C~x=li#q=oRTZkI+*J*O
z#S81^EuQ}$@9va~eO0oK2byP6PWZvyegA{IjlqJ>3egRQX~ti)NPqEZQtd}4n>7wG
z$9&L3&&sHg#?Qa=cqAhl{txd?5mj0p9r&V0VRO-wz`{}tG&{VAT{m6rb{Nb!l>wYV
zY5$J=X)EiSw>QRoN9AGj;t$^DU`h4wBv}K2du%t2P04Hizbtuz9{C3_PfmFMHvFE9
zXkqBO#)j6rcClUH{Oi2FjDPWijk6+g;SZcI`Ia}Hup_set9Q6Kz0TN}AP8%#9y2x~
zv~N?i>$fCb2fhXxe(@n(er0qYmR!ps8-wW?t0x#>b&6#f<N{-W@A8DxlPwDW!W8d(
zU5FF=c0EbuTUxkxqH|%xQjNa0c{?~jBui{2gh$d;%+vo%@CNM9OfQ=uFqmQBD{i&$
zhE6=^yl&RAaaA4t>(#eoi}s_ZyLnCfyQcBBb4&Z0_u8h)cLm_GF|)Db{}e6e9Gx3v
zFWzIh(_X#5+ns>lmHF<CGb90T;nNLanKj@5I_MQ~<U;N64`$oAD|)~vh!`BQa;=im
zzKqL^CHKUy(j<*s7^P^o8;Mazw<L4`^=HT!PeVV{8X@Vq8oA5_aavS`UD7j_f}BVC
zm3A!{fHDJDo;?VOnoaArzv=zo$GF9#v1Q?-SA0pOD)@|AY*{DrlJ{xTdi4{LcUih~
zpOO?=Ler}vw?N)UyT!317)W8*4f7MjQW7e?6!0H-WSqOeGO!m5C4zfXwG{EYpZ55Z
zLlqw66^rafz2y%$?<5Hp_-A2ESiMJ2l&3D7m3bX)Z7`g{py}xg*;Y2aJH0Yt<aAjO
zOYY6wtBA7nsiAu=`f(_upSLp1G=*5&du5byD;YdA<>#fQqI0M+Y*jNBY004=lTs*G
zzZmZIU#J2ef`rC*62)`g9_hQ}gIW)Dva4wfqZCH|Ej%=tjgKEq#{j4E7Im@^Y!s5f
zkBTVqCWjB9eTt^y%t3|lFCHY<--{I=P<eTW$az)p8_0hbruOG(g5zZz;><ZlRY3uE
z9PnWZ+;IELiazS%XKSipan9NuHdwhdRz~3iRUImXv8E5|T-jrX?6qx)&?eiLJ}5}s
zPa0DWVhDM~LhsZpoChRj)pGXM!6I0&HXM+LV5+UvZ7W$?uB<H4kAkbs%STJqQswI@
zOAT0PmKfjHu&!S@uRrum_{#}J_3NYx2=UN55c3G71$DA4QCKyTMf%Lb3^0hM<rfeL
z4OersS^8u#QccGdoNtgDwMnKU$X|TJ5-dV&Vb<$AakL$38&*5UBe@q=x)9%xFT;uG
z_lmTvfX-yX#Nug}Xwjg^JJ}gD;4#UxC>aO!-B5+_@6Ba)GJj*pW9S)C)JIa%=>;{b
zX#FOeVP#j6(XeS;NoF7M{Z0LGd{VK9$uJLEuf_nKpU-lOIPWksbgvt6{_#+)RFk{Q
zC%>&P)PpvUa-}~^fk)DwAF-E7Q`AA<@@*we>mgdH+xSEsGN+Fmg0{Jlv^&e!=&ah-
zLM)k}c2-Vh;+a6pnr+0n`G#luW+h~U_BTUv%ucPs{<u4<mwi~CB}L(Fgou9PY{fDi
z6o(#pUE`(+?0}p$g5yyUFLfxS6G?=;B2A9!W_w<HImXRLXwd;sYjrHru_?Ycc8SU&
z5k#Z<tl=l=U{WMm!Y8EAO)Vk0aaOLP;BroS^yYXGZfww4Sytyee!>g)S)u&=2P#E%
z36}66G$>L#t@MN_8X|3oFsp<J_&7g?8fD|shrbn3IG8Aarjto~#(Y_-Gz7*FzK$Yy
z&rAsrSYIXi+g4SFV@vtCO97@FGj#NI6@)s7PI6#n1eYo|<fTW=V9tv)_mf^9XHNC|
z>+mzr_xrFKgr&l#LN)0+5<x^@qOnY_{ceiv`aGBK;k`h%+-03zwESGPmyf@LJtrd4
z!gw!$2?Yo*SpJL`{KseLrk=_~c~V|wS_R{#kr6`|%XbZFq%nW2nQEw89!9~PL2Ss%
zd2cN3e}avgUAhGw!@JMtE9l02O!`p0gJqTBD^^xU1KwgNc$-VIKa?dvIkPEmjBX0u
z87z{yDOa_Rs(6(QD;Y@@v>qy+B`7CRwT4p5e1spVu}el4`};ZA9VdX|I#ThbFa1c!
zamQfn&NH1bTj63vG5N0y@IETR|Ab^*cj4YS3jUg6pmcpIHQzI40vXT-_WdG~@PMOQ
zFq`8?0!q^=r=2rJ66i7qf}xkj3%KGE$HrkrJnv7rOZpb&n=!?mh&MiWKBvWR70gGy
zw#S2UGFxL22><vX^h)!V^{Z)OMU=Hy-H8<jFHIO?$Z=e9*St;tyYU!yIh~zgF|hGU
zrC}zy*Wq@dBlzT<Y1-Ez{i^9zrOC}YpnoiFIll*r+Kk{f2>$LqAeKxDat5#UHt8!H
zhvvAS6*^i4Og|JF(67J2-WQ<8sJOH|OeX-}Ni4$62B8LojQ3eMYWGyfHTTB|5#G5c
z?-bfxDAXi{^d^_!zkAaNkwcD5LB}>0vOE!l?iO8o>!1_2@RN&MXKikZx2e}VIL|q_
zbZ*{#zv{e?zY|IXnDp;LeI|P{LuaC(nK#eB#d<w55nq}NuP%kgs*EtvVqnNkaG>vH
z1|QENim`)F-qqDcMNW(dcGMmasrZ`&1Vj0~3admg(4#7O=tGIOIQ^ZckXDhDU%^kB
z+LK|A0uc|4jWZzZ|E_d8TX__}^(a!FCIGd##;+u1!3a6)Hvdes{iY%qD9G#N`7Gv^
zsb{k@tEe$?YBtiiT=Sm2xSZn>^cD`%2!8~`X*@T)*-AGgdv_wVYwIy~E9@`z9Dxov
z^xX&FxO4e%qx0u}cOnY&kwtYQa_d6nLJma|-Lpx$-1)BSKfJm<dy#jcN$Yk_R}tm;
z=v2O%{JWbv)NBsCxZitx1@hz??6wGY@P9(ff3j5YwdtSiz0;4k`_*%bu;Gcnugf-{
z7=-3f>nQ1t4wXID%O^V`4L$xkPq?-6rcV9E=e3RFh=={Ki6fnf9+VRd1_5gXnuhtk
zbM}udrv>)*8#@!5_Ul`~2aK3f?7Q^R{K=j!Q4?*xg;mK~<?_BW?3?5EOZ|6dg!p#_
z`}fQcFPh=GrQnq%=#^#vWn}rY$zK6$x6i8Gw~X1hc9(mB$99QfLOM2=1W%2KydD);
zG=X;}p(m;gDb-d=C0|j8{BeR$@Tj~a64>-GGgf~c-&re_Og_tk`%1(6TD0^YGc6xy
zB_D0+ugS2FbGMIl!Y3EL^9Zy?ROO)c8Mr1o(Zvby>5&EW23QplM)ZR;#fX|{{hApL
z^Tbs_4l>I-1y@$aVO4mI>AI;O9%s>3lNy*3x$&^Q;HaYcd13X%^81_P$NC38Ud=!@
z&4@kCgteRjM+KMfI2GI&6-=tQR|Qcq74#_D-x+?>vQAOO0KeYRI#2J$;wv@TA=A}L
z%*nz<G_j~-3_7U`T75iFp~eVv|63tRD(=2E$evp|+8zAei$SmG#X}`eJo>YKdOD44
zI|C@b{U#1)L?o4)Eo(k&8X6`&*Z;v^nW<45Fo-E)z&+@eL4i9IgoUm9wz6b3uyr!7
zS{yrxS@sd_?x<|I#e`=<iakP9F8gbRFU*UvZw?Blk}xoqMEXw|H8@F~qd{JO>0o%s
zMFd2)uKL$&9?1Ss0LXqD3gY=|3k8A6d#Kx~g2t=)(QV1JbCG1tY7OymEMyX8B>|ch
zY1^Mw@BZ%ZXENKyN5g2KH`HqHi0*TH6?m$i)ngHN+aw;7sALQ+ZU32E|2#3|Q@#iY
zPCMu36du+t@M23@i!4hUniE;%9kD2X!%-x)81co;&dy1%e$^a$khHy*Y*R26nH|`6
zFS^4Uo`o$>Lep!Gnr%niE?ArGp&9g>+nl34o{=8U99P$BTi3Z#Tl*e>y3SUkS3COM
zY0lY<_T{~nF2Fr!v+<+V)ZJc_chg;W+5!K>({|<EMwi1&d#l&`-~v*m!|C7epd~t!
zfpf{33(dau0Ndup%M+MM$Eut?mF$7uWZI=hoC?d$^4j0PGgr&UD3CLTlkAxC>}TKc
zy<rE4G%cE$Xs_&6O=}3q6?OPRKh$ekRW;Si_(qY_I`s6Iy{Tob`&WpT_rB4C!@cI8
zLi;0@yp_V*)XbIQ+Law-?=GhYXQ?+2ckQ=z?Nd0bm~KxG;Bm1{13QV^ymv&C&1#FA
zq_rv&4f{uobhR8orQt-T({@L%8b7WP)9X!+?d*e|FUJp_R=HJmoC>;5y79u3r8~1v
z_?bHtH+8M+h&+o}(&Dm{Of%qdq-9-ytX&Dbd-UgCx2DzBKeO+Sx8>T*J4SnZ(w)^}
zIyOy8E%m!gZsFXm%9ffbDcT<N*s0(FN7Z2?>#g7})(+YjA6!nCv-LtFz4?ZrG3XY%
zm5)T3vGI-wCVqz;K1M5`V`yP&v+}p{m{MGES@3sMU}Nxj=)1S)MBU~qK@+mQsaN$m
z!rc#J2k|cp{wt3#?yh%sWC;H&yl~3k>1vVflylfxZ63KB<~NEgl@DgK%?t3Z--|+j
zdl}Za#-h>G25hu`B@^8DlVf^W>IANA0Ljjn-&n2#x$Y{tWM<z+zjEm~nsRfvinTEP
z-obo6EPwqWBnYTmET(PDoWCT4Ee6fy<{4!I6QW1V<r>;8*p^Wi^RyJl<k>%X!*U9Z
zRI3%8oHk?@<TcPs&qlZDEYv?y!^M!Gse2b<C1#%`1_@&jw`6=T-tFg8RRxRGRMx>-
z)EUnV{Q>6!R{{J_k`E_h`~^pFki#Tu@>@x8jrawGy3_pmuhn!V?xdFFA{GYh8>VCY
z(UDqV4DuukHQVhy>i5l~&x%EUHQ-j)+stZUmCrWc8&}>y_+S*95Xrp4?D8!kfh8-J
zG<dQ`q$#cfBJdtur`BDLvl{}}wF7Ri<N*=wbQQ%4Co=Y3uvBk<{)_G9@a+y(OQ4>4
zK!xLY=5e}9)pVE^M!KDc`_VXdF1_kKj=gKZC$;$Od?jv$8Xuc&QXiK@G2Id$mvQ%3
z#4$DgMcS8hpg5{{Gq;CGL&Q@`ryU33Tsf`(1uw;s#1XHrmwn0i$95sHXIcc@Y0ML7
zd`_*^IYY>CR~$blP`^vTcrEgI)jA3Q@x#7o$51d?+YL#J=I?D91l)$hBx<zxEeiFl
z1X9nFB<h`}grf|PI5DI&rAk=$Gbh4gXZ!ZJ%Pv@HkJH{F_2+Y6&_0Qkf!tr(`DO~E
z5b|bS)lb1<a~#Vnh?2Je2H&VZ^c`7tpTQnh{PI8Av$rH6sXy*oHXt?=s?HpS|DtJf
z&d8D|@gCNWDc{8P?`{5H<rzKoH60zZTAeC%2ARaD{gA1_<De=Byq<5`t-I#Fhc8K(
z%mqWc*QfjjgjGa?Nq3?rr(o((!6n=XzL^_i^hZQarpP}vy?Ed0+#`)Ij#$s>lk7H=
z|8k4qRD<%j^Sf6}c%({`!ZpvwW2gE`$_{w>pSsd<oRAHSB39d!pY@krzdkBImRAre
zto@g6ga0^Y4-?};LA$1ayYK20A5uXj%3oC$&IBB5h_F}Gk&-bkLd}h<kJ%;<T%wxG
zC!zQU>yrEBq#frZUq~ru;_TBUFTU!IHRPVt4BK{MTFUNkWbFNJleO?z$SvV?gKr!0
zPqh^n+`AIAolQEca;$q|!p<i)K{ws?0%v7bEp1E4LxiC<h*@;6DPi7V+bLf1r;|#f
zTh|^`8$%yO?0YPTqssIa&rKKD89|Fi*BjO7x$eURZx&7MuWwBuSD|wnrlmbOb@8q+
zE#{WtcIW>ONWje{35=ThCXg!*sIz)Y0PSu$5>&tcr&mkO-{$!7N*j1DZmq9=`r>~p
z$<8n}mwmj0<Ts+gCu<K_YO!>C67liE+cT<T?<3Z;G@CDjj1Gf>nCs;*6AyxevyO2T
zoM31(D^gnjh}g_zu&-P?x|-_=zinGKg1=i>S(n**F08n1T~|70I<PNxnme!y*v<F`
z!APQn-n8GBt<fN#lRr+iSFaDqWgPys&KSpNSBmBq=H%vcRL(kT+8+F;iKuV2Q11L+
zOu>}*Kc<kxDsSQsS4&3<R#Im2LNV!w1amcvc7egq88Ak^V$Wn)O9)<^is^W3(nq*(
z8P-o2rPsC>fnKuJa-^zKNvDZjeG<v6-9_m(>>+%VTm}#-U9xFLKNFg&(p;{MIF`Ky
z^S`^ONS{H1`cHr{_oUloi#E9!2p0N5K*>2xZPZ<prLX6&+BmvA5wOIW@b4RDqA<j%
z_+*uA&Iaq1@&CpN5odanSpXwP&@TuVL1A}bTdF`G_d3EH@#k2Xj#Duf|4saB;RP(&
zoUEgIho`2ZirgGb5k)Gifw!s<b%_(dd0|hXNiU4A2!iC(AO2GWnv7S%7J-<$S=rcZ
zyeT&rF?_JFSlyqLJb_E9U-k`e@1!yi_rGz1=!${8NY5Op7;^w2;-j0f(l?TV%GVoQ
z{)^IHV?TBy>eD9WO<X~Mm5J|!H+k5;GgM(CC6}qibBeP+v9_wsh6yh@OT)l!auzY^
zuM_)KuB?&$)*7~W7?UlFFVyX>d-VzX5yad=A&2<ukmSIoeR17X(&pjf$}EazB2^2H
z!M|KC%~S~74u)NI3_={{6+DTyf)0KB(&4cf6GPxBC?zTjOQ7b|=iGi5-hP%{e(3k0
zv|NJAFCcW6zdG~yZg66E!My`cJizI8(Y5a207(~Wy&P`;Ja4oh_g-oHnX-bY1PyEV
z$hkL^-TpP+1OWOSaY8EJ_*Tr_x;JjDM)uZf1~^XiIsNxO@Mc^IbB=_y9y)0N6B?@f
z7N+}afWdp*2-8+nRSq<|1Pu!phw=!_>=ilZu;(g*>wS_F+^mU2o2;zx?84?SF{;n3
z`yUdc=cSGu_0QF@TJLfZb~ww`DS5*&`=IgaO^c*Hz_o#!7cFAaQ8wo+PYdKVS!TR(
zE6EZ!`O3J561biy8XYUk{#bL++?}E2i1BR7UOOkAz=C{MhEIeGjnm=tXPSBYi`_rU
zuDhu!a#jY@pGq$1S%j8D3LVEygu%S3s;`3GV)kBz=0TO^!T^z<{DTIq6Sy7q+a>46
z=}qB4Y+DOFALmEfyZy_p|E=NP91c)h_Zd(TXk07?e-1I0UM?LFuJagO0EY9%4!K!V
z(MStzstpO_{z$1qT7H!7P6iz#405mDKKGG~-2>A1D@uPM1D(G4=Q6?62bZ9THH8u`
zO2jt_QmFo1AEmgLlhWGI`s(!?20#$CWlg4PU%H?yNSWZ~V;=_dnGo3&hM6fwlS9&r
zniH6t<91NO>)&R%IPdf6QBsAEF)&B5<aSRQ=YOTrN25B*xumyl_P#@~MC~O*Bxz;S
zboGR@wnXXnyhLdkM)NTv?;EJ0#H9}GiL%f~#k0<;6aF?YQAciNmmd+SuIM;K(qM9-
zYYk-ytEq)uNyvxh|NL#vu$fxC%-?iUV|Osky1RbDOaCJEpeWt#fS1n644X-(#EUKu
zc(?b(=$BU}ISu5$R3^yq{hwl^9k4Q@*?40Bj8(CCg8Z4y;RamAzsyJC%8XDexvA`}
zTy!3ZssLF|2(`uAvG@GKua@yL$cbuvRbF>0s$GzK1_`%rtQ&+`T4a9h;d43<E%(^;
z)r|j2pbtvQL{GN8n+JX!paA$*u3eoqB*@K+jvF&S&tM(z-wwJvcB5N_&zZ!om$LhG
zkn2N1KNYj9cf$f(=r*bwp8@+VB%7IND)`b^pf+E3H=nxqZpgtTAP%w?zf%NDrPFD8
zN-G*0MRuif9sby$)m+Ywfd7?1oVEbm_G8F&-`wu@O<aN>)m?&90Z#ieWNdudP;n10
zoi0j`m3~B{HPQcC`c7uf2j0cDmE#nn^0M3~%SWZAKtly^A)GN5JAZ!qvzCUl!&Ly!
zPu@(%m_H+C<hTv?elkUu@m7URAdJO?75i7}!?Wd+Zn`2pOQ%egS|~v6Nn<A!rV0gt
zl2~!IGYP;J5J;B12&}9hdUcpqtYUPmGh!RN1AAkkI@hN!PQJ3ET?>U<g|44$Vk4ge
z*$ZFq*@@q8b-taAExMavc~QE~nhYXB)c2CtL4^FNyb-T1&b1T)ee$R>6YR=A`D0#Z
zs-dKTFh>oh*HKUfxcpsX@_0Zxn1=EUNC5~n2`&F0MoQCsZUn~`vBL8yZM=V!RsxMO
znitlt>kg&Wr7r6YysgLa6K{9+SseipnqsE--B>EvPgjLHZ{)tOW>=4e$>?z@i6xSl
z$BAW_dC<2G)v8*uoNWG$&bQ+F9X~?&&T+rOjrJtVvRL<IdxfWWjh|7EUWU`S3T?0p
z|G||kp>_aeIXH6ricTNHv(2J<OX0FMuf8r{{fBS&3TEwR9EpJ9cGQO|V2;E}X3-j+
zs``6WmG8bkBE6;JSfwb2{VwvUw?%QLHCOaVA8>Jb?2H~gP1c}La&wNYWwM>$4t0k5
zr}7OVH5kG<noBO?o+A~tR!rk)L+%_PR8IDP@e__`g)P6Y-)-bpNQ~L`>Z{pv{~MjO
zj~+F(<S)CoywM6a+|xdFG5sHSQtLXp#jD)vTfrpbnb_k``R(okt4z!{{va2}=ir|0
zG97Hf^KCl9E9#Ni*2DSAx3cltV)$Nb1E`hpm>aTPOS=Jkq^VG^Tk>Mkd^NeNc452o
zJ#IMRL%1^>^H9s!-z?TaTk)s{c64Jv7xg<DAiBlMK?=S+1^-swxk~PUC^3}54TkMT
zee^n;NXOeHbNyBo1|e}f){sUzAhG#HfW6Zlz4q+e%(l$N_4?k!sd@F(-tm1w=#%5!
z!`eHSp>`@7NC=++Mj$yydVD;CF=7T~Z}t@<j?6HK9X*pPAk`1F%$T&mn1rI}L{vKm
ztg0Fffd?{72x;ksEJbN~z8~?Sk>=;?*9??hD<Xjr0O0#te&yOVL}dX&)CRs9Mr6Yp
z#Yfrw1gU4=21WKy1B0^zF-ojXA;Wqjd%<H4)%#`dJ5{=RqHhU9M)>mU;}IQ09yRb7
zUyp(yAe1gSqIilo@fnPfo&@z0FS{zhC{CE$9LSDgm=L4_1d&P4f(Lz{i2pAGJ%W+7
zdskssH&)rRD<WdAV35HqQjb`ff0F)9x>+#?KTg0A?Bqx<8B!>_AhVjeKMJD&e<KaV
zs2nPUp<9gKIae=|8g?SI2A32>m}nUBpWpwIpITZR-xjE@LudBCE3YaVa>_5B43Q&)
zLxD!_mT`KA4?#}vH`C~Is;jkTc~FVk3RI8?M9vW3#A~R;FJR=%QWO7re{F)fK@s)$
zF}@W_CxHsGAD|A~4obUiM-WJIA{i-&47~39`tu?8$G-?S1s3opG`(>XpK^1su}gg1
z!g<JYX<K9y>AoS8pnhh-4K9W~<@j$g+|3N4qnm{j@h6hccK`*n@Lg*@fP@folQk{5
zz2EzMpCHse$09t-KFhw<BEY|ULXOmSjxVKpp5z+HZ6oAX_H=4sXA>fPJYm0V?D+ji
z#4*4FM5{`^pJJV`ODj7)o!r_T?OJ_1S9W+fy&P|zl1u+-zpZ6pIYcIgD=kvBvx}aD
zQTAgDm<1iGoERFlm>x@-Q(*(qqxv25Lf~n>=gQ8c@YR1Kio9vigsCj^IxmanU>KHb
zs=6$oIM8bRp2|KmZq1{QiDwR+$tLF&{rj1nUN`pIk3UInI*!qu|JFhENBm*sfrX9E
zU_0ZCG>39$o=TokkUN`+!FZ!s!6%5%-((@y&e5;X#P5vCa^eNa=9k@Kpch<C&A9Fb
z>p!s^gC-3m3kX8i+H_mO5O@9Iu8@XKm=a-S=zGc*^hXtq--l-HteiqL&MZ1WDbRm&
zD@`H0?xUaM!cjos<N$?0O!5Y@&W|JkUdAFey@C0c8v?bjJ|~AgV1M_;#mR=(DE$P0
zel{#05<ZY$$<hY=iHN}V{c*Yx+7ZOV`iF&1{)lobQxrZFzhvQ<>G%@^p&VwtQd!L;
zMx88`z3V|e#K=lV#PDSh;CBL!g#k*a_VrP3YzRNx*~r%l6qR8P@;3id*^lCm1C$<4
zK)B$zqi`$R^`AbF9ZaauCG0#AH28QxMlOylGkl<51ZYOw_>|vm$%oL=%17!eznq|t
zh$%m8e`_!eDll#W5b#t81Ke$HMJjLlAmRR~CnNgP_N^?-SE?qBJI2S(l}pR`OV5J+
z%QvBqP2l&^v?rMyW=zO@LAXTI6$`Tp6KRY@0egp@@;M7BwAk^d45A!KVC~|>F@)dU
zHw{pwx_|!62Sp*C{NGWIb==t%R7m3RL&;qy{tZ&4@!~7lZcxxybJ!v^=Rdr-vo7g{
zTTGjvalkm>tD#yu0!*U(H`1uDWw+8eSc8eAgy0XQe=~$}WaUsq{2$P@63V#;^$p4;
zb?CIw6(SO@pJd-X-)&uZJGpqydN|x#YUgzG0hR|dzF#OGbyd^EU)Zx&)7a_H11IAE
zEqAKjC8}L#;URD=M3hg%9_}Uol3#64cQ^mEsM|q!2T4E-vVXbgR~j6pq;<Ktfq>T;
zL;VdRN1GTj4mPMB<TjU=K1GFcBR00i`-MG9rc<e@l!~#+!yUJDXitEeMB*wm3sP!0
z$se}MVc>_%7%!$>X<5KKX{_vrvP9t)0>puSqGNv-L%}&hqQ8eK{p0hA04U+B_#>cT
z%9Y!?9DxN1<2#Ru1d(GOs3{MRgb}J6!+sEXV90>yNA~4QL{U8HLyh_oderodU{t7A
z5OE2~12MUiC@r7?ohtUHsUx|MY9<FR_O&$#P8wHH`axV-y8X!nV<-riVdx!n@AP9S
zx*%<(KL_<LZOsr9P}YMh^eab-G%q1xmJ&yTo8tV3Du64phx&pl5K{q97{Mft#@{q}
zm5c~!*Bi$ET8aDk`4~g#YYWr}J;}<Bn8yNVIW1&@5~hP+2qhyols0&=2AL-U&*!50
zHxbeVt>Wa&AnKC=sy@%5%1pB6-(KjEO-125kr=)FI=-wp(5|l*?L#oYF?LWwt+9c|
zj=+o_?pO1e;8IhFlQ&YsnU$Xx<JeL)#IX?k*Ymf|I-f@)*cS*+esH^%C=_`;zkuQM
z4S!B<Gfo`jJ5;SmSPMw4{Z^yzfjTF?#uhk6X}}$7FJk8UJIB`bZs)?e4f9ajm2t-v
zi;s`}{CBIbmxG<t%X#RLBtUNt(TvrZn5tkeSB{)K1Z5X{4;Hpd4V)o~&4nK#B#jZ?
zKzt9(URYIRMbu#cCI*6--|PUB-<O0w$&&EN_=yF@fp3)8mL)`@$f520&pUBUifZr4
z@b~kKFUWQ1QQCeOLf`ziK`s%+bi1lUqf^a~IY}?bVfF*+3&ao%bT;b$0ck*%zd9=(
zcx8$ykx3CxXw<k8gO&V6oTnt+sI#>#m(=diyjzHXyd((-QruM@fL8^+pys2coW^Ad
zXusU4m>>m6xY>#&O%4zz5m6l$^B1V)fae4UAc-R6BgP=b;nc`fsU1oyX&Dglr<kxI
zjsmIZu_*M)1L_1i1Wn1RmVQ)6pdXi3Jn+|F;FB?yrQl*8Ed5VWjkHvwKw9y@_pgB0
zR*W=NC7+0SwnZxwf<}P?Au=VO7ej#+Q!Vue5SXTwSl6;OQ-F*0lalM8#{gsuk0K?G
z73A1GJZQ-;m$ZHZG@B8*SQ2ZJ2$IAR<AQL=P*Vj1TmS?u{%8_O+@h`f;Z#;uP*ej0
zcr-p&;&qI)zQdH7;L(^%;*lEc0n)Q1zd`|+BEBltU$Jf<GL-guNlH2taXEo<W(*m$
zGUP7H%ITD(O=J*;)dQ*XN;ONl39(8kIV?4S2*7A6nr=#Rm+VNKm<<_M><@$5B%)zw
zIF_}^Y6xR^5Kci_m)>QCWyc|skWBK9ffVoBv6QvSipnGk5R-VLf`UX}#h~Zz2*OL-
z0yNPj@&TQI&sX5n-_@+_Ffc)ps9bQf0XavjGc~hPLNNeAh&c}t;1>vrQ=>wIa-WN~
z1?$Zqk5Q$S2DAzo5$Gq015s9hR4qi(d3l2`^J`wODPCf0|5K$We)g%eHmcj`4F#_(
zRxJ-0nfQ5TODRuqYALF`zh~e|@CD7nBqfU@gxo$x=7<kg?J<}aYR59rX>GMkRaopY
ziBe4|>%&NZ?`VW5fT6s5YNE596bMC=+wS4Ps(}`Q$DbqhPO=-h>Bod|V}ci;Kmb{q
zAaSZl*s53@7zCPY5elgQ^vLv8o;)PP86bnc166Md$+S4o=U6xrLL(+YD}$v?1eQL3
ziav4AkFa%pK)bcx>UgX2P3otpOjYWk@fT4Kn|_47Ptny9_y@?Nm$mk0QyXkVZ{+@I
zG}3jm<&MN`L?CfZznCkgTeYcSG@THNGGg72a{Q_!*7E#HX|T)eN_6fSc%6Yi8`_Gh
zSLGU>y<p&fYtj;ML@-hq1kzIqhT5*l#(2_rCba=f>D3izRwuO(GA_0tAET+_;W0%%
z3IwBHkuvxe`$BS?xya4?;q!l9Wk!%|d{efB_z_;z#33em|LBcq(!_JBCH%Q??0_Lf
zFqo$H0U-f|6w=zFA<pc+x52vr<PmQbuoZ3G1GE*@E)H%1sD-y;67Lw{0&u0qy_Zt6
zrsWiI7(EDJl5vV%A*NOzo4>y;XJ3AcB1Eyj0(L?*YpC8fN0Ue(3BfKVB(TZq26nw`
zP_sJ0PR;^MK{E#RR4<CnFcKOw-|ei2$|_r<qf>ikj=fNBu197v)YuNQ%;Fb_byEs6
zFflbs<?b*wtAz-r_Gf_!#F6L%se?WzDP}DjBnL>G4Um%AQq3(beN8Dr#kooy+ptpU
zpkOs^Lh2X{-q-K7rpq8PnkdlAN#j|$?Uowxh0!s}64DMT)m(y^sm`e4t4dpOfs7GS
z>N(<UN>HPyzZB;Y5~3=7qiB35WMowgI-7KBoS1_NoC?T+E@P$ISDg}~I|&2vM%PXe
zi%BF<y6A&JMVh$Fut{qq<t(<q2@xmWa~!A<F#)Fy^MfJg)5bG(x)L&6FJzNNkT<3B
zU9^^-45X%C1wOD=qsrR5_Z3=u#W`C>M^@~}>pAgM@vd4w9#Pct=8<QIf85*ys9@27
ze<n2JA9DNe{Cu)4c7%M@Jdc!4IweV?<CgndV!vg^aTu=HtU_#QWwx4VHjsG^2;|1V
z5~na?F%;+WC9y&Sc@ATkak2UmR@-&~wOkn$w=&-btD_lqH7r95%+*X`iDgVT@)NF(
zz`H-~@BVBYgP0)m5fq~p9YyDePQj*z222k3f?|%qk{X}vx;V-)E*3`Wfl@sOj<OLo
zo`C@xLvbLcQr!-E;#gwaHk2P=>IIkr`cAv4mPw2(#EgTY#b;ma5DCR|YnES-{EUlr
z(XdX-$R)O><9I)@A3ZfZ&ph(1k3Dg~oYzMU>`%@5v@_cy7$B(y(n_@nf)UI3`2}P^
zP_j8&SwqUkqf~7ciD|=7S{FrHVIvslKr<jE2*esj@`^ivB2KZA4Tuhrn8JqE55+_t
zzU56-=a^5m=^{XJNT#aDj_4UU=<U338Plw?%LeG&4Ei6H{-F(J0<daO`vky{5nB#f
zgSQEch!I|3RvOz#+u@|s3C%33g)O3hj@ZeHz|(E8nyRlNpd_+A2g=sOSfX@DYI`<~
zQ0qxcm^#tt=`cIT`zZ@y{ul*`JU=Sc*s3-lVy4cUq6-6Sa{!>77tbMGqe--uwbA+)
zBYILL6$~hXXDq*bIRPaEVo0Fsv)YZB@YOvNJY$e>gI`qd2pEP58|xD#Cq}VXF&9#$
zsdj^}8Wl8SURb6t7=}cezhx7HsWo|ms*%0Qdxtxxda3mp8VvCz3c&lFU8cmj;3(OI
z4@eT_S$19%3;i?1nE?w7sToo1m?9-&k#-Uz2{)#{5#;CsP6fFjg@LBB;ee7jR;wjB
z)6yF;U2>7l5MqkfV!}Ap{uKtDN%=0zv|3;}z|1UPG?L<7FOcZp_bW@H0aK#^6>mWA
zc;BD{Bdn{-SunyBRK#uLP7ouCNq_~>P63YoCE-SI|M<P)A1V9b<O0%w*)t<+6SFGN
ziQKO8uqIX@)xT<pWENS>AA>`bQrW7IlRL*fu@%g&CgHi!XQ;X$0|`rD*is!cT{3zq
zm~b+IT#q4T3nA3!TeV85e+X0tya|lN_~j@ELSUI{Nu(KDtJPXk{v&ECihM6h0;{6G
zfS+*C43@wWXbwBzFK`Lzh=C>*2jZ-j0EKoXoTRI>uwTkKqWrkhJEiFRTyk!n=gOD*
z@6@{TIX}LK`N{eJu^3adrV#L*c>bxMIq^T6;`hA&-^S*qi~o6$pJ#xLQ5Y(%pgxSg
zI@#^EUu-q%-gVYrYDa)#NRD9Bl8Au5%{H}7dJPqZ@;!*9Syh&5GDOc2&3iVd!6chH
zn51#iJ2>9&pX?uh+&}IgA03_cRWQq%Xk_h&<#LTHYm^Y~H5xF)kf~RF_3D-P!{_P>
zuhvM+^&S}DXw9zBYn&YI{=9EmuCGGyMEk?FnBsHD(He|#ixK}Ut?A9Xowu*Nrg(<9
z)Peo**=pp<Gm|Sl0mba*=1hRtgk{rek5LMlsgfjVrJ}tn@VCNTrw5<X5}Jn03YsI1
zTAPMi8ujgoT=ElD9y5@{s~H2&0(&%RXbGs?hIZcWAD;G4dIxXb?Dr4$UU@9W!y(#U
zTeIW_Oa#^!qE`rm)+FIVOv~C@oF<I#k%<6sS66EhTl7PH3~!||&*F0i_3BC3;+gL4
zzuVtEJvu%S>m^gdC_73&W{_{oqWy?%-=bkqTQ7s#xgPBvygT^tzJJ&Arfp%Bjns^O
zTMzjdg$Od#I;<VfHiP!$2*ScX+VOpoM4TDiAnndqS83}<z5U~z)1%|NA0>$qg`Cie
zrtW*Jrs-_7dI!&8iw$e5W;zOqt>tF-l-*)MF3?o-c(4b4C=gQmz)XZ4^!G*{f!byV
zdj)Qinm;Ofq0OSV=tnbBrV(X>EzE>XzPiQb)B)4zZvzyfk@Swnfgl(@70gYXU{`KD
zebw8s`23+Kv!+)~rFE*D?&=QDnQueQl~bNNHK|t2q+`TxJ>6y2Q1R*uO?pM&7MS;P
zw+mCR5A7$m2$cujRM4UTu*4UrYnX^5D#@(SIBK$K<Y)4Gz5RD3!7K3p1;o5LB($km
z=<QDebMSv>tJ^Kc|7>h+IsE?+Kl5;W1_GrT3;JVacT8b@$qX_>8mr25xQ{sT@9gaz
zzw#E8<;AZ(rDg~j%Br&EXX~bT?CPq;&i(Bd?H3)-R%PrS9Uk^i58m$|eK>vPt$U61
z_pP?qX!tM;<!!ts=A?gt`MA&V1d)WNt_~sbVJHn{ue={Rp7l(ZeC7Sn)t=&!uUuJ0
zX%93nfcJwgl;>Q^rB`fRxpeYyQoD3G48ae&>jJIIS14%61(n@>^~16>j{V2~Vk;V+
zaGD@}UXZMN_F#ecgIEs_ct6;aX1hpaJ`TCwn*PWHtZ6~1hL(RRmZ(A-zz@sI!0IY!
zf@}<6Wd$@xq9>+t%hqEze~Kq4kQ&*G1*t#lm&{Gk$#v{{8%b5AlP4&S{IL69^M92K
zN@l=l@kt!sX&W>7|3-JKy}n-H|Lf1&ZO8u~;-~Qp{HIFA+IS}K1KbAx6dYw$dxia$
zE6{9$Bpy*1pj|SFA;$w83K%^`VJ!W~Dbod{?+VF0J0Lgy!9zTH4`Z=28qbWaNb1<L
zSS{dFEEVlQ(WO<BPa=+^MC@3JJu!(I+E%4P7mcmj0-_PRFh+Oz0c$m$fj82M1t)Qc
zw!u=T^?Yen{P#lr_j0LGHBg-dKR|<Iv@Hz@%_i7a{+RM12+3%Kqmh7Z$`c^F`XQT0
zX#lI5>tdm16YQqe{&PeJgo)`6(K!m0sj1kio(q-aD|POd^Jn#Pf*6x=hoXvfA_eOW
z<@rd6_rxD7ul!`tR6bSm8GsBdqt>Ve&d#L?WEG(3oJ?0i06B~y9|P$q9AbaEqP!Z0
zA-MpUrG^}2++7QuK@-eH>oKBo0TJV?=B=#A*s(~YVj12iA;)ou44G&{r@%Dl7y<~S
zIBzl(Ln_CmT`N`py|lw}0N#qMRJpguafp36VXA7q*m5ZPS3P|Fm#jknZtB&4s<~(Y
zy?|&N{JTL1&@U2@Ixmq3kRdomDpO+fH5BW&BVoOu1sOG%^F9*2R%a8Pa=cNX8yR8>
z;v@_KLq0V|O7S4)W~^gT8}h$i5{4(Lw7jHC3`78=ZQ#lGP4RhC)#vFZm(}#H0Lwp8
zyO7A~cn1E{IFdD+;CJueYpt_nfOG(u_j^P9rTX22d@K{O)mE$(E7B1iGzFRK3rCc#
z&=~7LNXS_dXGu7;sj!KoA<>g0*pc*{g~6mbkP~ivt^kR`=}P151v^pg{X`ho9V_uo
z<421ljz)-<Sm&%^#DsFInI54$8-KQzY6KWX955UpAjleoc%p${<|;2^h4tyY@yzn@
znUEyng2eO=OT&n*PVMv#3|>K(zKq<+n74Ks$y#2mX;yJ{<$@{OphU)gqz%hd;~|_X
zUlBe=6Ocq4huZ4|GcZVk5#m6POn)eGG82fcC1z|_PRB9i=$+`z_H0g@u1y82UB(e#
zk$yHzpaLABAZ=3)7e`s=WoWSUWm3GzChg7C(LRyBkDXR`s|7mk^syD-@%%p;0Q?cN
zJL&fzp^PuyXYon4j!3VVj1U2AOej|sG7}O##-p*|&5)z=psnHAqwdy^T2{W@(0eUq
zhlg;IM(3u6eHpHplj^(b6?l)>Skj$3)Pej_Pjy`$F;tfiIG7}Il30v<g-V7*3|TWn
z#wo-R*9-Dv`hoEhfgDT(&spyZv_hdT_{84}g$HOPibjDvJL>5R$%S;>VF<u59>XY^
zAd3C08oL%aO<SD%o$|yAAR8kF28drE6lE)%rk|G#TnI^lkOoLc5$QlrJ(~x6V&4UL
zI7C!zXvsI*qB6z(bzOPV`w-zj5+uGYF57!G86Z(5bO=5SLnF(zuTIKuWzqrV)FH1s
z5H)rLHFY;P=TU)j$k9H&ZRrPW(};$KV${;hKiCFs#b5W(5Jw2)b@g(<OeaN{#3Vuy
zm&nm3`d#y8i2<c``y+uN9%2;8?^}(60YFfdI&*ESm~2~e%Ok&>W>rK!kfKa{YZa19
zs4&|$_<SW+N4r+k)N0`j890`OWhst3<~(NGYilFS$H}1OlZm#K7?X(~;x*;3w$@pH
zxh4Hr1$LgGh@-#+cA0SDcLy>+*oub|3wpAnrZdf#CnQIrWXlDiXONO43R>VN6i&=)
z!QoK*O-*$h(yvW+rKMPfAenTM3<k_(m2?P4+0gB1HC^SAaROY;{IBpRA`}I!bk_1-
zbbzREJEXb-q_5p&aVDB(S-{?jVhqwPae(Z?rGrAA2+}&PK@Ad(E<j*S16voZ*vR%p
z>Q3Ru;?>6#4MRK{*O76q{+ObsDt(O>#0h8i%&1#tnzCTA;%tS=H79tHY7=~o&T6hW
zL2SGeV};0O&rJ3~6Phos(V#+`StUNAe1x)dBp%vLw9+P8Jd`?C(wZPXCc!J8lIZ`E
zL4FLnw(F0eIYN=3CDasEu<H&;<&3Tvi&~Qzogdp@F0#Bg>}V0?BRVmW7b6PA@j&`d
zDq&=sI`<%&kmv;QR>S(}t@x%VKRHqE_S>MN8quj-l$2K7TGd4LiIcS&@`3KH{Afp(
z$PS81vgIU|EO$)8P-;?hHOrvky!WK^6ILvG0%PSe5<n?PC<()(ge(5pBckhS*H!jJ
zo<&>g$T|l>SL;~JJ%Hj+F1SNX80Lgd<y8aPHg~+=JCYG-9FFYgIv!BI631b6kCH6W
z`|$2vzjyTRVE0$~`k7g_0FMw83`_m84bs~74&LscoJvl@&|doX!^ysWb)xBHXDBZ=
zn3kxa)qwhyn2MMLI}yh_)+3N&r#)%LJxM*s50tc1kN0Ir2PT^00cZkFViJ<k^k+2P
z23d%03zIc*02ic?D#hjP0w>xfV%tj8FK<Sam&Y>uF%XA?CXC}eF-bSj)U%>IRv{Mc
zR`R_fY#W3)N-nL+I0;itmsAo+VzS)lInl1bDimEF1H@4m4YyN-ly4>=K3nqz7Kk}p
z%c^Rkb1W5AYqFLmjDlv?{9426is*YY6RcogMhqL&2F}EcduK>rZ14<NLKt}a0&f1L
zKFJD5oz=FvfGT~AB$nC+-XYN|kN)aWG(^;Ta7fhhqvcL(OQ}D!7UERqlf#4x+LPB3
ziwR2@s#qLTZdVjLRC*&_&EDaOR*5M9Ut|>mVjnL&;|g7~W)_>b7DTKWlc1^Jtv!=}
zG}U9NiVGr^?p58Zoh$-A<t_}sAW+&+i(OhQ7hQ4+chllVQI@MsY`)z^YGi4R2f0rw
zYlQ_q2<a%9r~`_uVuy|v`w&Ivm=bvrGdR~*dYDS~qw^Vch<z{J7AMNHNqzH^e)?XW
zcJiu2@kw(M@n!%yYzUH+-zsIFWF%{oh_9t@O%vOo`uVBk?|UZIihO6T5l!WnX@rs(
zj#P$9AbNR9(m8I_4Dp<V$t0bQkLs@(Q=-bhx98)d^(gz&5Y7;fOhS$+Nu=66Mm`=+
z?TifhSkpA7UdNWm_$_%WO?q%PM>bV|DrPf!9paIO9bhum<(hCCc%AP0hL?Xl*am+!
z<un407?(K0{NA;GUpJGOK^txCOi5ni4iYz|`67>F$UudJET=F;CbXex)+3hlP+VzL
zBB&GOCz3mfl|`4ljF%LHi6t(QMRmzk`Lq+qJ9I*5j}jR>rEg0~wX46|)%~v371-KQ
zf^)-sB}&*SFyeiP<itiO@a9ig+UJIp<`qL$;&k?hTI8nR?BoESQvNaUw^UDf9g&wK
z&NUUZ)l3&LOUTLA8tGF*d%ERqMMc1mlWnlkZnr1;!30et65Du-_10GX%YD!(m*4Dk
z-(yXV89n{Y3^cDOFRq^W`#9HARzoTun6l^7M5h%bO4FwTjFM=Fi4xnOZ9X_I6a*+l
z=h7|}Q+$p?G(t=sg7qIc+o2%u{dWS<+>9m}k{=(%Dd+&oj<^k$SbNFjZ`5gKW%pR@
z_qooGp>s{9>JOD%)^t<_j_Nu-NHegEdsNn3EEO)$(kjZRaL8n6osNaqiDdZLD6CYO
zbBIG}9n*n#$`aYKcGQyWrWk+^V<_#k80i73bCvbDZqCxFQfEB*PHqzeROPTFgGL-E
zpM4pXg&D&nN^$b;Pe;ET+Mg&{ua9O(DQ18_#$jMWB+_qxK6v*o|EZdKjS?m#z(Xu^
zwOZ+v*(yNXZ?#%!HHZ7B{hht{2ZuB2QioUuD7?^vsjlaE=a-p1io{t-KtKj26Bwu8
z9`ttm?~ZnV&VP)fG+%v7uxN$@Y3bD&%!sBlseRMsnnQ|ETJ6cNC;j(FdmrBIrxhO}
zq<J2@z}z33Bn=?-=3-!3p7+Jdj}Z)|y;u1xt?I!y-@RUGrB(i-(`;y)T0|~n^lFy1
z&VKukS75W%=_t7^&bDbahSHWquaEanjy@dk?k{D{97O8l7s}kV#8Pj~*S$A#6ZiIy
z-ya?3$T~L_`BmOEIV@lVV8{`TAjjuf3c2))^vUtNgZBrg{lnhz(Qd9{)7!M}*MyHn
zcixEph^~n)>a!#RXF@uJVklO!GN3asr*-%gH;EYXd8gIww%Q<{ZCJh7Y_+W!8fN={
z)#`sao>`V}njU5kUiaRlwe3i=R)CpLkwjK>3ZSy9n{2$wFCb@Mh@pQ51rM|QM^@6w
z+S}RfAAQ_EK0esnFEpfCMZt3aP8`(0^3Lu%wjx77=>T)7hgbOouib+;N535IAD7!U
zX&GWlMifqz2aZV`{q|t*`YoO8pT0fVyJkxtZrIWX-O>yOE>V5cA5oITzZV3a%4;MF
z?8^5U7nc^Klpid~GD|?!GGlXnFkeIrMO-&vithe&d~|f0d(=BU-qHI<4#BS+0*vEu
z+GJDa^RP+I5tRusSmkJB*%MjxC@q<d>)1?hE^n$LK5<-HVk*ysYOEE20MmOMZ;i|i
z5sY+7y{62<P&rgtOz8zqM4@by?+N3njnQsGIt)N+W!xbVN;8|LsKQdjNx^UDVox(C
zNdr^%SaTcgN0nBSM4EWzu|{h#Qna~hvN2OMBq~!2W+238D4d$?<*FX#`i3;5V#-3B
zjjVNlh~PfNv6G!oN_MKfY-{Lr%2mcG<Y+W)sJ~D2pJJyfRDMjPci9K|x&Z*S|2E(}
zQ^Q-@dhO|AE9{G9C-Cw^ln!rO>LGS>S`y{<UpoIc;29fCi67yj^WDzRC*bw3N4tjy
z%GD<Gt$PLz2~S;ErR`a!BT{amA<`Laem=>Z7^EkwgxGSI>3YQ(Ni{3Dj7nHzwFQ=c
z&!v$1eZ}NtZk4@BE4<GJgb2P_>$s~2YKvUKN_!;OJ=i-|H?pMOBhns^Xycj5voX|9
z^xteO*aDQfo=61VbyM8U&}gD;5eX+sHFrn?bS$gS*>ZG;OlHh$b;h_1q#aU`P`N{9
zRi{)M7JVVj$r+A6M5!-+-q56!Ehx=30+N_S#k3Up+*%XFVE{R78SNDM`2`b$H#N)k
zEm2;P5N=3xH3TP!P5HD|Qn;WxvnLj!JWanniYJgxbu^Cs(#XKK5_kcLtUAV%SY;Q)
zBs$pJ2HI7=-K_Y>{3tsfieSXA^@(zlyul~R>Gc|)B@EFWop1d>$CWPJE)4Mi4xk^B
zBq$Mvdbcayf&KilRdIyu%K?mn3movVPLn9XAc;Ai;6D*K-R(&^^kJ`;rf*V?S5g(N
z6CO${w$zwOWTEr_Np~<D1^65X2@G}CCqaw*d#7M|AJPyb#=#znA>|1b{W`@Hv?AR<
zlaWgB?Bz9zXe4N;nfBU~xt%f%Z>y2MdauS)oT~DGaWtfmahmv|7hqZX-NY1W!7J?@
zVwkUAAFossxnKf5m&qGMDLHLE5vLk%l52|-ov1|2LIZ%ofaX>sGw3sUX?jQ^1P*sj
zH@4OecTTr9(hNrt<QrR;TN`iH-^I}#zuA4!?QAw<id2d!nL#d`PY6HZ(fGuNAv);!
z&>tgRRC!!!)CF*?-U)7@lq50>k@&2UIp)dKN@-a!c$Hhw<nRs>KeKBI3FHgZ7vYIO
z4pAV)lqMnb4T^jivm^~T@FAsBV3e&^v~a62E{vl%L88s9*V#yT*5yhWnp>lHT}g6D
z<V)&cjj)^hyVz){d>s`DC<bKOfGj#CLKpgg_1_>!v)apJjk;h#d=RL3IA23^6o3H1
zU==_a(UKLA_t7gqO4-bwu5cT4Hks*#Tt0n0J%C(irxPveisZV;o|&h52=cdM@nR3b
zAjA>c2KjnT)Sr>p6zODuLscOR!4Tq*+0}76RURtapvx-OBGxRxUJq>qnYAS4&uW(?
zO`@2p0~m^A;L=+Pd4f4fRMN1jI@1)4+rUG7+%9?Qzkb_m3`TLWi?84I088SSP?=*F
z2j-5IzXLQGs5=tG671T6Qt~TRx=}pBs=%0%$6aa6W&oCATz5%l&6D?oMfs7++dy=L
z!aD+k*D!>Uk0?0kspFK89RvOFpl3VC<yt6IDe;t;RRQ*7=~w~3+}2b<T?k4B&Ja(z
z*Ey!r(_74nM2f~1nqr`H4AbDU*Kd10Bok69n?Kk+-eWDXHd-my3t?1bDT+mk1`MB%
zMX4G*q)d+#ahBx;!8#FV`ao?sd;Rr}6MN+xWwAMwNc#pW)M#5YluxbsB5T9Yihk3|
zd8`%I=2Z92=u^};R%M*%KHCRCg|tWbTyAq1XdRQ~2`6N`4j6016Q1m0=96<oOJYri
zUcEp4Aa$~`gi@MD0XW!w-vdJmC2E(X*^HE;pQ1Qai2~DG@)T~XSeijR6m5!wh%~@g
zkbW8_l!nEK)49~esu5_l#u!E5_q3wl#p>$D6xYswC0@%4Q2?~6=Nb5Y5D#0F5dOOw
zxi)A?Gj})@Y)6JNDeE0G*`te|bjHYbFx26eCKI^TyH$1jL_W*4DlKhnx@)?oK|CBX
zyYo6!Q+Xm_6xcmi9uBM7U1OQOPQ6OSyBYtCv7{{tDim{4@Q2p!k`*CPYPF;dCl&Oi
zg%dsA25W4})`o0t5D$x6Jf^5=F+VZ{NK`U`v5xxFsc>;5wh%)~ekm(6NMuyvAW<IY
z3INGukdZ%aDOYBbj`Tf@*+OBU^MiZ}(*Q3ez>1Q|08u%BG!3teg8|a*qZq04`(}5e
z`{Kp#YHy6+!}vYCR1T02)j3f>18N=7De$38bEYqv9E24yMpn;#e(FDPztcSMBx>e6
zuUgdusO@}rtJ~SwP@Uh2rdH<_flE1~Z?`gz#A)7P&4ja<)ytS@^YU)q94q#wa(R|K
z@!TLKAalxQ%5*DqnUYu+G#bI;CIs4N?<1lC_IXt;+Ntkcm6%(fm@ZURk9;xb^Bb=B
zyp=XsCr_ygwh|Zs19il{l6?yYX7_AuZmw@VG$kJHoG!3cBFMkcMp0RB=^}j;MQ_#1
zT*aNO^%rudRrQ`Nyw8Q;GF=yc<yqwd1Z5GDaXK*jM2MN?Sh`@U7b~qBja*e{dL{=x
zyB^iM>SZ2=1oEv7d#MGkXfl<@(WGJ4Vv+$BEiFzCsiTgPk1eeWwA{!7;<GGA@EVHN
zn4H`-t)*Q<gLt?ms$DBDXuH*JcQ?g~PGGz@jo<|PC-_fvEM#}>f+$ZzG6ZlmqG*&|
za%OmCL^vMmP*JA({1JvYNPVnS4)6%Af{<LSf(Z)b-Nt&Q#TUA&ovejzU97rKd>Uhu
z?I%4kSN2Ed$PjfvUs|IwdBd!R5A>ma8+e<{E4QgIypUJw1|&}LXoQMQ$%qVwP<jWP
ztVrDhC3`BB>-hu>x&v=SwcEghVVE|ryaTlI2%t-8QVWeiTF5N*>Y!(Mu4bqEx@h`-
zA>gEKAJsH1UalD7q78coJ?oko>p(6MV43=47ZmZCkLEI}1^Q$!5|WwCm3<;L=t@l%
z8%yh?Jn5!dG;zWemB}*$<Iq0?%R)A;0Agwh)s5j3LJ>gXBP=iOlmR;WptCFowgT`l
zJxytYq@EH6uu7dTpsiTSvA($mPh^IS^fqpFakjLEGj%i@Oy%uz5#mEEufWo<Pxd%H
zWmX7<bh1UscW4CtsW#Z$?VQW&#b5W{=#&qqz2l?*{#9MVF2OuSAr{hJu($N)9hqZa
z?F~Y+5LmHT@8A?s@LV(GSp(xSC708=qk)vdY4un_%yRM=U5e$vTwj84fdcUH-OeGv
z!IF|^gLnu+GQz%I7uCIgwtur@{sn8#KD)qtENBHr(mRPu9ZJQp{`s32(|HJ^*RpDh
z8|yjW(`Qt(xyA0o9BY2Oy!&y#*=={*%@>=S8!I#BO`mnMYTl={6x1=g;T_JQKej}#
z@=;<y-PyqXOZ(p2P|_OUJ{S{n#(>84dMltn?+sQl2V(2}o@yXYcmF$odQCHbyf>=p
z9tl8zB;!l*hA(z%3h<ZD5g)IL{d0!7`M()<S3x*vs<b4fZir9hMCnT2OADZQnzIjy
zt?!4#KLgqYJf>t|<a?f90FM1Lqojgit1*a&yW-OxC4;=lbXROWNkj4&oeo4_w_*~o
z<N{(+XCB)~|ICiDdDeIae%U!bJUD#2Eq!p+ox_l#?;Fxl=yg0)UP9G<QK|Lx5$RT4
z0S6PMdnz=mBFX3Wv)svFOuoLKKfK;=O7_#--8tMj{x#2Uq$^h(BPe;Om*(e`nl{Nw
zJQ)RIJ5qsxay$xQ68Ym|iriM?8F){0IxTdWM$Hdpdero8?#Tr6GyxMCf&mg-qIcYQ
zHaB6wTAYO8TDRTlt~W%7-w^t9GC)1W_|zoWZWwl4YWdn!A;$(d%KRj8q)knk#z*FK
zP_^VY-*I*c&;m7!XDTjmobZ5LM6Jxqq;pu|A()b6$=o+(-QZlzGSo_0pETlIx7_I7
zD0P0tz0aZ|b-9!AxDV`{&pJ6->5?H?pYn*{1dIqsB4rUZr<l}j?e6lDrPqnc3n^nk
zDC(M)?0zKH0zGx>bv~gMXi9Kxeuo#V=||Z7ISgSGq0sy}Qa5TgB|Fp41Y=f?=cX5m
z<;{_-Gsd+eyKQ@s%l$wsgPC4zef5)uXKDBiWCAFURr(-R#^ho#w;mfmLlc7{YKPqa
z|JnP~?lzL_P8@!ZPZ0-n4W%{!E)uoiKkYLV$x>m8q-c_=c0YCcPyu8B$YvrlJ0n37
z)nkA5=fquN$pr)@R=aE$YsM{PM&7uw-?+=~&hdT~FhEI>V;!(GK#eqb6_PNrOhFax
zC01TiGFDU1Sn61N@s_R0i3bQ21s*4O`av@GQb?_r3uW78rPFL049q|rY5-nC<MKpm
z)vJC3bj_s<hZ|+dfb_L20Qbq38F(X%FFh&aOy1f-Db2sL`xKJC<`CYEzNcZ9wJ$C~
zJ1OGr%IS$hnd>Fx@bMBR)p`sT*_S`irS@hlZ@+j$jfjPivkTlL7@dxjVv!J1TPwWM
zj~D}Hi>8U$jm%vP)OrtQi;3^lIyHHc&0HFJQv=}y;;brEi7DJ!BauzTTM@|>2{^oU
znGb;qe?4BASwYEH0r*5Eh%vax%atdK!j&$YeIF-k=(3GffMwEnkYqD!N4t%4$P38%
zP@8sb(#!jvxpaeh>`O40t74iJ3skMTt0|d+2v83aT$<jj2$o?7gM33LQN6C}6oU&5
zP|wmS#kB^ra<fY4xN4<NDRqYe@|hUoV@kAd`j_HMeZtaD_6YYM8Q}@!4nxQQ;^wyN
z`sp&E15w;d+{-An?J8RqEoWS|EWs*d7Pt>Q=S3sa7~61H-j5LFD_OY};1b7go5^G$
zMz_8E)0jPR#y%@{uDF9a%=HerAt5z3CaNNBmW+<l7-t2BE7$VHYd{pWGzM{+FUt=1
zKJ3~NpiM<R4-6HyY&2?NU>&57jqt2Ad$@B4kSR_Ra6rflMYyWSmJQ*CZ`!iYbK=by
zVZ83ij^_`x77z}x<#-&LI{E><PV;=dRVx-DAseD)ou^jmJczW&oa&*0VX}o=E&zYR
zF|vNaP)5DX>siN)XO|3&tA?=Iu+F^5^m38!)LXwv-H+@G&Q45Y+RT%gYNndwxHzi@
z%r|ZzS7f`@gqz4Qu=b{DPF?@<1K1}V^lFhpFxVC?FfP~@e{-<y-tJl42@N=?sXDv<
zjIlmhWMmiCF$M`}35&;GoWV=@?E3TfS#fkeI-+91rO95UUBAz>docxmLBBPV#n|jW
zlPpQdwn#EsHkm97mkxwsTDO|akgWKxf|l;;?w5`!4+TFSdFt0HT4}R!fH)=i3ruua
zV;Ik`wVYun6XK)cI6H5KNw&zBrBipqO^NI6Y{4Edmmr!TC<u<tc0;?i2{SD`a|uKZ
zbOo;K!C%l^yqCFHrg$z}H$Ll}11HOM_Wi#epQGdfK7L-+XYygQUM07)I1L?DC@-;*
zj;G-5Lt6aOSt)A6day9VT14hfevNcp-PbZs0P&s_Ll9PgDX>A+!D^*JhvWvCBsJ%>
za$_PjN0tb55W^<jzS(6s_y~hWNXg-@C77rZ(!MT9GU!%>vF<Zm10}Zx&(5jH`Nmf{
z`w4N0bWfUu3YTO))}l+`6APIS12l`Chlxjzx&y%Swpu!%hnLKr(2Bf6Rgwz}2>~~v
zWt>Eek)fAk%39s%e2>SlchSQf*EL{icT`<5e!$mXL`jc}9sG$p4FUnA?PAwW=G3LM
zwX{U3pCbnaDxq)7OlZ04VHAaJ94>N}NqB6;3-vHjIf?p;>_J(oUfN8mnc0Qxm;x7Y
z_(QlG3Zz?3ZZy|3aJ-qQNP%wMT+qfzHo2`e)qVP5#gn54cQUAja6Y|eitEg}Lor7%
z2TCjDb<-?WT|ss=!Y6Rp#x!hJj4~`VkHfc&Y;$ur7+KR~!fvgO?kJ^;<b75|8b(*9
zD>_Fs4UAJF%F3c7J#aAEo&^vLpa9aq$_0YQ3`f`eKYR}Lw@zSyI(p*Znu|?iznPH;
zt~PiUu)4%L>f+hOU>$*q+D~~7NYt_vk}^6AZDDXF$TA3Jp>)XzeSDem^nTn;oh{E|
z7>O6=TlgSfmZbg{ql>%OkPb#^{j$fwO<|d0iMiN2TYOBA2FT0?>!{bWdVI9$1dw}?
zD$P01HV0_qT;3Uy5|kXMC<ob%`onE_OSJMca-X4$^yo?rY%F6dGEpsXf_4I*JN1yO
zA_likYh?5iw3SZ&N!2~bDOUgK#5E#6;QJId$y?2#0RnQ$BpD2Wp~x0z2RaD;lwBg!
zwJ5QMI<&f+XIgPZJutCSrGRM%x+2r*(L@#z-Y~Zag_d0R(LmtmW-#*CSONcLKZIih
zoIk+@JnLuqphHqI9_+_Z<uUhBfcF1=R!o$W0{cNvTE5ktN-^&m%$SL7g$zxIW)o6T
zXKIMnYDJNR%q&Jihm952Jx&kOFoQu!DF`ZF0;<>+Z_gt#Z+s80FU?zTt^kg^i#bN~
zECva=<wSUWc6nQ<KvNACKC?^D`uf+Wq*Z0voPY~i+`^QktW0Qe2eR-52YH>z;x-rr
zBIxNePRQ_hm6%n`zU;BfksrWi2S#^W-H-2dK&GimB-dQq3pc-dBF8wCrM3t-!ACX%
zkj<hmc@8$zV5dR@p{npp?QP_+-KqYR4nr@?0sG~kzrT&#aBBIm3i94hFh%>8IFXY%
zfsL__0#01OW@Z2)4-Xzxn<UDES!F1W*i)PWPi-hoh8PWa<+dDSz3|WBSL7CePx$Is
zNES<LDA#7&IM~I?5Lf?+2?2tN@U!-s_I9DFf|D)~h$Z#VE{29+llSl!@wC6|7u?$o
zioW$r?j86g55kfMLCM`t2XK`L*{*Twowx$#N(f~d-#~*Ir5n9mU{7QO@$rfTEt-kn
z5)xuBt_TZtb$s<J#e_7rv=SZ?V#PmebjZL94`K8V<kOjdDKgD=i5Z2mREr!gEei?w
zt)eiKbpj?08Jpqo+N1}Z<RtR6{lBOp>ya9)M3q~lBn5Wjt=K$w3WvP|-HB5;K#uJ0
zQOngs`!|;Jwwa2hFO<Pt5EBBg^Yv3|aj%kO-Bc>utE9cK^sms5@s+G4hzdORU1dKY
zTM(dMwE`4ltgyoFafOYF?=+hLudHJY*@O{RAnJ)oMKPRMP|jTMXN63ci7c4So?sKI
z+pIlINVbVE2dv!0aqQA#&l}YbWb0$#yk(**USx&nB6FA~$}fHvmUc4*<R|o$z`)uJ
z4;iq7vfOxmdWA3IRE&r%y3tLtg&%ueW<U$2v(!awmdhd)uXf+zTU8VQ4iYK0@<E=H
z_)ZBM=@O@64ndzd<ABc}z@Z~BCbD0Dkv*);|1Gl#1w5O3+K302*wF(|ZE|D8<{NPl
zep(FyHoHS!x?~D?g`_3mRs&GEAR@IWPT=D7gAb$0KtOInfMgB8)Pka@HTzDO!ki?H
zJQe+kB-3ce$buGUGbbQfa?;>#AOqd0nd&x7l5QH{nNs8Pf*2W!pSP27oXdrqkJ~-5
z4S64GPl@DUtV%fu;^_UiwHJUeFqmc846IX&?Yd@SQ}qR}?%I(69+B8iZ`&A{`8OyN
z{qtW2_z7g~ARPd0AXoN<J=dO%x#!_)_>9N8S@X|zw0nC-+gZ*Dm3XRF2X5{09PS15
zsa~ZMUO#BNl($B*Eg+gWXdf)C@yb?imYeyUKpQKq9$;z#8{<g##i$q1q!deHA>))}
zX}05|(}930!rjcQ%>KBtG6gvBn0?(sm^xjS6gp04;P}w=X>}v?GAIZx<c%U_b`usW
zKj?6ppRRZVurFV9h~d)@-u^<c`<(ZJotav&h1XN6r_rc10iape)4=uW$BeJTe5wVw
z)Js-u4OWF=cF7A?BE>1-M=0^b_4S24ZWubYkx~BSoamrp_gClC<MV1WM!$m1b_A_<
zE)#Fa0KLDJE1T|L`znvU!T#%ierdr00#g4Frbid+`!OuL5ldcJ!6Q7y7TlmHeP9Jp
zL3#j~6`r1wW1=DBfz5OfY*b(*GmLma&bYoQF4<q5Jg>Yl@`6(5*?kBBWZkCNP!uBy
zp~HX);3B;Fapmovbamtnw7wS$8;?a9Ud`#zrP!b@2zA}lY$B8HV8ecdbQda}*r+qp
ze*`Gek8{1V#ZBu|gZnmrtFX<!##fv~f*69s;|C+lpOf){^XXO{M~uKvWrj`Dh{J(Q
zN5T!)N!gxOo<o2$Kd=U=wq_P<Uqdiu8%Uu*KeK0fW#4DU=-7par}PXrs&~8ZcByXP
z`;0QJSU;KCeWKn{JT^fi<i`#BR7p-Jt;N^Yfwn2Epdo9`mS|5m(^i7h<P61aoJM_u
zv?E^{uL^VE5-!x?#i*)x@GT~U76sW_<J6@L{1x;M>u-V|ExZ58mq8A1k&|1MMuJO`
zX#nh;)PFBNo?P_z-tX<btaT-1j?Q!b*wuXK9yZr|czSVeJH<^gPjw16a<8%heuG0r
z+Abp!?Ckf@`UG;!-e9lMEy2dyadPi39^YTMt-a9Z1)tx?dd|svus$D$HUosWiB&e6
z9x3N4F2V}Do=Ng*02b&EZ5Xtd&BU85IGyHMu3g|n0Z6gz9BQ6G7ofU=@-}L6SBew@
z>$7)4R>U*25C9KmTZ_>J+f@y#57X)Sa&c`wSJ4kyuD#3*zw$ZfAq0EP=Xn6;vJ~u@
zo1b+pJ}MRSJoeKU@3>(LkND#s;db<;AyE67kIhF8&5mFkJd_b@cTPVq`bV#%y>QVN
zz7LUgYS}hB;5J=VBQ*gR1UZ>x1zQmFLTPkGnKB~-*T})`JLrYGy`7+Lj*+4`A7TL#
zi8{w8Zy>i#XK%wOZo@*^4(`t?hA(AuFIQS*g-F$%D*WWBe(gO^tH&2!zWST?c7CI}
z3V-L@KwshS%Krm(7QcB(@^@)&BWbQv!<C!LBpJ)etzbakIEl-Z&{?vyF1yw%|Dn90
zd@~q++}SeMqh$h%8S>A7=_4YHdBRDnIysBex1vz!c@ECR8DPJnLs71ZWHk_1N{J|&
zEG_67P>ED2;{?<I#FKLa=BYmPB0^hXJ`kNS&QiUD5t}z27^~jdf*$W<BiZfX->$Eq
z?cY<6(ehB~q*&#gqOt-Wl<HgpgeG5LT<LWZE|(FQ1$H2gu#L1e$GKJ$voqhvg_<p8
z0WvA73E*9Y5mzaC!7mF2l*#CS*{{S(?Bp0^{*@*x^2~++7t`-vD?tC|QdxH`OI-%4
zam`s9zx1cLP#?{Q;v$RoFS5u&x6%b1f1VL?dDy~7KVEYI9UWiVDY^ljNgNg6x#KjO
zn9T)&U__E-w@ZjTE!4uuMbN`Oge;2)c&o6w7@X0|G*yWgkKiygED{I5A>cc#0GeT*
zFqS1aEGCG#MxLXWz|eUXvENXvJTN$zIm7zV$8j_evEzk>cmgIJYu@d`$m!0Kfjr!*
z6^7s4s+D&%UQn2di;N+1UR@mK%AkXOu0~Z(c6in|u-?dKDV?b9tq#N3fHj<KY_V!_
zQ%67K-6Gje$q#{3kP=Y@NanQ_LbY~lvzU7t0&rC^2v2ZnB&|{wHtUFsAroVs(5adz
zttCd{8CnIa&+Qoe38_~loip;cu?`DV%jm*vHa@8VrC(KdakkXRaliz-Ny=#n$Gt2?
zq!PKZEL;*LhYs95Sk(Iit9D(9Gn&+2{PYt(bo1EmK(%e6a^lggX{lAwCkd1>R0s{k
zxvNo5E<mm{McpA#*JqjQoA$R7RcH_k${&@=Wn#8b++PRaO|c6G5gKT$C$E1p6uY{^
z=pjEq^01@1f+(DtM+gP#+?kV{@{CQWtc7`E<XR>fdJoajhOa1LLYpD9mhGXz7D}9%
z<&jN=4>iUK7Ci71-sl)u$U$M;kb45HqJ}f{_MIjflrDE`v{pa9(;_I`&;zyX94Cp?
zWjwLcu)}VCadJL-S<Rl%e8gk!5kS&EjAU+>31@_4?Ze5@zPW951i1#E9PLw4aC7@9
zmWLOkD!K%^RE{pt4H|W%mLP<`%6m=4P9DrwF}l#r8YIIT`X`vhOK@UH;Doea=H;<{
zS0#h|yK%<d(R9gV|L|hO&XKeeQgG8ud(MlvK2vp{tZc;A$@vIzwBu`l`f{oDt>2az
z+U7X6Whw!Mhv?w)Gg8a0?pD@dV^Ee5vq=yR#u9+jDV3%Pww5x3iY)iz6&+<1)-KZ-
z9QIJi;VYDKX4NN^mXK3Vz}(-vaW)7;*)i@p>JGbRg7o|Xs3z!}D?@kK{okICwu=6x
z`|sGwTIWs)B4BiQCW?&W_*t=ZIGI3JVba`Xr6>VGnIcKi#g%=UNfQC{l7V3EwRfqZ
z!xy{gFoJ{-)_Ddly;!TnT17miFmLGJA5=oUYwi#Y*f8>5@5qJxB}@D27SnSxZ~c2U
zo@d#uk%r{rGE0;{%HN|$4v03(ajHr&I@bOzK8hz0?}m@C47nj@q~USdyI7%;s(YT)
zTVk{@o0Ci-L6sV!kZ4VtaFQxHnOi*_c<##-7As62>Abm!N1lr=zM37rwTM)nWGfYc
zq_N7D6jwp9^9(o64KX7Q6V*;{JDqz#o!#JCqP@wxU5ghG8*gC^f)p=U+2~kfZ$qBy
zdjG>JdvW{6yO+QB|F6;iX8ErjfWtps!45y-j@V>GsvlvWZ$3WU>lN;l#bB!ix;l6^
zZMO}Q02;G!FwXlm$2T+1KSW0HTNnQ9p*8v%jzI${I;v;4wSa_=;0YJTYRuwPZJuOj
zoxnHf%tK+3lhK>=_UJ+cQBRakA1Q!Qh_9)zsn3-wPFpvY<x0@X`u^S9_thK}R+l%8
z3w1A(WY94`zo%b~IS<Gklv6dp=NzTYT^<I{)w>Du^Bb-zozBlUnigRK9n^rGe(2!8
zPCwLSOk1K&{$o5FDw&KaMPb@6vaA%Tb{)^lf$VA{UB;P}kSUl+5c;Oo1Aj`BRkK*f
z`Jc_#c^3IVt{?%aL_rWS^~xCSmsE#M9(|ETNA5#^N_kjZsvuNX#Sr4GfkH^|P*ete
z^&GLn%R~>1TrxoY*B>WEmj2&t+@k<e&z1p@4K7Kew}y`J8-F(n5Rc3yF_8txnVl{1
zqEIgx=p4dTJ@#?-TO^c)OqZxBH)UoD6o2tT&ekUre9WbY!-U!ErBHdM;}Vc9y8ra|
zqm#?)k0<9hmnRpW{vGeirJMz?emc3l8htvaw^2M(x(o^&k3ODUUDNxeR>xGt0jn>Q
zgpFd|fBO5y=hM@hi%+Mcqd)(9*E8f~sS(QHcJH9bCYiZCo5}OnY)pyevD0Z%b%ZF(
zgg!qsUw<E`v7VdNvG;D*T0k4z4a<zCMxVOe(1!%|S#;_<8?JRVqzgrb66MhoX0pgM
z;)&A<oe!aV{+f-g7b49`zut4ysV1yjwwNOla<bt*ma^>tq<tBu6nV0_*A-6TIGy#?
zT?{L52k7)=8ueZEJEp%KGyXyD-B-95Fl7cR0UpXi{)E3b`U-$xs-NP+;QQ&+^fiKw
z5CzlA^cZ>)$ELcW(tZJ`!ba$!%g@WY%Hr`E0LYG6-bXxctdGL*wAlsNx(>-uM5z{e
zVzz)CEcvq2<dX_@eppVYst`K<#p)g>b3hGb{vkO%Mh>YMlAj>bHsu#!xI2d$VdI%q
ziE%@JTdJkPDxA*UkG5fwt|0E*P{qHRhgb10c&o9q*1AR*zS2@mlk8sm`!r-ko6OaK
zUD}})uXo=cAn}X3k(n?R#a>Um>WQ~Kv3JlDul9Q4&8wc++ke{=`v(U-aj>`76MMV+
zuX<E|fA{s<9+2*dcYE*6+c&S?z3Pcq`)}X8?LlgT1J@$#^COwd3Cy6b`O-Cw_+O~9
zh$p%N+*Z3Iwp)wF<~YRUy{jFfwzEb12>nKg0tT%$n_;2mDg{)q(2^y`*|Mzg1{mh}
z&kYU{i^ja(1ysAB(rjvb0d5wcOMn@NKzT;`0Mf2CESs|inhh5x4}dF1Y<Acv$?MQQ
z=!+=T!@n(6vHJhe2juYZ@X&u<WV!dVocO=YB=mm9lZF4*3|UbBpR*+x0<~|ktu)+f
z!saSjh@;a{wF&*cSy3c|@W4>J{@DF{Q*(Nz5xsJf_YA{5!)DJgM`!F-XnOjOx<*<(
z7^xFdE`^gdPQ|BOrDx21RxD)co3gyOYrHD0%<fJ;ssdy@P(12VL6{opo>7K>{{|yl
zOW!)p!gI(f5xPFT8c@jwW1A3LK2FwS6z~bx++f$aYBc8fLZ>;*!Ei;w;SWu94!jyh
zQy;*>kg_x&r!P7(xi8d1tRZ<X<!L38j%9Z&wR-bfsC1H<!{_4U%qqXuu@p3-Zi7Jb
zpS7yg@89C_&(L{3u1q(43pclFRcGeJ2n^!*{0iM^+%fI<0U|k++ZsHITs|UiAj(1>
zr|1VmB1f$f=Yscb^^EdECR4A<&G5zb>D8uFZ{aO6;j+B(`EH~hx(jOpodka#HsuiY
zvv9o74?~j=q8<eFzc=fWp!UtR)1z8R?cu(uB8F5D+swDIt{fL@wgZ885MDghSG5K2
z@DeL){^-#3(w$6VFsfjC!~2_@Ni!eA_Kc=DNY1sFOzL#;PQA^5Q%bO$g<@Ag4pPS*
z9XikSM;CX{zv#mAAJrZ>Ny}ojK^OR>V5LpuU{aKxmqNQp911dg_h&;m{5Wig!=hJb
zC~^jlQ{;Mg6_lueKVB4>x!$X#HU}Lf3mtTVx#lTe!Qq>W1CAcGfl>6_r@=+a)B8ID
zHaThIvvHD*cNQ{EcN9uGO{MyiBHAHgJ5FbVNmi&#n|f}jTj-@8tmGnjx&B-XF1<2>
zL8<f|juCxPiLYxO;SK0CMb{Crzh+}#i79#Jo<>q!-rM5qRyjQ>WFE-8f}JAJqPDlI
zgRd_YG!=3NAh3enQr9t4*w4IewNH-Ip~oG+ySZ7YQr@_W_f4KfH|DB-W1}STuLR6*
zYHW%C0{mB~Jdvoe9EyMX`=0AkUrJvm&o`Cr_wC+Zd|iiNk6(J-Vs{!}D)W!5kepjy
z=UE9@|0*Smp!o<Omp$iUcHSp(+_gH<SlfVO9j|WV{3lfyncYkf65l0l>Pu}Gw*54W
z1N~UYsZ6Daq@Is6Sww_y;99>WW>m&p5Mr?K_{DABFze+B#{kGgo%LG^5#BKuivDCS
zi&6l7K!LySl!a2beb56cw58)nO=JP-GF<hjs<S_b>o$r6=Nu8dv0rUA$$ZUYy|DFW
zb~6L2`^j{JS()9|Jp(-&()d9{nQ1s{wHbdHFBpVGY^9Yjpawr7kFE+jJ6*_3k*bxT
zP?4O#?Ma)fHh3t;Dc+R;O&%QT!9K$&kwCkFSS#k+VW*|L&2TrQg!JqDe0eJ1LMUE*
zJh^`9Fut{0F2QZt_x=qTz$Z<)Dfvyv5B@ES<X=twVR2ii=~B#~RV|m{ki+0YjO@Dm
zu&J{9NMXbDfVm7malF^g!g^0HH6-ntW<8+>vq4YfQtSJyAg{@>)bRwf%#y|AA2k44
z6{B>T{l*7?xU3976Ym(@q$~Gs20!!SpET)Gv-_cal4hkdf3xx*8Bq~N;SI$X_~;Al
zv0oyUuD-wq0e;*BD2g!;Sve1~GMDi}^$6oNRqXanE8M?~Rz|#Otk;cp(|EfPZ|ETY
z!`^6k0otuXP82$WuPXt7$t?wr<Ycb;<Y4H^c%{E;zCCfKJu=s*e+JMQ=1be`o@-z)
zXo{mu^Qn5NZkv8)_6*&O<2V2FW*&4z%d9zEmh-HLe{nJQ^)e91+HWcO+nisf$$#ty
zEcY6k;i%$dp{aE%r?>Kv)BQ(NW?O?3<E>i#3MWd13;dIL44EZ<qX!D`JU}MHFPQPb
z>)<f;18zzGR<SKv`H)RArJu{EJAA$W`gNBRy8t|_Vb}~2(J=R#RZmFmCx<HM5_5_;
zc@rz5^k8reFr)!P4c?GmZ^(6WBmP8zYeb16yK)Fbg<~*Hvt^3-$#2Xx#>Y`s+OUp$
zN>Nc*Ac;|a_vX1$%R<f~;*-+1gQ0nu-lo}oDkifcTjnB;blr`V6G!UXIRA|0k3O2>
zqhq=+=1LV;t!P3Qz9-Rza_~f6K%%u~VuTn4%>W_*8p-kAh=cR`mFc=B6<tOYq1?M&
z#5yUt9;%ih9~`HY%d3^q9)?E3iQ*Yd2Ep{$_UgtOQ6qrWnTg|7=ppLT<%ohr%8afK
zo_aXwGchV@rV+U@C(@e8Bn<YYAIDI^(7uC`*0mZnyS`7LU4$La%Hx~eJ*6;U5c|CV
zzSA!67MiQe45u+BNHWCc@ob)~L=@{uwk*I$m(svdn<@DIj)S2Izb?-pA()vMc2N0(
z$FX$gCMOoEl#whY<5h1SJ{pF<gh|FRbqVyDuSRxmOcYhMEVJMgIb4=m-?|Ysse0?G
z{aytb!+9ZzqeEy`zyr;FLy26%77exl&j#Rcl74{yXi8jIdN6i9Yex(AX(Gsqow1i0
z%H?3Qlw_V4Szg4Z8Dw07gq=0}U~nc9x~Qoi9lv06ZST@LYNsOwr{K`aI0UK>M8OT?
z2XjbzMjr4BX&$h?^Yv+_C7b-tOe=hcvdS^<{@NYQ#w#13WaLr8GWW%^IyFwpXIWQ8
ziQe(Wu*N#PrC5O?=#Bq{(O%7S7zqrai~Yg-$Of~pO<<Xc%aw<Po7&ud+yg&RAr}(1
zxBLDem>T4|XWfTv1%>kb3ttp!CW|OB8wr|C;==3-F=xDzrF!Xl2r?H@+CJ_X$ohiA
z*oAeH#tDI-q~N`?EFdf5U$e2jY*2)UBRoR;XOB_)mAO0g^*k%#JJ0(&==h2eTMJoQ
zlKun;2ig|#9ds6PlmdhaS&uM(MkK+Ur0&e&GtHJoITwp8E$5WGW|fxm0kYLtqMLZ7
znGH6{WCV{0yjSm-UhMxh8|$4d_Pp$44Md!u4n=oY?20|{hn?5r4^9aEnS^bpwltk{
zhBJ1g^->j=YU<0-Am9vxnLUUzufT1bMi%k|NqBDw#zFSu@J&BhN&?^F!~qplo9C+g
z#-HuA1_V0oYj-?0cmzO@ZvmLm=3WAyh29d+=PMB!s-Nm1(dr-ZG(Ut5y&^X8La2B|
zd=(#Ueh{0~ANoK%n+HUj|HE^7KeYHh6h^G5i;jWN;lLSbmGF(zoc=FEsjTA2beScI
z@Z9B)V4g*~A~gZ`DBvz+4r*Y|sA7nj4e8UeyvU-uvlNo<Lrc7@<>1jxVcX8R`y0(H
zRVVM7oA(c&KYTbnxw$+!J^Zup>+N}ak4{IQ&nnK|uuXgI=%e>Hy<=DK3VCt|clzLC
zTkiAK3BA7J_mB973m-D2J>8?vBs+2Y2_J)v(05JElXxOEBu#3hg{SGlYUKEfq1bZ-
z0~cibdCo!Q))kqXoJEI~N5TR&97Ag4E9;Ft!p#pKpFF6^l0iZEuP@3h&ysAm0!2wP
zjEh&EOmJ6}O(ry1izfUS_jmhF_hp_B9Tp#T!3Bub$cE54q(+!zsV)ofMGt$1JBB~F
zg7QbMxZP~fFLNOuu5Q)6>vR8ORBO?X5Egvr7fij*pP1GBIn}a^^%Sz74aISGo|P;E
zcDy-~MHZZ=?r%@!zR9^BsX?G<nnh}73mo`qP@n?ypgKzHV0^wcTHu?T)D|z$6fq!b
z-v7b6^YSFyTy-Sb!;x{4-c<-a%{QN_+1NuL%j2oiiXQ#AGgM`RGCM&Vv9<9kbvmb2
zaO{gLI*xU*1U>GDWi*3KZy2k|A5{wkq8{l18tB+k8_yOe#~Yq^B1=&3RPXMg-FEGv
zNFddZosQ`05~lz}f{=|nxhf_qE#(Z6Bh1MUak!*~Efl&Oa9meK&jRucC>$5^;d5%W
zuNDK1-4)Gc`%7462rlto_|hAvhvA!Fq3MLd@<`JuBOxTBSvr21(Mlus!iz;-#93jE
zK+K)uVb;`keJ%<>e~5+Sqt<v%<{VU*rD9gdi4wUg;w<vWqM#^_E2p&g<wx`31$;*_
zVgc{LdP3RGbg3-W47tT;SM-P%2#$pjBja?2up2CR`Okb~RX8x-fVK=}(>H4dp=~4e
zBCr}`ur~VKg<`b_V>NZCId{Mz3uZ=^mg=G8z2}OaAK_!}s;T~nSM4_k2e0;9=sIz_
zk-Basjrr|ArOE0t%gXQLL?KFBpf4<z>7hQ)Qd6Y<;<HwT&l)|hu`I+y<`~)&D^HG!
ziYyOhx5LxZmPT^0Y%RX1l6wKa#bpS%Y1!0%TlE^oiw-Kpd+b)nN{b7T6@p>X2f<9Y
zMQSx-6bLSNi|D8QGzu=HtV%nzQ2(#?_Fs7h4giJ>Y<LzlQKl4IgsTP4$2fK8ybqm4
zGZv{Bn&D1!L97RsLN1PcbzkqlKJY$SXYaty#r-D<5g)Is*NVC~c~t>Zaaz7rt6au~
z=}htvKzSfkB3L~<hKyaGURf$~S<Y2z?zJ{sPz@%|(>AePEY`3Fd~Up0X-{u&hL}T`
zMO=@$_6WiWZ*?co6aPaZa#{!fKQSIB;OTjzahm7;hRVmLV6D25i-c6OE*lmjk?<(I
zh}95P{TRPu<5F-d@%jY`9A1pPPH2fZ`MSUwpTqXBnx_ZVe0@j_1Ps;M_FU`HAN}9Z
zYW!_Q#|1q7DzS0u37TQ2wDo#_ZBU$gnp(K6g7#=QX52zpo6aLV5rQ`|OM(}(yLNa>
zgEC(&@<ahfuq?7=YF!9uLkz5Cg%XoxQK+;`R$?xT2*=S{xee(*4E$}*g?xKOTCl?c
zkhPtBnIt>=@80gd--=>AS!x|;=}ocs>h0d!_xlI0-}rk&R)~*3o`_>v$~=*&5<l&u
z>x2V}rfmtiGMDr|ioFAUHyKpDI`9w5($#Dkx3r7JqOZ?%bR5eBERNZ-Y#2NANtrXM
z3qwLVq=Q_M|28}3zfgnOKy+X2>MkvoD3-}J*6<v;nLfzLZ8n`cn=^1z7ORGHq?!FV
z6%&bgl~WlfkiWXdHIRG?+mEH|dJ(7POK~P2yp$CP$l#|y9s}+H-54|lkdM_gE0h>3
ziiZfI6t`G#c#*4uvo61+7VYisQhN+71XVay>6v_Zj-mJyUp8`8^f~`Cw#igSjbW^d
zDMm!0caJ&z3PPyAQw941nVCpPi8LocLPk)u7hrIgaExk~Uph`HJu9SC<(7B%>`=O<
zADb#`gX-NwSYrZ!z3+60mIQlUP5bws?E~i;;S%U@Jmtb+3{;e^lv%>zI%6_1R;%y$
zXc3O!+8`ziFYv|_9_wMGA+y}UHmI_CP&_46RJ_p5yZdh;LUfJjx^a|fKRioo(W1>t
z@F!4gjvEylM|`%$d<HheRTa_8CGfz!3tj-RddOk5L*Cpp^2k+ZjyIY8N#upU1!7pM
zF0dhRv$_0NM6p(SyJ!mAd^YC3HnOzBWNU=!EX#F+r#(DxRy(h84|FPL_?+}X7L%}n
z6m2)}-oL_4Dlf8W6FczYQGRNnYK|c!Kpgpw?hW)LJDP*!G0$|l0nNu-`DXXcen*I9
zJPZzBOuAwb1id@V=TXHc*0s+FL6J<dG|*krSq>L^hD5;oF8QYMEz?#2?r%Mt>Da=M
zM=Dooq|!<3yIPJ)3gDYA6LX+R>pd-#Ldj?aw`9r|?>V;?&bc+=19Fuu#b1|R*8;Ap
zV+>CP3&CoOq20)mx{D<^I`;e~eja&Zdz7ULihY5|i)B75WTY_8=)O+Op_v<zjQk3}
z&=V3uX{h@BW&CB`91L(n+yG&tya<WUke1JlX^#xbiIXWjjZA^@6mjV*9{pV=V;@x^
z$?ibNSIe}tdWJd-M|k(vXqu=TARtHl6~L&g5ls}UfI04WU+?Z#-m?oy<#C_zq?-by
z(A$p|)H3cP(*O;q8;ZxJS~Lb=_3;K@Cfb5-gargdLl3D}S_*kooNjFmmF7bI8vaK!
zk-%N3iWXAwyXr6F=X1L9Chgbil$(|Etje;J{<omJ`aJrLsgWH+&#AQ{#ZGWoxVgh>
zAJ3<*;#IeSJoC8KweDTl=3n=Dbo1fx=*N@u<Iu^@x!KhVRz2<lh}C-W0BlvX0IrHn
z9P3)Uvuaay;Ax>*wF(qdGa-94*ZA`^c=T*SF)(bmn6@{k<6F4b*|>#B;yaZptuKmf
zteWqYT*MqYW94lge!b3p)xFyt?Ct;aBX>3<u*8orV9Wd}9MJ6p4@Rd7F&iJJ8=<{n
zo2uIOEcUboZ`+aBt~psYd2ZragY?7T)=9n`ioM<4-9_+tp%$<@_jdPRpLuVX-)17s
zG~T>Ei{ZtzFmu0kL*m!JsU7M2%TMRm8*NFp<c52aE&nTSO14X%b62uNpKn{TB)@fE
zsu0?IV|v1}<U0P_tjiW;Pn$L?03}rg^hBKBIa7-H;XCHE#B+v8pRN0NHVtop*m3JT
z#-He|x{ROTs=AE7*-w=Ob5w48t&?hn$nPGizk8^*HT_riP;Cm(SmMqR;KU1OlG!+%
zf$01m%kV!wmSH15XqqmMI6=D|wBnPD%lyBJQ}R_sW~&|)?$ERcMT_sQ=Y6}kySwK<
zCFfi3@wE1=(y32#t!+Io>nafXnm%p^Lfy<;_w(pC>Z*I-I`vph%}o;&MPgYboZZnh
z!-z7j)6Gh>Ql2$jm*7Oo{W_V;bfzNfB@s_WOgYelHDoyT?8hhw>1?5dUXJ^mv<d9E
zg^WSD{$=M&;PDDhfRL>WG?zW09tPse4)sTWA@dzP0!_<47s*g`cN$kHGuSYh=+#=w
zb=xEfH!PwwfNf<c(pj87v=l89-Io*CQG6h!No}XW-1-5QEr5&m$^INT1=Y;G;4A1|
zKCDKZ(i{7f`emYh0Y0dAYklS3eURKcFuB1162s(_gp21nPsfFPp!9T<I3-(_`Le`k
z<kAwCVx~$>m=q*InF43>;VS+`osG>7(n8$b0>*N3yUcfp3J}l%tq)K@55<8;>#77W
z7;J$mnr6>dtx&AR7+lrNJpq!cCGk{ERue|5*6_jF`DU0}hlsjEd1I1nX1`ELbSCv}
zc-aIm8Sf|FO1uY=(j`UVcu((C5ycah(80`i8tbw`d;9NQD%c(V+&#Yhba8QV-0gKw
zE-yb_cK`D4+f+7E>8km2WalQ&B16IRd)x6or?MWWYd@fAKsniYSQ?l9Rzoq8Ukl}J
zU2MXX=uDqYX<#WUH_asS=2<(iNHn|wdv*_JPytCPjAHP`Ynhbb1cr`w)@tmUVZM)3
zA<gj%#uMP!x5F`@e30qfEZ!uW_3>?$&Ff+b+dUXN*|b^kZHKZp;-_N4`R8es+{b{d
zWnrQa(~T2eYL!fdxh$2Evird%03wMGw1{<BF#H;ZBCvVVJm%)W`t#x0X^>Ebx}pqh
zQD&n<`=Cq`?`iWg!@oG4B+E!)a!Or$tsd6Cb_>4y=!)+KUv7Eac1xwp-QE3qiFyr5
zHrpX|tQ|Azee)ofJ4B+nqOb#K`3|fHO}8ib89=DZ1w8UrZdlfT;eWup%3m57sPuC~
z3Et(*E@8MN<MB=-Ie}PtHz1cazVDOFw%1ryWmhuwvEptA1c3hgw+HXvzlmN?`fum+
zS#zTvnH`KK84X2ue|P^?e{Z+H`~G_W)$ri`@Zf!a_w8_Z*X6!CS;VEd+Z&u93SglU
zS+Zkcq|I#%lRi^w>|6q7cT{9KC3|F~tErNu*;ZmLWRlNiPvn?poP7YMN=1-RUzU&i
zOapL^-g))v{aeT$W-0_04ZkJp1zX@ioazNUKsii9nNPv#)$E|OMo6q<H?#ePe=Zc6
z5pboZdx9araEVg}yRTeJTeE}R$UNS;+k^G9b9r)je0H+4WtxQ*04=JE=T;wrylyJ4
z6@5%@y1I!}8mp+&VgD>bLgV|X&7^IPWQr1d@nup(U(8+O%k7;mvqF7&Ip}c7Lt7A?
zC%Tg&>LU3Ucx`+suED1^6ZbMMS?)rB|5V+(I<wSebhi)jGBD`WlBVnK7t6#E6!M~c
zLA)iGK{!RkC@%?xb(vtQJbfGIB30!SQxCf^8kd7NOX2#GXHjR%Je^MC$smZVG5<=F
z6@}KscdD9)nUBXf6;WKMN!i)5DOP0~flspd@#0b}vPccYSyrg*&fK|6uNH?Q%q}%v
zEuF1OJ<{eZ_dFbZBZnDiQ*1Iv|L3D~b7?J?`Jh9G?s;~Ur783Scig4vH(oVyE*CbF
zqH`)6T?h)<5C}sB)j`YZi6~oVJ)as@HDhYq=?EZXW*DWJ&ocyg4z!1eiC22bL$Q}Y
zjYL;HR-RY9N+z}->PRkS3F!$Az=@QdZ`bC~1HZ^ez19K4^=Nc_iFxD-GkG~f?hKIH
zG7+ayd>2PcnUHF03gEAYX8|tfMV2Lo+C>%_dL#sQ_jU*H-_E=4Uz)02NPUZ!qHn6z
z9MhQdasTzR^vauO?Ugr`UYSO_yTjqm-tOy4ue^EAUU}nsWp97iuSb{(t1a*(iL-Gk
z7R#iJVLAg<yI>Fn6cZldEWXI1(S@nVH=$VfwV|gPj`O?M{%<qAqe6#|%)zj?JJ_Si
z61-c~2Um!!oU5Wz&6|y?fzIE90kE*S)r#J~SvQNG66A6{SLT8aJHmKb=n}^jc1_qJ
zz*Y%+u*HStT<_xWVq{fQhl$Pv;u}+BSef0bRE(D((@ZEmC>IaTsQq2k9Wmj<i_xj6
z_Jd&vTf9L84C)x#+dEA%S!wa#ma2%A7CB-gWb7>3(sCjew!fj})aF7><0JuMJ=$hn
zE^#N`#1x26UoCSEiSou{ZTGz%wDjM<UR;@;GfUAdmxgl)Hhc5#D^49lw$CR{EnPeJ
ze~Y(<Uw{;@GLQSFulmsO-idCL0+bo}a@-d&YzKC)VKXRO<+*d}*aP9fPGo}Hj640r
zA?OnhFGd}i$L3&zo;2N9#ap4o_kGM=6zBbg)PL*4?Y<M|XHx$SXbqcs$3^rQp3^Kf
z#h0p(kup21?rd2F1ps2!3c$@|3pa(ooyO_yX*Mw;Hdj!2VYXX-X~ZBBRZg?XEyY-w
zP6KrvU_!7A*zNa?EZXJKAXn<U>{dkxc8}dQXeK%oM*QsX7VA4*!5Q0>?;rFCyjxbj
zc+>a=w>cOdPog8A(@8iVI=An%t%7a=o`gW;HOS&-vY6@P5%v790l^%<!es;pGP{}k
z!82yHu}sww4YgK~`(1%I|0!&}sjvl1{isw<%Z$BN1zRuKaC#qlz|-0~mTHluSE?Lz
zZk5W9?f2~L@JKD-p7$v63T<%wv$R1?xXi6LAk@X7rRBU(dY&bqSfr9zDN5ygy9eSy
z>}zwwNp(U{;D{>>VF+`17iUZB9aMEJe6hE`tBt@USK^<=t6lLRUg?(|!3<n;{X<g~
zbI12*d)0>c4ZGO|d_sPJ0KI9yQ**&=Z*%C1*}~X{eAQ@G7<;wbsXJ%3vsUTLM&4d+
z$XcCNowtVF9+cd9kv**Z9D_zKr78H~;(HOvQs%OpceVt;Y1`BwvQT7VGS|v3OvkR-
zH=lOuI_nku6WHlb3#E2CTjl}eU%B*CAW~JN%9tyel=ENM#|zMa{79+xh8kY4Z3L4h
zka(MPV4JQ|!@b@8gE!mOq-i$)&X$jG!1-Obe;yA1(op=3D{Sigu(Ag_1?yTUj;03x
zfDQZ*r;)j0gMuU3KUeW=ejMwG5g=C8qvdp8q^7_)D=<w00CSW68&CAQlN%8DM82i2
z<hHi#TAF5aO#q72jJBDtG~))a-NF;Ak9oDLNhQPFQPw=pxqup~K___&Z6}6;FCduy
zQlTP6T<{0xF+XL;Qr>f~GuG&u`AK?E#5Yxu4<c($eTtN_$|q%}0UoPc*7(_lIhSO!
zPrL*Yut=`5C0-njz+v9cK!t>b210?*<32+X2u%e;@mHOt9lx=fx-y<PQd5DpD3N3`
z>Ll6h3VxnuvQ1oA$XTN9z-tM-9!oKodLE~<4!(g~BzyzQ(OgOZ?P*Rn(-$`Hpg4PJ
z7m`KVfKkb&B1=up>_wo`vRD~ukVy`CkxD(kQUoaF(wFq_%}lEVnP}ztRxs0Bmc+2q
zSqqjUsiQy+BaNL%l)U5k9*_!Puvyor2OV4kq|zXHv_AhDYkBh(wY+&kEp!l*!isnL
zY*`Xaz|$&s6<-<>S3otGJIn-h;D^yiaeZ{b;wj(u(n+DDMjJR>IHB;zt4}*0FF*Ny
z#;7d;V5cn7UN?UjeY`%pXsh_mQ!0M*l#1Vk6?alu+D+3TLgO_*@8626^TTVgz@*p=
zvV`zXa&qe(k&t>W8k>D@A@i$Jmii<u%_V#&01Yq<U+43Cp52RVTB_7l1U@ZGKz4&5
zcSFi2JF;enSG&5?QQ#5sQI_gnR`-7`@U58PYc%H4=4tu{Duu?<ECLI#nM!zJ0&-qD
zpql9fFS)+Gq%7juOcfxLRBDGlLTj?wXVKdQ4hsLtH4<>m+|yMRuk*T4*vDodDwW}3
zVtNg}UdRVL80@I*y?OQSb?2^Bd9Bxe`nS`=b8)>)Q<aDlwn)7A>H6g2C5+*W^MQ<2
zDPP)bl|Tn4M4vVA=(n1QQYN>!mg6E4xh%?+Fa$-U%$})11HiMXgsR(n{7@iPfmUXF
zHd7^`G=?5YXG<Af=pIZa@~RQty#f3ug!!NS0VLq%;^Z0hgo@zi-dMx#&i-qv!~C<`
zLG_?t1rP!X;!NsWoPsjXlUQ*cP_Im-mi>c+0ssHqZU=RVPjA54;gKiE!9bg5FDtb@
z4DEkHtcKoySoOqNovi8W5M={UFXl-+iOXaaq}X#xdDyok*pSFTWW+=Sm2=^xG(|WS
z9SKi-Wd;Ehs3AtA=VKz%2+q$m(ssS0aoHZU($l&d-cI9m`C#QUU79_QTva-dh$&g2
z8EXYwiD4J>^d#6wY53}KbD?OZg~aQEhTCvJ4V*|Lb73eygT;V{AJ*x$8~HMO8=Q)0
zZRQ(nTmTj424Doj3_yXT+0-Y6DisfLPsCHtbmw&*nn(>P+&z5@UPbM|y-!kS#PW7S
z!+WGMgDgzolRpV=X3!vw+qRs{VKcE_pcZE{E5vvO;#X-S<iWszyn-`!pGZv;IU9iD
z>Kxd)L~c+S@>P@f&F_=<_sRPYp1g0?OkVOcBTODanehjmg~NdIuapikqyEWbx>&yN
znA?~b%S5IVb4f8jKfo{Ls&n`lR@F&bE`EIa`t$?Ixlu;x+8h>Mhh2R8GLId6=9Ukp
z!a^-oDU(@N#N~X!*R9k8KL~mD%9_PQ_dBEyDo`Ws0H|3Z(<ob*VZ#d~l(AnA>AmG)
zVXh)nJsQvrC3u=mt4x3;LoKq>-Y`-0gNk)3%btjI(G&C4xQLNE^awETT(c(=#jzQ#
zYR2iaZ{6^jT?L%O?_w$b?f3!+9p(_QXQl{29iYW#=whZ`L>UayQY-V>%O0<i7yovA
zAwFDu4}|g}n-!8>L1+n@iNCbT)4c5<D&jj;Y-^!pk*pZw5DCe0{;~%PM(MJzrc-k<
zdSPm(dZAlQ-9Z<CHx|g4nDrIH$LLxWmjKM*mv;^14vlni9P1nsm)a!`>S|cZqYLg{
zFp7^Z%oSeddYSML03o(?<x&IiCUySkf^KOA;Zyp<4<CBf4^2&WpozpaM`-c7`th9>
z_Tk~ZER^^G;<d=6<-#+z+yz;n7Z4_z+^W*9F0IqI;?!H^9U+pp^+Z*tZ(Ftqm}x4#
z%T@x^kv2?WZbNoquKECgY-*iL&+_BK256B`f>)<$O~(D?ZI9@4LcwWP+{=Q(ZyZV`
zt94LCim@0T<F2?<^jP%*R&asddp3J<lo9lww%IhjNCyJ;DH=m?w%7n)U5L)LppShx
z^!odeen!_Vgq8}>X0$44{`8?d`6mmh#l1?BfmbIlkD)lme>K!QUWt3mg~(mynmwR+
z62vs|R~t_*x}lg3BfX@J&%wB(fOWpnQ{eD8yR+-ZIx(a!kpLvIMc+0)478%Ucz(21
z!1TV4Q`MglcqZj!WQ(?(%wu(jA*JZ!=g*jGH$c5%03D^76sI5Dx#F#lsNpsBi;bM3
z+BB~jVvPV3B9#(kFp;e@M+lxR%c*ZGe%U%n1)vGv6xldVd%`S>@`jdnj}J+3@bQjL
z_eE9GIPYHtV4!BYIf285Wi`k)BoJ~Wm!$x>#|xFZ!Dv=Bz(-cDW;f9)IdbcTa-izp
z-QDfI+JF1zEjbOh<{ihYh6gBE%RbJ_0d)irur<$c3ghU8IMW`=DIJTfVUdM5MQjU9
zSN3gRVmmz3Oi57Dm~Mh4W=wagmoccgdz5Tlj*}H5*!L(=dm7;-iEU9ne;^i<3W7Xn
zpnl+il9LYY1L0Z;E`IO#2YYYck&>m`6W#sY-M!&(=M8$dnUA~={==SKR~|q;nAO2K
z8C5P5+L*_2%F1V+FtAb$d*<Cmk&%CQXf`^`;l^V-*G`-`zkxI6rcfZfMmM<Q#8U`K
zn`1bN%I9ifZeS?zU<pmm<k&f8Yogjs4VO6Md>&}>qd^c1q&9Amt%HqI*e(IIv>ll*
z8!40D6bWyQ_0W~imk~x6197etiL@uxnrI87McBkkNX%VHP}6z1jADYXv+gkLfCR2T
zv<K$PQp9PQdD}l2q!nvSDQAIo+yy%ot%jbE$-P{mVm(!G2iern%OSlxSkF#uPK}){
z{MGkr1q@}~$w^&npObqzvC@6a7t3xb6_+feYc`WJBT}Bx1w~rLAejE_g`UEp@D_xp
z8r+fDGX$*15LT;oZ1;ai^9(kK?x539<FI4FLbn=$Lg`9cv(W~7^9BH+6*`UJpzCN^
zV9*L73kq8EC}_ZbZiRYwAkQJdbFH}+*m=Lx4C?InVl$xge=jiSww$()fjC!&u@=$W
z6zRSprB<Mszh+}#i)oqZ^cXSzCIm!y6#lsh`WX+sXMug*0P?vB?wK%|HpM`$b%qbp
zY~y**AY4z;+7~xB3suS+=TUP5p>J8FZh|DRr7UKuq;58^?VG~)v-zjL@BRDZUdkRI
zbc2)f(}AFCozMyb?F%(u%yEtAxDY}L7aCBc!5NG9&4!h>bGL^(00k#mFFdHBES9=7
zuTLHzlE7`ktzvDvILlq(!}xe{J?N=Ju({^y=R5vlAHd#>g6cImq-k&;!U^l8;$n-}
zcqJs7!3N^RKO>EsX_h(MW>lrQ7d_FZUt@{)c)IDjr!Sup(36eLy1`6%E8g=Vpa=hn
zLy7Tow28Y+|Cn_@NF?CK(5XU>I2ZAj(91FU$>>4QL+*^PQHMo~rGX-eprrcCrlKp8
zqze<Pn`Wu%!fnE8HRwxKAr3UW3OEnNY$*$wmR{a8^rT@UI$hfCRG~SmlOqbKCNzt1
z;r9i&j`t^N+@Hn-h13^%l}`HRjPJ*}_Mau={zB%uZ)EQN?K|DKA~4L*kA<AdREkLI
z`8bnB)F4WjW??BKSH=rC(7g{((?$nBELrF~=+COi=pC#?bjK{-J|IEpow8604^etR
zg|<jf-=Ahh-&Ngl|7;W`65Q{I$c-(%$u+gQpuMgBKbZ7SriteKF?)aYOx*GWB^u-t
zP*1U!SO+y)>zNs6S)ydxxV_NwL8{<K7ov0f&dOFOf|zSR3CP%8fWfe*EC{<*7gT~Z
zaN}(%><<DjbBxk~A7<wUZnyiOpY6xdc7RXAk*H>|&!v$b5%^COYR0Q$OMFU`RWpdp
z6vL}>+bb?VA{-CJGUbU1F}~nEWhSc;{pa!y1=l2=lzJeptR9o~JiDSVUhltu{r=6{
z{r3k0R$poK9o_CAbj;{@D0a;h$!4CwYBmjY0Q3@BvW_K@U@L^INT8yfiG|Wy&R`ps
zku0UzZJ<qrG(x_F-JievbN{<V|GP+hcRlz{{pIKH%D?>lUGkTozf1oje*SJY{BG+n
z;=4OP3#KgRsB-3WgF4GpYxWedF3NNjHgG3WcRRX_vL&G%ApE!UzX0DLGXc>BS;%Rr
z3eww1@bL1&Ze>}jMP5Pxwl)pNeb2n6zzfg)n;AD#{7gPv5~R?DDvlgQHa(-bzmN~C
zgVQ&;DsH^G+5TvH9$F3_9nEBMD6QOq9reTYwKas8iX815n<t8T!S<op6))&$eTntC
zN{;Cx+vJ8im$@zrB^OwE9O1cXqnIfIhHHiIkJ+>c25>Lm7D)S`g~=5ve=JIqW%tdl
zIY&%AG#)i3-|RMc(;4weMPi=iMgpA4B4V}hL*JSr`rs*@Mixx~+B8=(QiYQe8D{D9
zZIix&rYzxmLW>`!)AQxx8d>-u%k}A7bOaj_DwFt?Iabfb@JW?l{Mcc)TDV~kYWOR2
zYgM6zE3m>xqtnsnvzwFipFaKB2NY&7;oyA;Bm5}#uZJ-lkO|O*>&U`*adl9-wp+Z^
zgI;zF?7QGB1XSH4`xzM}s&rMQ(`7MRE*KO7NE{ZkO+Ri09<G26H`6hq9qii+iw+Fm
z{XowHY~U@6;Q|ujA}#yo1R>2bP#`=g^L}TMmOI{iu4*XS-dw}PItD{g2FcX62&UYe
z%-%3@Wkr_D8CjeS$Jd$d`%Y_<Jy_)iNac0koP~YVfSz29j9Hg=o@8NFpG6xaoyUXm
z=)x)2oE}*mUO?U){B=PIhTgv8&w`5Und-j^>egK?^iBkA(W>0p0_t%(>&w1<+G$3e
zY{Q&vM4W6zjNK3`wu&@qMFE>vgw{A2exI0Hq%pBblUl4Dt~nT_4G^3C@-G{14Wfdh
zNvN3hnaIfi+Y;-ujpndeWW`010R$EYa`8m`;$QSomlCIO>Fubf?hDC;@T1+&DfDlu
zqV5LW=eX~*AWc`4o9jLf5T?C@(t>_an85$C0?yMGPT;GsgMQw9JGgz<O*@@BRC)-L
z?xCB%CW!P9+Whs$*zTkb7`+aP9)5MOw|^F!O|%*nDxMM-Dt^t#(Dv9+@m0~G4e_Ck
zNjjboBib4zx*3NJ^y<-=&51mo5-r*mFS;3%P4t?$Y{cV*3O;M}^f9++FsWpSX2>`Y
z4zbtky30yop%QgRq0sSNoT!=Nyr1;5Zt1u>K?mQq?F+VrFK*X@FSUY?Yy=+eS+Hvl
z#kSsch>({Arv&Wjd~#C?9j6l|?iDHp3bn}YR77?pX48Xi5t!+yK+i!`M~IjlyP_D9
z?4~6`?n*6^ES(Y12B{s`L4}V<&oIUM3QXY~Y`xpSEH-2!b5y#<D$J93<h^*b=Uj76
z?f@@1Th8W2CQ3_BuIAD`-=!9PsbI01Ykwj0TonieXNj7#(`S@)1XJ>e1c%@WB)dOh
zPp*m5UShv5=O@=UA4ccLH&-W@KaGw~zF4=<G+8;?t02vBF12>-2c*S#Wr?$1;0rWm
zP+15ApYg%1Qu(<mKg4N7){H-*TI@v(R@s=HP@(UrakeI(&q|-Zbd5dFN;MQCmp@u9
z#tM!?V32y>kpjnT)86WMd53&`sI3;#o5&F@0FtiINpPu^wtY0ZxVZdu{pn_Ou`{~3
zxxPF+zq&ZQJUPF%g!;ma)#35k=-eazCxx)5F=-pKdof;?ViC{gCFm;rxBv1-aWL51
zV>Nx^r>V24O|JfYb#r-g_388F(aE-t5;{tez&lf}P}|xjfBbOqJ;*v2CzofR&Vw20
zv2O@h+5eE0bMx8v<~u{ekg|5>TO&v$rplgo^DCCA2b>GTU&Q^)Fn6~%*xw)QimY(u
zBYJT#*bQ1Ub$de3@y1h}wkYq5KJ)26LQiG8HvmF~H-j3MmsOHg7o%ALN3yaAs$#UC
zhQZ$_z`chPF_3p)beNX$Verrbc|^xcb5FRkxcwtcw1<yR9@GRv(|u&?AjLu`<e7_X
zU>+rXel=eK{z3eB-S`T9@J{z-o)3ez+2%Y;Q=Zn4)@HOeqS6F-mu8WAu7U9LKwPV0
zQ88cxUndWFp|tkTX?~A6D6O3_&H9`Gr7{#2vd?UrqqOqYcPIAATflVG3TBaVI516f
zww~3ZJ*R~uS<PsH*BF<C0vs3{a$5XK87=&L7Gx`Qy$5!0cVg2BbZ^zl<?Hf$yL<At
zrA+=Ge&!dsBjXtSum1w!Gl!yko^kGy|91gSmEME%4Cj)1u{U@Fhx^O!*O=|B?WH|W
zM|F%FGIjjNS66*}e#OdQQ`b>dU4feV%Z-Pbthap^N3s*88WOS4yPYlg(Z|Q8=8h0i
zs#z0j+7hYpl8jR_TEuBnCTn<smx`&JG<TJ7&Q>npvMC4^%sB9jTpud1rg3VHlxR6|
zF5>I*4}!BLg@eDap!i9a<ztM`Cq_L1%Jk%<OhEa@y8J2{8zbY*Yb|Cv?2xv*SJxZ{
zhF#C2$l7>Wjw2tCY~eZLTeA!W$^~*-<HYnG=fcryaK)<*SVuIbIcsvU6B{_$iT`G9
zcHu~YFE|UkUWoeG2!Mei?nb83P2Gn{KnzYfr@2A>{`fTC(5uglXhWusCwun!)Y@~{
zJnoa%?3E{;(=ShK;+ZEJee=XudguAQvn4{w02iw_&~;WCT>92I^*zO{Z=GXbn`_@1
zt$fYBuc_>}xcGfzPd?@sSln&25w<ufcid**egFQ=>uvx$w8If#OT3GxHpdz{KrxV1
z$CnX9RKNh>%Ic{9w#-UNsm=l+MG?{}#bsM?7XI>I;loDHCu}ZGtGO(^^tA`KBx?Ra
z>^pOo7B4tnKaKd>4^1?efS2|pj5I9l+d4>gSj*mlh3>wOBh}@D@)Lc7rW(k6byy*O
z(CutN^aKSJg2|O#lsa3rzs{D%yMw*41igKXfxE@hy4ul11CU%_^EXM9ObMF(Gm0|c
zGGR`cQYEX-mRP3b?c~r6L|me8kuI~GA7db2DGM8WPXN&7$y82C-Py9?_Mk=7iBkFD
zv{c0?jmrkGBywx@!VEd@t4wD~ix-n+QK+;`Rz1{(na=g&NL~&)`fh?KP!LMvN4?+z
zTBVbDk)`o3HEd1TgDE2b2Jxz5niUIibbcW|9t}F$ef#4(eGb7S9%&~rU7udnGpShQ
zxj~1r`jg!5gBxgoQ1SxZC?QfNBMPvGY*e&pu1~M}5(0t=6CMR-kb+~1kA7h`(_|HV
z3>Ogv5wPQxGx4S~!?<aAR>U*+h<sx&f{+kvx#<g+)Cz91?=))IO;sN_EHp@b_2JR{
z`$vb6x<8)A6PQwI#DQq$uI9P=`I4?Q9l2O!srkIj#0=msO68NHo*S<y*BMS+T*V8e
z=dc#ClszCIms_kwO5&?cw3cQCQbOaaDoTP#Dm?IL#{ukZ9v9#OD?JexRroUDmJh^e
zN;rxH6dU#IGUNu2SG<i`plVyAS-=^J+<v{{lX-R@Yt<7nbrEW&-dNku={Pc<hHn2p
zpZ<vaCfLPmyvOZFejiSOJDJ3hIf5c@eMWMn{eWse09P)(!HmSwq3fQXh!(q!4aMH>
z`-2Am3!K&9iY3O&G)g@BgwPpBl5@;dCkzlw)SW5-hO2e{4iKY;4oesVc7D=U2@iL#
zsYOKFp2)$ZD7VRP*4ol^PANcqMtX=1#=eC|hnQ&&P^ZlalbQqVKJAzBLg6g`0FA9*
z=Ll?t>#KCmpwn`PK$VjR{b7?^v3{A&ER7UXKYLe^Wn~{*@3U7HtFI%Dn!F0V&*mB|
zu3$q1XI&*RC7L5n2~f4dQeksPQ?X3V#-`HJ3@IM7y22jhUWt>04(k$gg;=bjFf-Ve
zzpg?$u_ibp_T^`TLS86MIJ$#N1;7Y{bH0Cs7zdmmO#DB3ARy0J|HH}0(YZJ}xx5~I
zKRP<RK7psU%wRAG%b%Pdx0ilCig*qKMx7bmyvWLIk|nG^GiSGbxnOT<*cPJxJe$y4
z0Ku)Dk$5Hon2-6#-9rLUO6K2YKe<!2L_koa`=x_aFNhfj2t=y~gTecZV1y7fMTOH%
zSVBVd13$0vgpa#lI#eCSu6C<}4<Zek?)eCfBYFa{;6tjQ>w5S4?LKrReA&Z?Z+749
z!9yg%Jps3tT72d`YBF%Y%2KVoAS48~1aK`FE-O}YenN)jF}!sP^;b11yC_*2ISL{@
z(cY!WPPc0WPmyHzs<3bFm07OIn1HXkQIX}{ww~_`tVX<`u6T)0%|{(#?>r;1>5`f>
zq>q}=uIn&d;_Ui!n1cZUs3_{(yv8WsSW|RwlqsEVmu%Dr_q|M)mY`FR8q)DV4TLJ^
zVA4~m-Zj)l{59@NrkuNy-lVGhKlD#SxF@_H|HqZ-b+-5otOA%x$;0G^oCz%-deAw$
z{%mIhUt94+p$zLN5?i>-qs!w#hn&;-;nC$WZ?*R-Nq$VT`*aj>z;qM*1f5r=bRTnx
z#I}3`=!7aKQI(8&hRc;te!3O3g+()91bk>AYCMEXYvEv><IxX?=O0h{XD7q`S8v}}
z>Zc}LpI+@;U7g}6k<0uY8S70=h99kMstW%i+=4g8MVtsNUa-9UvYtDl*~`&Uc|J$S
zD&>E;WBI3xlgq>FPnS0z4zEtuIGBg7<y%(!&<D{op7ha~9Ny9+b{qevzuQVao}8at
zj*i&Fyh=;{vMiKO2_7`iIsE^9zC3BAa<2m#_qvI~pRQWJPvWs0%Sn<gqkxe2youuJ
z=)>WM!=uwrpN|95o(KIu{r&S5^L>SHANA7L%jq<JXdJVv&)<JP`nP}Y*25|a1rQ^e
z{l$1aSLYi>-!4#V&L4S>z8jhDm|C;(&P6CS8{>ji^^dp5Irgf3Q}_A)EjVOfEsL2N
ziv5G{o{whW<bAOF-8%mfZ?OLxc#y;yMN#j76Nc9~GI~aq4WV;$+W>(7vXC)l8Exnn
z{^ANgICAA}_yf9LJY3zXdk$29x#YK)e+<H=|B|K3eqc_W&#9JWtfw&!-*I-Hm2AiF
z1bz^dS*L+%a1TYiB-#tU(f0vq!8%N{NbPKa7L!Kj*&I2lt@z!g<7-?xD$!guiRr82
zuc~CeHvXzg=YLcrR<-d@i^*#Kdc)|fr$*q|S~d^D;ZN4Y;g~);XIN?U2Iye-)6-C3
zw_!UI3frl0-XzC2$MASOtm%n%dQS?gX(v+&u(`;h<5(9<P;`G-Ml)5~%!T+t^|hzk
zq^wH~G^os1#IqSrcOpv;;&56tqmSnqeKcz=XAMU$q@7$96P1>9r^f6L9@0yp7BWux
zOmLt<poEUgZSXJYRm2~3;vOr93^QJdFI5rAu#NdL7jb$RK7YpM201udn@g~13mGY~
zbX<0tWV^jKS@*Xcv9;G2v9<SA5nFrv?=WKPTXu|UkPh=7#Nc$A+;(iHkeMvTW-KRJ
zLa5&ZPjB+^$Yo{e9xTw6r%uiH6lf-BUTsLsrs8U*#IFNtdjUC41R7AAD_N9dMY(nO
z@elme<@tQIOSCLtpI8ss=ZW0y=9tZq`vP)}@O|q^RssA1dKSfRucD<|?=a(z)iz*1
zAZNk->RyU<k3);__v&{C#J~aZo4o>q5q}QHzzV@NzJZ$~|5a$#;QyMohNn3jexrNa
zlN|&rEh_2`YR|ycS3BKRxNC8u+W-zMP)>XUCRpu2e`ZuLAwpcR#)Y*88|<q!-W80n
zCX}%Di2vI-#~ll7*qrUV-u3!6&W|pSkEm2dpMME)V657Na~X67=#p0V>M{ZxM4(E-
zp;-CodU+PHj~u4?G{n!dNL`aU$zFcG3cw7gu$ly%e_c)+D>g%XAi3}XBe>}kmbGSy
zXbW37RsbGmKXz)E3VlP-$6Gu)AF+E*QO7(3v@oe_JpiIu>G#Ng_|Q$DG@4{7g@e+a
z(HHm2Ol-pdZac?>LP-r+YFlC(86N4+`L>truzlD}cMKd?RO3}C%cUExWlAaQF0$xP
zkR8>B*1c5Vxd_>k%mlzJZH0m^<6L*+l}($DTONGl9rD2*-t%z5dLY(<Gh;l(&`h9C
z)#;!<BGpnW@Ba>R<p8{I<1}sr$hQuyu}tD$aFMy3+if;RNJ|8;82@nN*!id9lhOI;
zdW~Jo76}bxb!a79@DX&SM=e4d*k!o0q1R|euC>g#KK>S?M^yo3S@>GzpC#}##aHFC
zO*LK(#tx?B8#}y1qpDT+`~1J4I^DAWyB_^(_2`>wO>I|it}f+I)~HL@RPR=}hg|d|
zEoCExIs(u-=%hvx-wvN-$vz{5k{zJ`WX%|zPENm7)oum4t=-+TcvIDuzgg))8}dvu
zEX?oVE~X!As2y=C;=IJu&CGvuLBc$HcbEnW+iip^F4vzHN_j@_t3O}eoP9d}e0owP
z4m-3~M&|O$*Fip-kTdYv(GQoOK3!KHUR+-u9-Z){8E08(&i?#+v)~BZ1wnzG^EWI;
z6zI)Q`wgPWmU5AECc66~E=!vO%G*MGu`j4|D7ri4BIixdz8gffN8rb87c9e6LC#Js
zC<pgssmp8;|Keb*yhE;t^HRLXIix1jW-VxtB3?R3FJ1@g3O=xU5>q~S1Z?C+6wlh(
z;P;!eL0@dhMqa3C63^x}0i5qAh3aDgx5+qPIGAM1d{)Q^U~*fMq0~tI!zJ_09o1;o
zcz#@wb;hDkp3PZnL($xh(MGblEB&0Zxug2E!nvdHH0iwh-8YEmmQ<rN(tjyOq&f~v
z;|(L2I{yW)7>@tn?-;-K9mDnY=9din%_iWeErMk*N86<Q&2B9rsjs-SG;g=RJ68Pe
zSn(@4R=COb+jgn=RX}iC5mvtk&%JxRoSDWZ%1)<y8JC<4io)7CkP&l#I=ocU9UrSi
zuB_5|b0pghAXpE+Zj)Q%5+a(NLO2TuMnQo#qu(#H>EFOly-@v$oXpi1yla&i;GN^!
zi$WclcfO3cA(pyh`q=vY!=>Y^aMiukt@k#xjj~o!#IT}F5&+tuB5`znVH1DhHG{K&
zlU>0Ja$d+=CA5tt)2hJde5c1yf>>z^Vz5XZK#$^%J*$qDIu_Ejk~uUi`A`Wb54j;*
zCJY+n<q50E^@Glq82I?EgCCb;^%JI&f)Jq893t>#oQf}yCykHXFJdB-ME5#dA}&o6
zR2pGa-#aamcwETBw2cx|;g0kJBw9l(fjl-HDreI4t__-_tSAr%4Tqs}&EZBctWsIK
zs8AAT!%_ezRwyGafXN#y!0>Q(YcWx@0MykxnNHN8gWYyi#1I>G;oog+N84z(yKF@r
zhPhc$9YpcqHj~^50<H!rrjftSmg%#@!(uXj^P2QNcnj4cLhKQX%pvqV&V{sn>Qee_
zweiD8trx~_FV?t*{0R5H%wsR_t@ow_H_O9|5uoH0l?(MXX3X&pB}i_@om*y{{tWtA
z9N~*Ih^cq6k~r@{X!El&We#VBDfVE|0~)YDfIeX$#%H$Yb>zag<$|I|2jVA0$oLnr
ze{g_{G*XiS^3(Hr<mOR|DTGwP>iU=xKa5t~s^xzIwVA2F@P4qjHwe=BsEC-?LsO{1
z`sg51tTM~9$8+4}RRRgDCs~0(yOf(54eN7MSC(Eneu$RO^CHWOSe7bT^+{@0k(edf
zSSB{>u_)&S;5mogjLRjc|0-m)GFzxkXUn9F`$UU<Pqa9^81Zbe#Lted%+$lD7N6&-
z_X!`0WRn|3<GO&f-i>8&lC8OS9C`KgwiaU9Q1-rQJZpw@*o;EEFCiyqic+(=fD~*|
zVLZ|>1khYf-+B;@4o}J~4?d>6tm<UxXRH#UfZ5GmW_4r~nHUOy*RU|Hj$w|^^|z9-
z5eZb`7=e#b&uy2`&n!IKNA$Y}aX|&RP6n~Sr+fZahvae@e%J%m80LPTidD8G5QzxF
z1q(IF$PLPp@;+|qc89EB-8h+{L1R~K*{J`Jxku^af}&7nOUVq>Muf2OHfdg#qNhx1
ziJATYfyb6Hv_ss?$9Rl$J9<L&#opWf!QQ*U{=vaue>WJQ@uS#B+?q)e1DLr3U+MXf
zJBa+^gCs4>IY<EmTi-Qca009gT6SJIsM42al4gszEOC}j=p-R%9m-88Cq<^UouLCU
zN*Q*ZutRKRUEH?2>zTB7RazK$F4-kos7lN?t!6+?aot@eUU%1UibM?y2nxv~SIlmf
z-X_*O#!l}ZXx^)r-nH8Idf}=DzOI8m{d{$Oa(Q-g^}~%hS57W}I=S>!@{cIxy?rG-
z9egc)pr>!F&{x|(rnrAZb?-X5mMp6I7z<NKRg*})^Ad0z1z>CIsa7ti?AsMws?C9j
zhZF%g@Cifk4dXbK#mX#`IGrTRs0LuzIEQ*dXHKkxN9fQe$Jrei0t@Ai9RcwEcxM5?
zCYmuK2CNR7tG6e{Y9g1qt-Y}prGoT-bdSL_ex?~LqXTf4t#rJM6NC^Nbexiwu}wMo
zq?1V?;=+*gQuh(u9W!C4c&IqxwOKX2d%BQ)XMhj&A^Qh!zzolCoC2mof#X`*NCZuM
zEK;Shhr`BmM>bme1wb4m+5H7u;ZO8LCKU-((0)}nh{KXC*igxTeQ|ht>bE0_r)sjA
zc=u47zA@mHeG0g^H!kd7_>>6{I)${&g64V9JQJGqVogKIP8n_U;c0ZjW_xBe8=VWu
z+1qCW_{q3D71cQ2X5x)D!mp@^t%<G2luDP2q4@bY*0()z1}$IfmG8#=ey#wc4@Mg@
z_8Li{%t+9caO=nlvp1sM5fPRmKLZW>C~Rvl4}26a7d@eulev&uM8MhA)v<v5%M_Yg
zW`)@?Ul_h$_Jnoz-x8OHXW|7m<Rzvq#~-Yz!K;QA@xloFDnkANXu!xPpdPfuNIfdk
zi4p`YHOWxImu|2qXEUG;S)B>kQ+b;W8cfAWOU+_yHBAjQ@eI0SC`?0f6bY4-H6x;O
z?fUVjEAtw472Xd4`b|>Tq?k_G^hcq}B35_Gp-tP={B-s9RTfT4qeYJCrfV?Ypmp-O
zs~z(`Yt_TOcD(QTq?!+SpI+m!-hQyxm!D58h{A7M!RrXL+WTv()T4FD#thyC5&sJ3
zOjDby`}kL!uX}BW<D1vtdc5xK?!P|Uq_?Xs3bv0L+!QP=pFs84{!O32>jtoX5R+aj
zSoLOu10OpNDA_@kIxWz|Pi2I6lk+T67mNc=<Se8stO3y$F6mWrqah_PL=)IG+(vuL
zlKa!)<@xCR<Ip!OWKOjiI1@52W{*+Q?4NWAjHi~~?Q*R8n3~H&diPTM_Y9{l;>D?<
zCAa{f2~-NeYV#!AnRv0a|N71Q{g((T#=M~JXD-u-tfw$y7nkPfNT6=iU_q)X?tDu(
z)Z5zjDR5lCv<ks~3VOQQrV9wG?(`r4Ll2S}ck38D9|Mg6&;zi1Ha!F?R!h@z#z41)
ziU41OG?K&~p(FMvWq3k*B^CmFm(NJ)k}YB|XT~bY(wWV!i3Di{gw5qiloC@z@ye=t
z8nmZtFL(B%@3TUD{P83J2S+`S(|Za485_*9Y?dep%u6yE^~Y4aPkze~-;>Iu8xTMF
z@oGJBnj3?$DrE&-NZ#vySXE4Q3|+D&u_hF?MW8!1o!nzJ##)gMZn6(p={3$UythAT
zPidquWCos@UGAf=XSb2U#_axZ_$f_RJ#h%e*Pb|6caLy=tfnz58!@vlnFayM-#XKI
z`6$gUNC0stPd7{c4p2@M%Tx=HDeqGwH%|)X$+CFcqjd&xld$e$xWW+XBS3|w%GvK3
z)Q$`(u1Ta4^b9&=5E+O=)>amZ!6eb=%-`^7Kk>H9Bw>$1A;okFKlLh|U~j?kfwzpb
zR5MU*imOWRIc1kLf^D>%;GUSow<?L}Sw?`?u@-Zg=PHfUSr79u$`z+;vdR>9M6Aek
zmn|b3GwB88H-O>e3(*%{oGM+1@hZ&kw(+NAQaq&Op|{AuC@)j7$73=GD#3Z!rTO^y
z<TBsDobBS&ZT*51LzrXPiLn%28c2HdS8EW3p86^(>hHwdxynpv@Q_GWP2?g4uF+9&
z6N{E0NkFemL7ojJ8|9%A_C9h|&6mN0(z;-upuDZPgGk8Fz$d{GdM$9tL+d3l32=LB
zpIG#XwFlej2fN?-I(u4(C>CN?CsU<=LRk_oES7|~lJ^Gtum9Pm6{|6~ag6^HJC5+l
zCqa#)i}l^t`q{7Dg-zWvx(E{VG@ye9(4dd(=d6upjL<ztx&21r2!;2F`fUOTt#v)x
zm{Xwlh!@i<Pet!zrZpR_!#j8V#=RMtH8=0ty?Zl?p67j|@BP#0_}AR_OYS#lqbrK&
zmP_zvSK#IgaP|7@F2CQvHhK89M=O$#-+7i^W|<$#9XS8JIXHN=??3)nWXn8!KCM4|
z6ol?kp6eddVl5oqqXbVwV4Fw%r`LE;i;aA!#dCU5w*vjFJv}x=(|tC7YVq72)vZ3&
z&)f8G_pNUBu6~Llvi*>)t0C)3$R-tJivqH$er!}ewyGW*;+ni{IU(b+63x_twhR%1
zQ&oILoRirs?-hg&8s-BXq8Cnet%^l8cxg?@lUN`2B!bYVHL?-^Z5oS39z7etH@8;$
z7>u)M0&*5lhjJEA0CN^CVPVx^uqSPpUlR`26cDy9BuuOe3JbUwq^GNfgMD+8+5*DD
zkg!0^X+8?;ahT1KnC;;3E%5O5Jykpk=ic;<gNfgJe#*hl>`Bp&qzY(VW^KW*o+nl9
zc2;#~k;`(f(lVwv^$<Lu>PYO-6p5P2$!Z9{4}E`V@~;c^!B7_)8Fi>rZ&DYaTT)>*
zCGjF2s6meik}24_rTK1XbgZ|~bD7?t_M`JZ5{vQFx{Qj2OqViAJPk`<EaDkwfkRxV
zg^FUR&n!tB0B(j1<G)drj~(QRg)Mx6_a0nQ?^L1XOP6uYieCe^)`RyP<bNaUcMDAz
zWkzEo9bm4CKHC(yZ!vDc+&;@VNyJk7289Nan20e;6(`X1=FTGn(?WKvo;EPz1tXea
z|GxA`ikb(L^29ej;ha=<Rt7e2nvT-;N(-y#wS{mL4PK7*x!V8V?5A(u{fozH`1ja^
zZtbB;1uf(o=Qk_JaT3Q`ER;;+bT(Zklq(DL+v}HTlT&FB8<9)r80?&-1<V{wH-@9=
z?^U22g0avTE(WX{5^(_v@k$0o{19<YK>MpW&dmR?k}cGq=Ta=xWG>TKFHpqxVOduV
z3{V=>3YaS^aH341rqpK1m#NJ>2uZu_a9RSE0Sz{`dra|YhM`dAXn|bfl{HOVSQ>Y+
z#AvuO(S089FD_)Ds!D~ggBy2Mk;g8(nEKZ5Kx%<?`v;|-uX#Kwvh@FEW0y8{uDrCM
zsi)xg$@<>=Y^R0rHCb{f98~HqTa=HI=2TYkZG&4Nsr*bkdlffi$B~)J6|ZK^2~7nV
zjPUAc`oacDwgzgj5l!%w+U+(2kLYO1?7@8+(>59&Y`lTj8(va>4w_*vbC@)q$5;)y
z7^{PP*|-+Vd4^_Te?nH$w6-1pxY^ECvKV@M80;ZHc4>B6h`95!<-*2L$(HM=O>n{t
zTd2vV$<;Ec>id-VrfJqh&!2eI09BNfEO=OJK$uI|@0I_BnO5tGgz*na4572bx&7oU
zxE;SQS`*xQHSp~TrBJ_;Lb(k<ya*i$aGO*Qc}(w(nEul5D=?d31i+O0DAuA&Q=kie
z7-^iqYA`n%QK-qXfGEnpW@GE$K+!J2dcu$bN+fQ^HA_`r&$AM~jJ=50b%~r29Gr>z
zQ=&TXUa?~|W<jOPvY$=+W3v-PvDv`KOWwA<01yf@t?U%q^T9B5@sNE{sF$|eAvQ5t
znf}A{%)yM78o*VP1to%HhZM}=&15yDuGLPoid3S)4)vRdR!@zXBdHpQBhFqc^eQdo
zgP6s4N{dAtrHGv|^+M4j31^_XQ-!}yr`fUqyJ%X@2jGK&w0c4-zZ0IOy_{reX|9Q?
z&^u;U_5YfU_0AUS3Hw-w-x>5~D7w31SL}&D?7S9#==wgxKc66Kx_`$rgLsCEdZhJI
z6_;unIw#LiC+#nPj-BEnw{aR-e+48Hyr-}**^jI5`oXRv@V%eFyh$fEC=)#}yZ!)|
z-XA>@;T}<ISp_(K<DjR?`N$@X^{L<mi*>L~Y#WZZd8*U-W<6}Zm>*FM91@kVA<O>B
zLs>`&m4lm*r^WXeySIAeFk84gY7Ld+6t3S5p5R!?=)w<E{Q7!E`5}|3dQN`rV900@
zr_VSRKyTxr_$Jotp>*HKI}-fIFdwQ%p0N=~c*91tM3ae&dTNaz*cU#gHx0h)+MNGc
zLDDJ{WlC`>KIJMsb2&Q}vTSxd_b7)dEc9v(%;ZR(cNfeoqJ_Jm*yJ5-F>LU^Z*7I|
z-@8#e+J*4;w$v+WZ;jWU*W7hpSX*mDFj4V0x8O>Z2wG|m^+=U6PF%zgk^le5qhlqu
zjgXV-_)cw`jgP|XxN+d|I=j3$67yJ>*{qO@YQ78sYKoy*ZSiEIzVsN`s1sj#XGuM$
zOVFLwtS-I)`rj+9ON+g?W&>}@#In{XRZH>GY_I<s(#;;W!jF3*A8;?L1ZTh?cvf!*
zR1Y~IHkey_oJN5R9j5p3;6D6G;bqt8b}MmcYm&u?7qz|94NP+enYG4>hI}o}<)4;G
zrttt-$9iLynP=ntE3(ZzxdknmXz;J`SlMK>8_t-Q9)Y$IZ|aH1`mXJp=NS1%n$a@)
z&)kY<n+1=wX6;M}59CdzfPZ}cR~-8`{{M>&dRsFZN4p}0H0W~}RES^wiQiO_rWvaW
zB&ix57fSonnHDeLL>6NUCHHbrhn=qQHUV`6^baTw1CbtI8kWrU0$dmCSU_+)g^awQ
z%Ysk#0cy`jf+zp0FP6}kAh@gk8K|L5K^3v?ZA*N?a)WuM%gZb)zldCxb2h#KXi~B=
zgKP>={sI?0h0$YjX0C{YUP>BwG%Ycvo5y4iZ{T>|E6N{)r4dO6IpmvDy%iK$OpeSd
zYG?xbi}qM4mwI3;6kN^fP4161jj|QWg@VqhfG|~a8pWlsS(C*PPKLu}nc;x0h23m(
z0BiT*YINa(6r%k6sm^2kb<3>IvXX?i^%IOH5X>5ozGb4bp&ctXA6`<%WOPma|Fd^}
zy=~-1ywCa+MEr10A+6=~(q4_=0LOMx;}Y9v>6(Y4Xy{$a+G@4CCAq#R5B=-~XNFvo
zOWAUADcT@=zyYzy;osrTa(?rh1KHI?_IrRu@1Dg9rZy_qRnO{C2$jq71_SB$o=vBJ
zdX|l_(4zd1%JdXT$WW7<>R`}!K*)fUkFbK~S7ZL?_U;wN2>c|pQ{KDA-?L7a6(CM{
z%><Gr2S-TH?AQ;`g$cUACpZxbp+$~2z7{-Q-!cV`4L^6Q8ts{xXk>vh?12Y-n~SdU
zvFDZ!@uwfuyccTO-X82;SA*N_^kRl|mm4NK^C@iEJxyzB+3BMBwI1!UqE;9>_6yXz
ztY`F_BYjJJZLWlK>|(CEvMvA(0fCxaM_JpX;KjynzZ#G>dx4LV(~UjkPjI<E-j{$s
zoIn$q_4u24S2?eQjIeR<$3C|e=r@+bor1!=J_A*ZVui>{Wj>k42qSmFrX<I#mJ!3c
zHXFeSbkXQ*Ga^VJ2WY(~Fepb6b^ygDb)zRR^d}=AVQoHaj^ezx`+b_Vr}px?QGLLx
z4G40sSMz6BTL>ezE{?8MS_;0lOkSRYbvlkkl?oa$%DE;;PqktDFz54=D|S7bKlLR{
z4(}1cElFb2scK^*f^T@fGDk&?sqLD4CG?xJz7^6X?>(G4R!m@RQ*Bc#(?}tRLG+&#
zc!$5^kvaBLu~2d!E(QDUZ{}n3OiHM^=#(h_{+(&NsMR${x~3LR;6jDUi~{UMIJXd`
zvu-7Vy09{Ot{ju2OMF*x2@cLBui5j%XYA$1d|Q+4b#{6&n^JGbh)NNP!eda?Piu8T
zO@U9+&rtt%!176aZfmpscv-VnNcQUI(+fo6z_G*grR%1jB>FA?aNb@C`4<Ad9<k?B
ze@n6gu)ahAQWlkfV7FF^yAl_e=eoS}_X44a!0|~Gd{xt|x)v7(0aiI>wlN!~D(^7y
zM^T9rC&r7oIbu`w;OM2$mP|3#G$s!+ZBK?hCLYjJf<5=0I0Z+bLMZk$;94bozAlXs
z6Xizi6z&^{?gWdwG3%im->}gp#|P?k)l_k};<}S&D|-}%7M-P*jWh?*eEw$ar}{Ln
zN+5f|`?mS~jfEFlde@B29C5Gxo9XXIAsfIw;SToLl!-67scGxZ=Wi5s&VvjL2LLl#
z)^lAUz|-k9aJJyYz?-;KXv|_hQ1iw?!vsw`%AbP?PKKP-uaO-U-keQMn-ndB2@2@7
zmm($b?lW^doKw>>XP2`H!iOm<Hn!M&*kH{5G)1#(mOeTnmQ7VC#)&=I5m3@mMy%C}
zz;mT$ylU#(j9t6agyZkpeB7wU%mXf_nJ_y~h!ggBbZhY|JHPTda9sDT<hN#bR~$K@
z*2-TI>^WYLTI4I+Hz&>kVR0IXG}Lx$TVl1Iy^X%S;2Y5*gyxdhs^wDD8WC>2oiaO_
zUqz%h$p1T1xo%@?5K5DQl(CD;`PmUWu}m1_;O8E5X8$0CQ3*5MEf8Qd5_vF}&6-l;
z4!#r<Y&@G*AWd%w5;nh)p6uTU&7Y3K0`W+q>c&7dCwzSi@9lKX{5^Kj05XGX^Qy3s
zI%8|h3A5@%90JOU2kcGN02MYxxcG3s7_JJ9yzI2)Ju}l|x)gTSiJ}_><;BlHyA*6r
zgCZMU;+99rRGJEsiVQ7nnzNVPVgXK(k3CWBlGnAU?3{P>{*@vZ=0uNrOxcAU`IAv^
zUa>WY^W<Nh=)|o2C@`Mp(_8gDmLA&2Z{2i^Xjd@G9-&Ufx#O$;Io+G!j%>I;?3OfR
zVxrcPn6Gd1^ZuUf`5G_EQX3nG1i@i&9W>F+#NFk0y5m(msel*-9HbeKTJn`8+wQli
zCaPky&_H_tSV60i=GZcpuKC!+l?QiRoy$$@Ae{{wE^8D`+8z}0Y`u4-6t6oj3!~lV
zS4!k#pKlx@{ar;=4B(`MmlTZByWhE@mkIb(;T?jX(&_2wC&3xyP)WJl3kvh6+Y)rM
zegEvaAN4?{KcLG3dI^tC254uDF^;w~)TYADf_`peT<9&2x;nc$zs5{}%9uqdhBYWc
zG!%qo!{dyuZ_}}kk0Jhsrgx$IhJv=?Z45DPd>A;dWmDm$CXK^`sR5RC;IU`6P};9K
zlrwN`!tx@xj;{ozWO87%=!C_+lfl?BnoVFX_1($$Ihmn9y=M+w$Iv;mXg!L`^RH1d
zCTQ}0VZ6f6apZ9V6Vbwi%}@ZoO2!kULIAMgm=b#9{av|s?&e6kPu^H6vuGE69}}+B
zm}7HIVV@`#^$|#(Lr15ncJ8wm?|7viM=PZ(4cUy@kkJ@=_>VZ%H$Ili*ees$8M83s
zw^uSq_Ki;}<u^VLWEXS_<V|NvI~e{p@Y(qFU~PQYOg#VT$=qQLwpC28!<LmeetmY4
zSc-Ttuvls}66=A56AN<RlI*xBi5a$UVx9x{rdO1HImREtNk;`ubOXQd;Y7f%qx;(S
zj$W_WHb6l_0Kyu)5(%6`P|Z4n*s<0^=|;LNPj^D1ffXFYjHy-G{)A=z>J=Fbeb6^Q
zdNjTL!6fdJ6P4!eOk6G2&EN~6uQXB&twgm551j_hUA&O=oflwffUQ(mGC@mQ1wGCJ
zIbSGv6`w&?L;Fw)L%7on8+A9DLHRyIVV{q1o4|=|s#xlpD?NzX{ydRnB~03i*W!~U
zXF!-``Ld!Wx|(u}l^;F0>P}7cxgLFfyr6lT3+cEhnp$1fRXpW>LdhVNBulEdr3~1%
z{T*4r18VMvaNna#uyMa|G&w#&OnIvF5Ae63rRqG3DpbITyM-=%OsB}swbHr9U<aYd
z1ciXn-m<aOCXdr^&DE+;=O<t`oXi8;_=JXbu&0Ec=%tv%zf2a5oN!a!w;i^n*!<-A
z>&be)=2?tsZdrnt$e+j<r5|XOpHbm|*SJdM>%b?puBhCO=2e)K<4f9CUI4}yGOz~B
zBZ)N*zI9Z9aw@gMCxpQiDM6oMt64<wj>cMY_O_k+5xKM9wogXq5J?Hy;nsqUZR3Nk
zhGOrzjo7Jy?K3t2`aW9rL)Ncd%Fll<lcfK@7qj2{-7NI~nmHV6V9?isYi`pwZ0oBj
zGs7|oeF(0dJgGKiLQo@pPt;GNcXPd)K!w-Nugio+A%zLJgdQamc_z^Bb1iuBPL^6+
z)_L6F-}DuR<Hz0*>FA^8!K)c?o3Y2)J|5fM*KGEDIpc9a_4qYU<72JI{`fgL-g?~R
zJoVPKwN_#SDi#$vem4svb~*)Ge?2?S*x3mK7fN$0dAl5vAP2HmVlzj2d8zp1`{|$m
z_~f4M%sOxjgt~}-i@Dyw8Usu8m)Vo}16bbjKHcdP5FeMpEkF!WbPr?u@!N4Hhi`OB
zSqag|HyeBVb4j1;ww|khzJT=2)<inJm?264-TiRSPS_VqDY7rJ+l;-iE<9ks$zHfC
z_#ZQMm+xo4e|q%7)Sh7NA1TP~>DaX#^~@5OtERdWfQ++4x!C}$rmSyS*ZSDF^DFds
z+Rj@y&oGk)#gJP*4R$!q%zuYRKTLl(90xXZ=DRY?SfI?vYKkdxY*TdpJ6eWUug=VC
zQfZrO)uR(z2%Rqh8b74bfjXy@8CA9AVqwvIiFF2t9HLmzRoK6B3Q>t$0Bi8JwAX`*
zKqx)+4#W!2K+YA{OM=+KfDcf-I)E~n`PbvR;CNStt$UO;ZCjP-)`mPD-Zka1^SMM@
z7UVtDX;TLOzoqLQhESs)b7WQ3{^0zZf0(M#@4h|Xo^Q{$=iBr3KK}^-0RR6GfFj`l
G<`n=<INq`V

literal 0
HcmV?d00001

diff --git a/vendor/github.com/cilium/charts/cilium-1.17.0-pre.1.tgz b/vendor/github.com/cilium/charts/cilium-1.17.0-pre.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..0c746409a0d2d77cc090ccc30e85f13e4305c010
GIT binary patch
literal 210626
zcmV(?K-a$?iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYMcN;m9AUdD<D{!fMR`#q&k$TzY+}^XYB)haF$s9?pnmIjv
zY%mif(Ml$=0Hh?=JbwE<hzKB&$)rTNTs=KI?cSZTnLr>A00Mz{CNh)dV)tauwe2tY
zBKy1V|7S2542}*C;J<^xpz+_~(f<D4-wh9r-W<Kzdvi40`@6w#?{Kj9cWm%G;Ii_k
zG?weX8~o<6nv?r4@`vZSvfN6Qn^A``uC1K%#Lmk}U#i_ir)I>uJ$5Jabi__zvs?-L
zp!D5XWina*OU~H6&_=3!#P0XpKXbkiBZeC*$F_xQD~0LfuYIZhCGRlC*uSt;nj+)N
zE9is+FdBhXL!`naS{4?D`8W3qYi%rr0l0-$_c9fXr>S(Ec*dq>p5R}lU9yQ-syt;6
zb8ZouG`>^HCQD{4&r_~b_G38_Iv17z*Cx+QnamkC%+3Yl6X_r$G^-fTGWEc$=F_Q6
z*n}IAGL^Fr|9E<3c9_!4Du6hZnH8FG%P#m*X!fT6FL|BdCs}E%&<`>d8_^!XBBhh6
z>k~`CT2~<&HlF%ss}glySs`Z1qEOl*o+_WpS*c|{V}zn78UjRwT{oU+Wsuk+w^9p6
z)7xP(PqH$V`3zw4qR5s2P^E%Rr4|o7%ghR4&mOJNInRDp`YuyE-GHEix;#*q4e01c
zVev3A=>UA4d@FrC%}kA8(Y|9-rJ2VroG!+4mG`PW%mUtSi~d>39AFR~R|s^W5}sX)
zRBDk}zwQM3iBq4sZkoDnyx{;YjL7_uo9(sMK6w7{&;mZpBLq{Qh(Jh@BD4o-=Q3v;
zca2q^<g7G;CEN(ZGI>X5L8YRH<DOpKxYPXO`SIln{amx>IHXE9=ZggHDQ@U+*P_tE
zh};^Q4ZvLRoX?QEVdFkKw~h*y%iJ)Ia7-Z*Ih6_A362V`fmRv2=US@LAa#7J+7ZSs
z+<mhKq47Lr+%Z#I8fHY|fd&j=`_Xqbb^ij8Zjcpfo~Q2E+vn~aiOn{@ZeqAkkk&V&
zoyDZ13rtoj1TS;9YeZ6N*Q~;W*>KGeEC(Xta3JS0nN!>8k{Mxv5E-9{40o^V%(xbe
z8zX1ANSRf1XXUB9mubl}Ci1jU(yjP2NBWE!ZgP$T&<&Ve6YLX&^ljsPTHglI#0r%n
z8I*=y;U-9TY&A=wq9fAEE{`q;Ci1D$iCBmnFCQFn2jQKMow%TdF|H{G=|I@I&@d9+
zP41I)H&~JgW2R-6Etx6=?tPv)as%WxlHX)9X|e;J6>~mZOL*5~(`_8c8phdV4WKbV
zUAr1Ht;z!a<`yF?gx`bh3(?MU)-1+`3(@h*zWHL*7h>jse&kj>@a5*$nSgFH?Dn$j
z3`b-%<Yw1dYacJ18qaZoC#!qfovtD9iJIt?34Sk3ZGDiMZjFp8bs{{a39wag+c{Yx
z2KSUmdY0d-<q2E?D~y?F8xu2<NQLW(m&Z4VqcAS32HsE@jl214j3$qtv_Q%jpw*9W
z-MyvnW#U*%QOJB|f`~s6xGZkMB1QI3L(Y}4{w4CbWHNUTiUhb<SPQp`;?cIS=oeA+
zWn_GcY;A&QE4f}ksvw9yPp>vwxrv&BCnBcS3Wt6FaXc2niNvihqjn}cnH2?gdg1f*
z{l_t*;Wj(bQ3n7^N7_wPmrfw1c23&Tg4;^Ig06%mf~*N!W*s$X$G2{xwbY<}*|L?M
zAqI`M*<p-209e{vE5txX4)5evst~p>p^96BmyyJg{^j&=<7`BX8crQjLvWU;#X{vy
z7Ic@c-vZ4^g7nUFcdE3Q3N7+Pqzu7NmTXaGRu&mDOV{79saA_Mdt`+Pz5h5qPVa@b
z(!doRQw%^pK{XzC+<+&&|2PJaD+4}Bxms&SxYB@Z%u+FxInJ9dIig|>FUAdf5LxE_
z3m>i3a#A{(JZA8rPYMr25<!%4tV~ShqgYidy#F|M&#;&6G$&HMe5b*4Z^NBd;pBIk
z7CdDt&zAK^9UiZEv%y}IpnJem8q0Lyr1m3je{R`>bi~b!@^4HW1s~&X2q*LjCY>0#
zz+s-G<fnU~wRA7wRgrB2vMTES#D45F*i=MaR*k+fnSB=&+3=+LJ?gP}mh!7A8J@o9
znY$qM`FN~UwmCgA#nTD(l|`XcwjnXxpv;fz<Z~Riof4<+_<`i!+Py;}z5~&E1>!T8
zosU6L6VI33pm?!*<l^(TDK*xdxb?z(v>j-5p56=<QpnabX@H^E78vg-vFzRRtQ4%^
zQX7BVcu{0Bdhh%9Zz>Z`N06hYfEkgA1kd2=)pv4!di~Ko;x=MNiA*&<`8H%k4m=C+
z*V7}QQIP{*_EP|XYLb>Kjl0(FEtsL=*Dm9mELMq2(SG+|>>cO1Dsy~ozCcFI_IT9s
zg>vG>9*c+FNLFmav=R&o6ddsZmkKNNLgqn<<b`i{a)9}|>x-aOo5;Nefd`|iTnp}>
z(>rcMAt=~sJ0RBIOYW6axfOcK+s@xur7vYhg-W00LGkGutMoa})4+uU0rxs_J>6Jg
zivdW_kKJ?EeHCtm<4g8R_C+5E1wvF0dcv25O2zB`zvSHxFXT_v6g#{q!as-o;hX-T
zS7^~6c4~Nv_u~&eGzDD+6~+#`A(bH#{L{oOB&qc~bLHqTx3(~&-Q7T`-HuEg#PA`_
z`+qj6$mG55=fdvJ=G2(}^S>8d=DVjVaSukc`0dICp9!;@shR2-m8rhDpLOoU@<Hj;
zj5<B`e*B@+1FSo}*b>%@(C_pD{+(U}`5wE~s+?rP%$2gP@m)C)fl%B3>kn+$-y8M^
zy}@=T-W(lzSUM#96lW65l8IW>XV$rICH#N3W%a+tAEG2&KIV6F0C>{=f3W}N&E8?t
z{{QCi@Nf42zr>#{_CaQX%|z~Gc$6tX0h49Bcj3VAUh+FJm6`YlcKV53eY$05r{}l*
z&KA3!OT*k3cR>XscMAmCXn!B=w7y*wS-;ciY_b1slDSy$&K9%FLX6lS^D@hJn6X;s
zvp>}u^m>(2$V=GXBohnPj(w-XSec_;s?sDmc28Gy&|rnR6xuy!Dk~3ZM7`a{u!3ul
z;&{$JFD6=K8E4==1MfqY$|(pgmRYW6!kT_(1>F(rc3(W{vY2V^1j<Fhtt6xGTx112
ze6^tlU=~(P<fhbul(=(m?7ZZKn|)`?&j-YWTv?XPc|H>?(b7uyKEq{-Ah|c3%uBbv
zUc(-iKjR?bIyhSVQc6vCYAzo9Rv?{4XN!FRJ2hVvnHaI{VgJqcj{DDB{Lj1XPTNFB
z%+aQkib*+hFB721S<WY!TjWVOW0{)GP`@VN=XAuTJTn3sdqTRux6-=VsMiaEzHp+<
zL>Wi!Ox%miz}%Xn5-k+m^szQV#8@tbG49R<5P^{HC7!|Q1FLf~2Y9BO^vu#&u?T)9
zuS9>=XLt9;DlK*xXnuEC$}KOroih+)oP_uqC5dUK9+)%$4cr49DsF=`kP!=M-ROnT
zuz<qY9sd;oB`VL+&e;cGm!w<r+k|9xBP@uEoWXYQ8BuWLDoAI-zZ(#S33OirPyl@F
zUOWj93_;Uk!&K<6G=2IPfS|v7xb)A$OV7A~V#NNVqbEFRZXnPux>ZwCc1;YS_a1oJ
zF<6$|UI2Sb{b}A|q?jBrt4q;oY#WfSSW#x~b(Uyhan;=qjuxa85gHqs4*X|aX4wt4
z9<e_<CeS0PxeMQWu6qyRbvroZE2Qr0NJ1k_8Bk-3{qIyvd6`+)`fK+;cKePo?_!(o
zR}jh&?=iP?;!bM-`$q;S?0di)yS%ij3zKtyTW~8AmML{t7Whz$3{X9pPZbgAk{6x3
zw}u||KPY3@F-F8=2VNjEp;vh0Q;346Q8mn1>9xZ=$$!HbKhH(ZzSa@{gPZu*o#@g?
zN@LYR{wf;m*DWTz?`cV(@z<C-U;7cd7eK~9FMJjKrLnKBPJBLjmyxee;`w!Tnr@@@
zigJ?4q-B;@ewb<pR;LN~kOX6~yWSmNVVPV=OV&!k_)O%sv(?#R=TrP)p~@UCYvO8v
zh5HiiljHF@>=ogzr9_C-L@QQmk#@GC!FH;V@bYxxqeZY<S(}M!tjUt4BI8SUL2S8x
z3s&Y<x<{zcC@_`jOjt(vQ%7dyLKvn>3nV&$Nndj-E*t`*r!TZ{LRxOLS2DM++3j2~
z<D_1hi!_X>Q59Pu@9qL45|yXO@?#b<9CR4_r7+(Gmr1FO-5d|srCJW5y_(rwb!M)#
zMSupSG0x_4Hh0$=w_<f7du}4oezbb+Z?NM?iuyzf@D2;Qa8#eh(|(FPt1W-qa;+}d
z0Dh%4`)-K6Xzjkk>aDIH&Wo0ixM)~Q$56<tEcipQPkFYii>cmxc`3{s#GOTHOP;yQ
zY%X%^ec=G5oALSe8E&L=%N8X}ADqBol&Nx4q3hjP&1G)snEZX{;LRc2vW2@v_xGIm
zt$AXFHviCQJP|Y3G*6kxQ%{ymJqQgxi42r$dASf;CKZ?%3SWj1pY4a1{FIxyFl-|1
zgAjRj?z%+!F5C!C>T@E$*P=-zw5R6zspD|fa|k4Xfdhu}48f{1gwMJBr4+7jbJ;GD
z7_7t=<O|HR%nPR?1yIxhCqm9i8s0W)%7%_n?;RdKw+nUvl%w24uz{OdZI94f$IaT!
zN2Vh-!21epAHvHX$4LSg5Zs?INTL>n%E2ny5X(;dmu<t)lj)a|XL2e<iZVl|4it73
zKB~z-ITl61S`h2gK-cSpGuJn26#M_PfBp9k8X07c7flP)NN`RaA*@&wN^`xWyX`q`
zT`$Sxt~90;W_P&%?#RKA?lHI!xfOv?c+<kgIZKr=`L^{=0B%8Vj**-W*PcVxUCSk2
z+z(3MajnWc?Xw?5w(zUPr&B?OOV9M&gAGvWBdY*!RZk@UsHp^j9k&rgHFfvgaTmWX
z19ST1uJ#9M1jq?X@JN)iTxpT^1J#0sW1;RrUy|Ug02K!Ml*c9|dVX2h=?yXlu&ho*
z+<4{XTi*l$#tU`>Jg+v`U_Jj1+Z1s9qI?>*s_xfK!53OgGdY{D+r~Bcg%&+*{eltP
zll^JR%*)9n6Fq3y1YE7qD&$gb0=ASdK$f`TLYVn+AyM3Ynle>~9``+7Fd)iO6_7+|
zI}?>+L{8%&`eBH^%}n17(O(EVSLq)Tt@8h)CiOWGw3pAI=M|kj2g1B`LO%fMTjqjm
z@&xkpxaTIz`;CY;WmvEfqWm(`?gdu}EfwB)wEOWfbIQd+<u}6iJ5i^PuFn{{+<+iw
zMr??KoTFk7Z)wtw0;EW%3O~f!kz;64sXp*#tKC%4?pkG;djZuUgZpt%F>rTDKDg&B
zvgic|!*W@q94->Avg}i7gHh1<Q`d?KXjl5Egn8y&)2=jBLAm=Mz#R%@q*Z!3V%=X#
zzJzeP_#*6f7_)pfV%_`LZsmS1$}B_E?}&BJr&r33(KEY?A`Y%wDrW*L==hfr>zX;=
zJ3Jaq`QiTF(cas)Z}#~9WbpPVeS38HHhs50ogN;FcL#(0!(_6@-=uG*hts`-;qY+(
zotPXBlSBw{G<@SmDUCQKu+i#Gr|$Y#uI!$EhtnrVx<aMLxs}J!Pb|n<rx3Yxlgve0
zW-_0h<L!t)pFN7CtXxqU>oKbem8seCN3k5S%AVlJIakKItwU`Yx<cHLC&VcH%-Dk4
zWPSl574grE-MuwEUKI7s2Yw#jp`vB3?i!6psbi(gh-ES_A0uE^WkJ;oYBJb-CJ@1i
z5$N0j0=|W3LuZR=F|ACz^<h$#nBBz54uv(l6{w!Lm!PTL1t>k9r@d<U-A;sx!@XBs
z#O&-*8e%n|XLS_s-ic+Geu^$_);)9L>Azu@ssSi%-IjL$t$r3DdyQE4O3})Te;b2`
zNA$y$!sQpQhW#UOOM6XPAountv{VpQlVseO*ipT{IKJJ9YZj@?oN#`1<2@)M6Hvuk
zoJfAXF~!LhsaM4!?54Tt6)Nq~x7{uHM-P7nU38k8aIguh<0?coa3jNbnxZ)%Vy_X4
z7LQi*lhE9&ifho^;XBy`q6rYsYh7BQ@&@1JdRC&FCxSTEv&}k+{9bC6gJ;Y=*V2iu
z9>`gK{{#$o?#JBD8C-_G&kywLCBBa8%5&GHx5#ZT<(7BcmV~~j?gmD(yU6Ws`09rk
zvG(6@;XXKpctWL@@J$Pzx@TqJn0^qg3O?iL0phT{Re{ExHB-D-S-A-0_zC~@1WB;{
zWlWEsqMxdse&bB#%&U8sssy_e_#iIhkm-70U%@qB2zXnAYiwtWf_X%EX!|D~!VlMS
zwO^-lMq&zEEU8_Ok63rOw|~&B|2!G7f9nAmnH9!@+~NPe7yW(T6R{G7g6}SEd5}|7
z(F6NkUG7nnKSNCDt16hG%u}J^VVm*FbdBv_cUmPb?*RjrBJpTf<tt<`1;|m*lv)O5
z)p1cA>xI%|t-zj+mP8YDjbCGMUrD_oqZ8#gH?IT1%MOK??&ll`n~SvjJi!9a9k|U~
zri|C=(;ex`4SkMl0wO8_4f`KKWB8IQueLdNG19CT7O_{6Ww#T4^?Q#-9^o!xNl}j2
z!C)|0&<_i-0Lks(qokva_|-ZLSKA*B_bw%E$7(<Q4?oeGp<-qA+`q4Dn3^?P<+BkG
z7NJW#c7+Pg>09o{W8+$k*uZzVZZu>f6Zc@4EwsFsnV3NcRQN~Dc<#3M*@cs6zHLt$
z0i8b;LFiy;NFT9nGuS2};kwMhX&BHmMe@ZmBlASC2f^n2zEYQ16b1-U@W}J3lF#4=
zk?`ERGe}U-@YpG1SqR1r%Tzw2%neI~??aEbsLef>8JLF^(hg1W{pdt(1Db9E2`|v)
zO^Tpkcki(1=XEp-q{25Le1l`+1yz_9Flb?!QOTXK?h&_;#(4K(C&r!p@agBPxC`F(
z^pq2*$YIG`W^U0{B8&-re>}gqsCPxula#PfDMo#1Ra%f%;jZ3c!Y2KGKY+P9yZv%}
zdU<~J1T1{?8m9RJO{N{r_3_V7VwAhLl@kFCTP%1H`ks$ZzFd4d`LW(v=1dldb>FdQ
zBU5m7Sg3n9A4U5Nv~|?3H`PJ}us8pF^X2l>>F0~H0QgD>;(6vl+GHNGR|IRRVXuOF
z>0Iy(93C+2c84b4yLkV)A3**rSS}p8mb9A>Y*Jdbkh8f39cKLXfBk_S_J>2fx7}Mf
zfblzR+hKiucJt};^~u?GHOzUAo!_D%a@#PTIpJl=-j6@PAs(MyUw*o(ZR;8->Z^RB
z$}B}^W5zScKw;&*2zZ1Z;g{=+^UL$wFIVI1PbW3N9@_x>y|QzM&IgB&L(QQ`Z%M=M
z-0hILsq93Or7m+T!?SRUC0h2BoAUjzzqi*PFr};3DSbHX4<ZUptMk7T;a}I>hW0&=
zVfDlN@rMBI7|dI#G>H}<S?ML?=vd+ddC@VZW{)U%a>pGHiyWw42V$KbpM3fB)7ka)
z`RQ3>AYv5_*Od$RP-Cx-PcF=B$I`f-NDF#<Cn%VgWANeA&sS&Ht78j%#5pE2(|kcL
z1Hg|B`*?o(@{w-NZa<!%zHp?^-#F4|8tDlJ4pMzDff$LejSCO@LW2|dUU6}-I0b&N
z4Q;j=LV4nFefB+aBXS=z>6@PXaQ*4iZSAM=?e#I8ADBYYIt9p((=$tx*sQ1Sg?`Y|
z3e!3pXnO-qKZTanyskZYWzLjNQ8J<J?Vd~9hV2TQ?BZbkl%-Ptj`Lk}=VpTEJ-T@z
z?yPmH&<yngH?C1N%S(l^JMhYhhX7X&PVNE*49>amis3v+6_MT!F8*y3F|3J5c<C<r
zxr~3Vhl~X<WlozHo;6KJR`mP>#y(XVL?DTYYcfm`5a6Kiry!BaphdTuS^xKw2!4<2
z_-}XT|5bM<p5<6WhkAWxtmanCmL2@}4gJ%dRFulE75G<vhR+?wbo}opy<f=hC06h^
z+b;Oy=R8br1bT>CL?HVKJz|^h{|>)1lch>>+4Md={_%#r|L0F9SLf(>Q#qGzu`6YR
z4>#DVnamUNi_QeTm0bVe^Z>5hAY#KQBe?F3gu^;6bNnlKr&eRJS6{jNtxxvjudm^H
z6dYEmVN`B$Je(-y_~u&QLz-xO<vLb6Rw+adIv!Gan}GdZ=+2gpcAU~L^lvkVR7gHX
z{$el4-A2q7Xp1PVLe<=rO2svRui1VGA#*1oOT~+j@h%1dA>dMZ?UC7r6y_egMt*s7
zCyURy7Cf2bK8g)fsB97J?ky$TDhmjykXG_c{u((W;rZA$Y#}U9x#fMYof1F3HE!}A
zGOX{)&TDRjZ`^ciHk{jR=+xc1!`-g)XJVtBNBeiI<$~+wG3Kp_Kl(cmVoXPvwrJ>G
z=|dFW`RRyJkj|jj@_+mvwEKyi=k`Ti&}Hx&x}e+l3%Zp?=wr$W=980cJTA}Vgim;q
zsWM&J82IhPePd_!WozRIRnG~}(+8Q_Ii-FAVNexTf-mvy$r$dT&!^)k5g~ZpIGMhK
z*DqMTL1PAz1trh~_pvB1*jS}xEjv5CWv|Y-&ZIDwor;2MTWW{btz3xL;Fw#^=5TVm
zb&VoscIpMJyAWksX?Xjc@aYog(<IgEgk?U}9HZLZ@p=V*I)xT=@q)d>P4oTx>(}j@
z+%bW~%6rEI-oL*FvL(vBYT(@XH=_eG#_VX5iLR|i<p6+rOf!`Wc6EGvaI|}Me0y}j
zD4A6!=l0;}@#uh(O*LnC{o&;8-te$TsV-8t8o9}y-v~d*+59HqnK&OOJb{FrAjYAn
ziBcDn1%6vVmQJO?+mjjBty4Mj^}+n-+d>u~?|Tj6L|P`5UCZ4-iIe(rxp0z0p1Ny_
zwvg{5@`M+r3=ua8*LvBOx3AxsH|EhKkQ=kYx|)ftP;R|LYio3|$Koh+)2T<Do93V^
z?bq!hCyKF5a3iYltXw?M1M8nyN<s@dwI`*9+ba{?iQ|;+!-?i1WvSrl4&xBgRW&GN
zaz}obFw7|d9I@e{@mRp}xu@Jc&ltB9Ob%h_2nf~%F!R6C6yR^y?!&3zX(n?qVs*Gq
zR#l}9_q7&QOT4H7AkWy8%gn^!tX`r=%ZTlnmbEB|1;pz?Mv$kLWVPGcW$|(Jl{&zP
z93uBVYHmwuRcYAq^|%#gh{7MSuCVjLN~Fa5kK@i{Ry0wBj4PDURKmKF{O}J<EG8l~
zw7Ms8q#*Rd)}7`P79+z}JoHxP>?aT@#t9|Lf(cne^ZHDkOy(naYAHa@$3CZPmCNLO
z96Qw2MreQpdCF1M3474GK*6teG%>1CaA4p@*ucH+r3TM%M-`A1bx0;lGSI!`A-b}e
zm5iNSpPIf~8&b-RGoCkD3bIJb0|R`%aIMzJLuh)`!kQ2~15UZMpdCDL@%qz=b7$pV
zRMBZ#fqla?AjTFAO2kDy>M^x20)FY&Jlq;<b4%EHeG2x8ql^^c96tb2(w@nCIOaSh
z9aH2v2hl}nrs)(5Tb@djsC%JTt~H1~yuAGkI$3CeO4B@L=O>qAHr0F<vLy6!RP<|6
zWRS~Mp=21MLt2(*QcNM6dTA9H;9ItS2$TykO73+Ix>%e6sWl*6D**cHR+k1tu3hit
zJ_A6JGE((yv9FV2+Sf|iuQ+ouXn~m<^JGIXA6oB>kDYFM-gzV2`IO>~Q)yr-5q3LF
z+HJ$cV}Y*L@QT3JU}GcH2-2jOPECwF#VY$WgK3O8dN>5_Rvy{w@Kd<n{rsPpOBl)R
zLPwK^|1`N*wgd#>YGLYBf6=cjoWpp;cFof4PR;J5m^P1ip+zrZergIiHrRp}6!zLj
z9wc*jgfKbh7Fn5D31PXD5<S#W0Afy<$&+OtU7vk=;Y(hajpCr657larfj@$Pm6wZ&
z&@h3VZr&W?W*E4AG~;!?9_}6Ny?y%?&&K?c7nl4I9VX+$adPVpx1+S%oL+737>-;0
z$r6+CC-yir`pZw!H6Xz}_j#=~Pwsp)IH)b3q(EYClX(7r0lfW=%~js3Bafrf1lA(I
zceFP=I6&l&^JRVUyroIp1GlcFl!$`ms^IU(LXnyJq;A%AtBkJJhy#Ri)SZ#wz8Qb;
zgSnGa#g$QBV8@2E1V)}=To)*V(Lw}(WzNbXQ47~W3y=@t>O!ay*FGg87-1cB^5V=g
zSSU!1Oo)ibL=={#6HHuOBzO#%4|l383TqY*0}R!)iq5a1=xPbF9<;R9@xjV6P$vjJ
zoT^O_07}F7z0iE-?vRDxIhGRO)``uz3Johufza`Iw8;ugKYU2Y8Djp0G6oby?iSb5
zI-aQo;T1sA2|BWKA0g;27VV>49gZ`Q9v~5M&IUWMX@3=3A&Z0+fVe;GuqaJs+VHV4
zp`u3yakWucFZXF0qBoAr?|CNEKD)tHW)o%S(HIr@JdIGbiVgf_XyP@fZOBSNUOQ2P
zuk?F>hbQXEJ+gYh!`im*kO->)8{Fk{HjL>X(Q~r}sHpH?o&MD@egRUgirR7Y`9`!V
zXb2CqDL7EolI2fAr!ui^P{<Ma9$P#M&#`9F1_wSo)BPLomghE|f1lNFMSN;2o-+SD
zb6X8?%O?KDKRP_zKl)4GdRND{8(hmdxBp3(vXHa+#Qo!W99`4jgk=rz@M!-n-0E%E
zn~h}(Cv1Dv-M?1EyBCO8-cib*6UVJy72r0GA71yrY32ydV+Ip{8V+LDzRc51aeH(S
zFSUCM^^E-03$9K^AkjX`k5xGrqD<c>`$gpXnyMs9jJPZET?543CCk#Tm=x1p2X=RL
zK?nW8VDHea=z<rg%bYJ{awC5g*N*M3T@dt+R#V1jGc9J7pylPVT-i_>#vsl=IgTCt
zLfs2JSGm|>nR;-tMG7?^Xr)~b0(D%CFrsGdIN4<Z`KYX1h@j<b#Rn2w!R?TM1-+7O
zO*HU1DI!O#duY0=W1`-{$;Q)+&kVC#&Ss)H6hxgFhYIa}05p}FvUi|Cu%0!E5cuH0
zj#!sxSr{HYntWLRU&P5f(Kz`SKb?;~&n0&1%S46m8@+?bUfaH>-N)Ddav^7g^D$d+
z^Ghi-Per6e#LSQ@yAM#n&F4Ek%cwTMDPAP3%R&X8yb}s&-_0C6DnL6IH2?P!fq|aG
zSf1RmSMF|n&6J0dE%Au}va0JOMecr7Wl+w%f{DFmavC&1<U|pQb4iO*cgC$-$~o1B
zlM6^|g|9>qw4?Oc0Bo`>xG^jjmg>QgfD9N1%~;E&5QyzsUWge_mSkl9zBGrbYgPKv
z+wt|MfBI)E<pc@{Ei&nDdr1FBPCHDOnW)l_g)o1&SXAte81hpSvrrb|+1YTd`Lca3
znKZTgSUkGrkg(?N=!um5ba8yeWV(&_*`%1VOwD9M>w@V0aqy=&Ux{PwRksIe=Weg?
zd`Tt!Na$=#>yLkObGpxX{vJR_+?Z&7N_sVaxZUZKRuVscb@J0$Z*Q<S=)FBWJb3*C
z-AE*^z+46>4HYsCd~7XG=F!!QewBumP>9DSkKQ^D6{=vbF`KZtQg?=t4uOt>Na<{t
z78<yt_cdruZ%_WIu5k;wsxG}bZLCt33SfLe-bma@4a$U9_rlJ1-1)ha*8jJc?d`B^
z(t}vSRWw`|AQS<)1g{16Yt5$Zj((D<<jz+UD72dR`@PODn3c($SFH1_-<cHC6W4XD
z)uis`apI01>>*J7g^6HN{E#-S7Q`1E5M#%ptvD`ltFy&^KEA#>zxp_WxB;+`CtQpF
zrvuK7?~5sVHn!t}$@xhg^P5m%=L^)AH-^P*8PDRmisa9nocDhG{Qj&5?5B5fe06;N
z&vkwS?x#f|IPlQ!1DCcpRl0|{#~dr^LgZTP{K+QhESd2#Pv(%mrxsMY#V(Z&C20Kn
zdaBAQ$4sIY@C>G`iE7Fw!f}c5b!Y3@q$s;ZnPt0sgW=wO$07Vd=^x997$f6DBE+s^
zaqRuc)p@f5U!Jmw%q!n+D6|9ViGr3I^41`f`r*3<|GZ5hyWcRDd0yI7J>>n$GERvn
z<&-T|xvfRz;7R+dnH#VlSRXhZS#X=U_eBCvuFlZ}S=R%~jJD`RpcW6Kgi<V!>0JjQ
zqv#GvcMu@Ny>}9NaaqM?ij_HfarjqEaJBt@$wZSm$La`B2(fS*MS(Ems9j{`Oy;J~
z#$JgQXTfAW5U%~-`Ge^tx%B^>W<1YD=Kl%mSDEyHozZWOF=Mcd#{ya2GdJrK^Ew8!
z<H#2{4=OV9(_-V)ym%Hu1|hdUU?Wm$<MT~P%3|+*qkY_*gU)R-$M;nY0gRq^J!6#m
zXhj3176~I|4(2miCCUd=Jc(-)ZlsA~#J5e$S#UeAkC_I+OAc>8VRzg>+?aA9!rX#%
zs;0Gt>9b>~Z9on&2{&S=*$3ddM;R_R%91tEw~%N!YSWKa7(Yf*#wEWCi(=j1)k7|{
znaiRoC-)UR_LE$?*JeNcN;0z2OEMmYle5FLaL>ye!ihme=u<Z}DTXN^|DGPTUnczS
zYqZpuX4tS?p=*~<DNES_QW8Q|&Wb<jp;EvWZ4<|h+*=Iv`Hzmp$b0dWX)jYVVkZhm
zpya-|tF*9Aa#gw4NT?}$!&1H^0mrj0*Abxj-jk)b8sJWuN|9k=;6-7Vkt_;NIyL(s
zGcjVj_gwGlGH)i&%4I)OvtawblLe@G$&0m>Ym+T8jwYZN%yT`##YgC=(hD@>R8Lbf
zUsD!b$QJ6T*$^!21P1wrZlcw(np+GWGyq-YQ;Nl}?aIvtq3dcb^oh&~xGF3FpU6DW
zmtx{$z&yeo-#<LX8>qSrE!Q^M+ZE}jWkwewd*H~+@WydJ={0wpDlJ&D-2sm?mqr;B
zXpKXNzUN1n$uL`1C&2Sa!M5FI3W;gAtIqg@t#X`(y;5DwgF_0Y0RULoCdYY~h1X{B
z^dy(KD=@`EZTWTwhdl#nzyplF%!|@?JoSNVV-1gVCrY6UEE^5+7z|8C1~f}>6S*+)
zJS9V)6}r%Zj1Y)cNIL<2S{Xdn%Y>;*OjY<mz6bGA8wMd<TNREYH%6~s=%;<Z-if6b
zAsq@8>V9k4%IncERjD3Y5GMbffCc2tsStVkz&t=CliQGivK2CsFGbBE!~u2;>oUrw
zVHd^j>g+ce`x(Aa`L@uSw&Ucsnj7X+>dR)5k5&e96Utg*7G58>A6}a7){P%Okl!g(
zC}Fh(0ce4#5(MDCeS(1D;8J$#1{~B>UEY4CGBl}^UA&GF$l;{{$~P7s&JfvfdHeZ;
z(kEBvC)BL=XbMm1itcmuz@~sN=(lEEPaOYARF;t+1IcJANlG1v5OS+;wYfZa#eXx^
z_`r0(c3gXC`0*rCzczD>w;KltQ%c$6zO*1rg~Ol148t!m2PCd@<$;x`MN!&H-3>1#
zKW+!jjdKp72_`bawb^c&*EZ#atlznmC=zr973smp**(0=f|WVm%T>v6?@$Og%dPtG
zkEd5G)Srq;ddVL*qbj+|%DnDe2i#OVO0fQ)T%UR^zOAejE6aMgaLcMw_a?tZxYgLV
zTsl!U%SbT<p-><ppsK^GmHHi$8+ewjIMmvWfvh;+rJ#doN$8AR#s^Gdpc^SUs%Ht*
z763k?OOgz_4PmVN9iD;Q&&C&p3vLsQyWf{HA$CJTh4B6)ZohRYVa|dVqgn=@oha`o
z{nYJ40gj-h19<qz++jwLN4v-h7Sh<ji>Q=Y>ht=Ta+0XUg8P)*jesG%hNFib=tlTT
zHHhk}y74(rzWpIedfa;9MblPy&ymU9x^-U(qH|iMJLW)JtC-=-9gO@6lfy&qWfH$O
z>=k<dpr|j%9;9;dnktTMVX@7yrho-p{t%*z0_j#IH@fE;I145s6`)&p541_9lDn0u
zR$bpO{pNs-{x}NdGLELnZdGvM47D+LkXMnE*UeQfx{T~<lvAbh;-F;<Vw6LneI0(w
z%C=8;gOzntru@{+)jiMYAqkbvV0C%Eq<h5B!c<B`-Z+$`2d=GlWB~*NC?uBg$^}XR
zTwh)H|L}Jhf9(c_^lUF&T=%ePrJGxc+S7*W{gJw)D)EQTrIa_QrlO|1Z6SDWpsoS8
zjFX2ZGa=PC2U!Nw??h#o{9`84`*|{TwjzsR%3is?(4i<TssGve`2N7xtbe`Z12XGv
zbeS6x2<Vz14UpRn!MS)R=<(5}Q%ftF3hVB9Z*zb-&iTCq$wA41igJ+Mh#nQgE78jD
zvy(c=2#=oBfJP~U$V8*S4ce*s3D-Orz1=lPWC5m{LgWUxMS1;aC9V<pzJE{Ql%msI
zH$XsL;7q|1IEdcjTqRZoAMh>#>V{0%4m!*l%OlhG9Wb%dppb_XOT#|MEKRsh@rAiX
znYPIl3=ITvK_w@DO$6ZY_#s>);IIy1E2^i8eut!Dyx31+$Wu?FIF0ECr4vyJfxQ|b
z1KQ$V<Zge3+Pr=eylz2sJV>OSsROz)Xl!JeL(LSc=+xupApJ6!lZ1dY2xW%l$cQ<g
zlX2q%e7<&Hqn$#|dOk}68fP)Au{unYVKf}>s#<JkiyB{sgBPNcRySl&WRaY@WDBnE
zU_;`0AbUH2g&saE^^)s5T7nwDNSkp+X2+Y%onaq+BXcjX$yz~xn#ny3_v2er1JgDn
zf@>e`RkgczSb>pqr3pE^YMnyNvNwvp_B*g;gkZ#J`P7hnX}YZlu8#t`pqnr%QsSL*
zFhD7UnpHaa`VbUulnIS@<QY%qlpWD4DB!w<<numbT2$}?^qM5cgH2_`PJCz!MaqZR
zKZQwU@Vy-{#&I+B!F+k$6X@dKjhcIzbR~_y;~9qo91IJGys(x@Z6NHnex%_5h6?Vg
zq$22f8VyK8K+_%$Vt>>TR;Y=Z`${gM!(pStkb=WwDN5w!V#NN~^~bim!@ARCYPzig
z7f{}DH*d6va_zQk9MXRWmVl+BnN>4%(y4c$yA-oHgb*Cx89_PJo&^J98OU3`L@h)Q
z{|Z^&(SEbTrV<&e-@RPV+|s)1dkR(A@MyV?5ccN&i3Tx`PY1H*QQp$lb9z=aaF1tb
z)A|K=hxdy{e;~L%d_9TDl0;HEw!bCdFFf%v>EF%i&F>WP*E-Wi@L#=h$ajtX>qo(V
zKDQI%SsBVH?l_Rdt%9{;QNZ(V!Et|Ucd`>O{&4A*Bbt-x`+8z&WEc5WXthHMLyOAE
zRB#I0NBx2Oy;98#4^2nraM_*&R=ZM)knTEc7xCnVO|&kpRw1fbhQmM9xnU0?%bwaw
zcKwiaaoAYd@El&*lK@fG>Aift$5dztiM@@0l=c)YQ%Co-fkwm2+#5@8f(sH^&yn4v
zJ1iAcIv?77P@2s&&&!N!kLC{Z#^&l~i!%Ot>ygL6tATMHyYzG9w;P8k_b@F=K%&cD
zDGgcswMelFX59R;-n!Z;AZnsd38qa@cq0SD_7e8(#SMOtIXfq`=<Q1ZPu@AwDu9K8
zY+l9V+fwIjfAAK+3augaQ!2bY6slgyd#omp$0BEQ2<gWi2YCJft}ivStB-)t>T&7*
zuT=@9vv4okbHBKRj_F4VrZ4V+@r8}+U7HCW9Cs*eRayrh+jIn~(*RJ$1Y{*fAF#N1
zA16uncUH9_;0*$02N>nZFy70=HTE@N$)_{kNIXw>o!lI<C>N9_oZMMF8OW4*;kJ4R
zf~Pkb`0%XYIVMC#?2p^oL>7Ee?Z@pMwhdK)R(>Ur{fV%=U(1pbe_i<i`D6MsrDkBq
zTWqh26q_n~su;V*l>ok@IM0Y}^xgjJ+syp&PkrnHHJnIWLJZ_4d<gg2cSG*`;5GV=
z*Sb6N-|K3Rc*eTB+?Ut$TeZ1xPhQV;UO-*VGEe;ZK`Sr6bI$+`xgu)wgQGQBhQZx&
zbKNN=Z)4VdEHo1$*y(MZ?$lsX!9BL%GN*@!_jo|}3<g8gxtTkey-DL_GH`Wrd_5$n
zuC#uf8JW+(MWn53lMzPsbeL}xts<3BWuX#Ejo`FDtL80f+x@GM5WaXH@fRwp;;SHe
zx34vs<DZ7KT2!eq1xUR8Gz>hiaYm4*GWu;+&oZ{k1Z|Jwl4GxKlR0Du66}ZD+i|#V
zd}8ocM17Ylg5#qKe`ic1Ja0Bb^c&DzpC55OmRYo9P@82fR_s;CQ5mU+hW)*R|M@zk
zeyM@_iy(bIewvQ;wi}@o1z<dblMJbAw2jl|fU-79Z`{D?B^88P>e+-kHZ?{C=0t}`
zl)?hfH)WlOPp98k(Hcdm0_N(Wp5QGwn0b?$#2m9#hOb&OplE;GMBI~}j-G+8@?sVu
z*QkKKyFI!TMb!nNu6v;po^|^h(h-Uoi98AMd5(URE~qC9v%BS|)}smcLV0=?rhSW_
ze2E}J2riEwoGgDuW*RLpd0ErN#tHn?X4JNgeBhKLB)o7dDLb-X_{0n<4nabwYwJv|
zKSQu(TR@>eKMQwxgYSF9=-P!JFX%U9RBs1w2Q+r<r$=?Pf=AKHdt!B_cx{4$Esn5`
zp^}_VT8nQT1Fd*I{(hw<*%n)0Ol(~XUj%K$?qr_!C}Ami9YsU93zxF~9gokOdWYDy
zM7aQ=FuKgE0<yn@{^9AD;KzXOfAV9{2LkcrPUI=`t;mc57Ga{_tB+^n-tgUU_<Dtu
z_mVSS6uxsc@^STJ`?$v!<EucFYKujBW_XcDgY~fwE){9JoJg>{w}W;%kYk4ZVXFg2
zh)g5|Azi#j@vEQfPTe{P-5;cxdv!667iSq)kiRntnt4YNI~P*d2Z$(>70pn!dP<Y1
zR#miFa68RaVX6=l4XIze8?E~VNPy}Js^V+Nu`3l=HpTmKC@p91AV9XSZNtvT-U97V
zeVk6O%EhhgF47-VVWPS_zw<p8<$sT+@Am<i7IU!tZhqIT@#bkbG9aD4M%RtEhOs~V
z0bWO6TSD5u^R@ZxrAh1#MZ}dSC%kFN==(8h8QxpeBX+h5-ap%p0dCVvH5Cc?YVagc
z+8bL7sMwic$OnS&S99#&y#*rN4|i*0`(QE(h$0lAs&wTc7Oms9qxCi{;x?R<?b`EM
zNa)G42fj2+X_kw7q2o&0@#s5|QqRA4{mb9Y_pek_5%awbv=uQ={%@$U_^X#A|0c_A
zB+IR&44v{UoABh0`CRQXlXl6B%F5u`9D)}f?H4K~hEdv`E%!DmGdRmoS}ex|W|#?z
zQeZZH!P&(drUg3agU_{swBG1<RS2Ce`|L&tma3!-`7{AaDlC^7=l}?(%3Ip+^idQz
zyEYpNCZ3flH@g_v`X$P<ZFaYS;60qA_s{sJ+Z&ks2cj6A4v{B%S@`P1jT}q4DL7<D
z_OF+!^;6=lZ^N)4c%Pl%9EmZ@!idE2<p-(7tmGO5Qq&Q^w+15BpcpJrYM*yU(SN-I
zP7v40f6DzW&z9uC4sk$^?$Inj`R0AO6zc|*x;~#zHJvBJyndEid~_YzSfzVom4>X`
z^!mnsUQ$tt`V61#{KV_?{Pa3((GB1vGS%SXRH-$wP#5OQVVP2QB?Rbdv2a2WP&m#G
z?ga#VQUpZ|?&vblMHYo^RH;Tn!V>?5a+=}*Fb&8ZNNI|}uQT&`1i?@A8W6ftsduoF
zBFgg#J7=_d^Z9Ti2yBX?XCmp6ZnfxX;e_<cjDa}Zi6urU-ic*&Gma^mrwSk<aM4&k
z8rbKPjmz)~o9y~s--3E8nwD2`dUQG*VtudP^p=*O6L(|u>bQp_<x_G(@E$J&6m#GE
zvsKT+-Cfzmp3)GfEOftqfpaHkS*}AtsVdZtP5g$=MIwyh7_jJIX|FpEYw$BdZwfk>
z<e3z_6=;<6v12wds6JKJ7WYz>1~IN7;k`-ul=1*tmWqro0}9s!sY?9bJzT8P1Bb3i
zi94EfU;fum_+zz?0|#1R6O9{>o=l|?x<>-2Pc=hHQ!2kcDz^wpiCxp`5?EDcxwo5%
zS&7gFqyqb+5CzX18%6#KISbhUtRb|}I8L$JWyA)i<CCoX0Cgcx<^qD1R@^}-p6TA*
z<Wxd3p|&9#mQPCVLDpS|=xW1HR10UF6?CPLPm3XxFmuO4O<A0g&DYL}a>RH>=kqUB
z8AHC1Zvvg7mOJ$BtsxPVUUpBYtbTlJSgmmj1y%|#on_ounFL|DO3VN1?CSh=voKEk
z6^~`5ph(Jb$_sZ)e6e4zdN@1TbB~P<BM<7clRat*4uL;Oemp*JCgDKe)AKQUi=%=x
z0E8%E{$Qxt*`s3>=VQ~ZK61FBbAmg(lywaOoRR9weLM}{nqUzBYMqfgI+7%N$K!MF
zlSiD8V!&o5a`VLVnTv;P83NnRuFkPUg1m){XkZYmJ8ik8Z4dV=a}LRh2o4@UC$$Vr
zw{ZqrW7im)CAFwIF9B2vCF`aTMzIP83fNDUbd^!`KhI}y*+Zi$4Ta^ipgU>Iggkm`
z$o*?qs(wA<AH&1b?x^cF$WGh<l>|NaV(5;#|6k<GF4F(i{db(@3UQ~DN#XqXl4(Wh
z4!l;0GHR0!&}}^n$?+-R7M+2;rzhzlU|;%tIS(d!)6nIMBsxx^)=%)9fj2LXO3A*N
zoKiGA(Dw(C5p~@gq9uh6e=xgz!GBeGPu!Vaq0*kmt@j`%bEWQ_G{hIzDiiT4e?WH}
z5N*myE-X7gHSr@pl?j9e;!oIyd=M4scdEjSUY(MQ2fwMe*!jXSC!Ry?K`}xhG1xWX
zCKWuH2PGW@IPe?}D{LQLxpEPXelJ#G=-xBluv8S8S_;hKyHq8GpHPYcUrEAG#H~1N
z)Udt7cHRN#-Un_?P<+UO{R&bDgzOKs>RmY4`Kdu_kJumo)IxtaWv}l3aR2&m^#48R
z?~ebI3vm4N4RH8#Pl!!cq}d5+zWMrisyDC`AywT<JaCo8&IGnW5<tu4ycJ4#-1;zZ
zU%~|f$o$tTN<2zx8EZKDEuiSCp53j4ZhQncxOz~_Oy*+q`e{!IeErV6E-XeNO}8gw
zRtpZpCj~(Oi;#b&0#l!hsyVT4Z0iR>6YIOTZ{9V_3k6l)RBG|Sv#j57|NKDzYAt6&
zzM#Ge4|Mmz?4IQH7{gUExlVvpgXsSEjkZO-HX3TcF5Y+WZx`=ZWX#ZFo&4w1{!q(o
zLe*#Uo>t1T+*E}3$AOG$=f+AEBxH*EVw9vbsDVG_*|J@%^QHY=??R<<zFUxhL?$5C
zny4~C<0XyZJBzVOPpXdbmWooA2~Ejwg|F)1HBeZkp)M+ex_XY~8*FC!PA=)A{_78k
zR{8%?lO2k)jVu|E*`lhy8=avO>=SdNT4E^oNX)nfIkU6HUTN{#*Pei=-Uxl%{UKq@
zg6AbF%3Yh80L7nN@Y&OKVxRLT^3l}Z<wc7^8EGK_NcWeLFZ)u3yiPbUKAA0_jac`7
z(BJD1@t0K2gmIF!ne)BFqY<ARO@{CG-imk0;q+kdV0tteOb>_2(c8h%;pE*keS0YO
zrf<`IaX8%@PABP*?<bSJH{xhIdAGkuP)j3D32>FLzRWUjLhGJSuaq5w1<Q6LvyaN1
z3<t`9D#2T#++*AAwLhx~Y(>9Dv<EwkS({P!W7qqG%%z#T!!&$52-eaT*F>vmC-sO>
z4!(gr-swf`nE0eyBE3Hvkf@?6b9;;Dso!Uvx}zcx=g(>qJQisS$Kzh13O4hq=#a^U
zLv>DMd%3qXz~g|+oT5}V_t3%}FY{SX+)FsHy8x%h^R!nDzw78-Ars&G(euVr0gET0
z&fw8%{uBOtqh63+r`Z*Mto5Hx9j!5i3qf#Hrk{b5xHe7xOY8-5H9HxJ-b$}mH5||H
z0LYiAiXLV;$MGn>(Kx2zE%8tmi&?QKGRHA?vE}PdoBt||`M#V^g=R+n8dR0Z9C9&w
z{7ZuwCbdX}gfdu|znrQz_#}b=FqoJjN?cfsG5VzxrNAL76@46;<3Uypk<r5t|LA_a
zk-y?2DD2wcM&a<vEt_WQ!NhDGYGWpI(f97}FpGo1yF&y%UbRS5rb;&4Vf#Dm%?=wL
z?y&vg4m;Z4VZ*&QJ8bXpaEBcZhdXRI*xTQs_IrbaH#-1&hrJ!Xb6=14-|p|Q{k=Cw
zZ+4(y#9=ifr1=Ricmg}9>v~pGBm5V_YMGcuI=q!9<$B}N#ND1)#(lX<&~~?okI=s{
zWYMPrcFa(VxyT{cTHWx)C#tj!+#oYN{&j;pC*-((+FjIC(YjC@2B`oK5l}tAj>GhW
zPFMlZ)oi>d?-kbG&T;k#+1d!rjyGZYa~OW;u{1ZMUrM2u|A77?$H&LV@n@}y=$|%;
z|K&De^iP>A;;(MWYUBU2D#31OV*74m;z4mX7ukZHT%0$j(CfJqMIwt|7@F4~y8qfX
zogFuc9h($84&fb#=8i+|-@6g)z@q+RRe>!YosbH}_v)Kf=Im1;@=K4r(hF{5%UAUE
z2@lL5;#W5x4FMt{=qZgA5Yk4fY83h39UY=D65F!9tX)Ty0Nq~P^r>ZwZO(O%vX4Cn
z0e|r$x0r!$T5UhEjOs3Puyc_t`9s^7{b+>qX`B|sfeJ97x;r{ORXxO`G*HH!Dt40v
zD4;vxMjRb5ktfPsKI5~?peuU{rP?G`O%@3Lvk{H)<3~UKad5sLR*nq61)DpuTt(*0
z2@LG?>IR)}s%tu?0cOas+Xmc^s)};aLRigDbM%@akz-|$%3bfbjdNZcdoZg*RXcof
zdvUYr)>}k}3_<;jl|?MMB!;K6p;VsW{o^e^1pTtUUg)-A$Y0U)Yw$m~b4djZ+$%ML
z+9;S(^=al|Y2?9keWht!7f-MQhA$9*c$%M94t$k`vT^25jvbYtW|&(=oNxWP$7kH_
z$NGHEr?^O!8!%bm>7AZO%)l4w@NyQ4T{Uo!!QkY$@?wAXaM$RI4nP0Vq`+Bj^>PCe
z#Gv4$CA^<#8#y(s7m4eFj8_$SyE**hxFu$bK3$^7S#z@@N4=X`i$+S#u~rLV=b|+3
zqJy&0{Z4JKMS5Cr4)@I=J0Z=%=O(PW)*e!knV<p?%2c=hHp$dvcfn=8D^SvDYt>71
zx=X^g%xC>XX`zf8=L?aAKAQfLFS6H9-;1?JFHd1n8nnYTq8^P{y!I8|08U#Z9s&Ea
zngB{3Qe+)!1?AgEEPmC9XA;een#{|*4+R?Fh67XUeJx<BP>BJPFa(zR6f!z=i`Z(9
zoUH5qdH&m%FAHJ$m+ImDrBLY?_f-E9A}aBZg-q%+*&LG%_&-_{8Ak=@i2c9+I;=<<
zOX*L^^KET=y};Y`w-E#>ejSk|sxDdGS@D%s2Ui`hD`laAg2>5$=sH0n>&VmCJNlD2
zUd=i)I9lJwMc&-W;wPb<%<eV_iSL}4dTGMJ4qfXpqaQV&@|?4joB2d>ol-7@YW7=f
zMs3^!L4rXjZXT+!1)os320$k2Jk3%F@UDAM^pZK(*6dm>1hNnMff{WYnTmvKC_+*V
zkLtbf&(TwiBEvmL0KbG@n{BdKQMuYU_&!%V1BUy_k-?qJ?pmIK4iLF~WT|o!_eyY|
z)fpccl;1f>EA`+T>_QG;jhy%NAahNcMg=WWp1|wLxTiKaG|C*`N|2);b(iij<qJ)L
zb_4UWxW1##8gjekZYi`GkNNrfg2983z4~}|`?|`UZmQ!_do9Pl!gU1jm$r(Z{!1MI
zb3ly0AN*75>>u6u_2!{b+oRZL16%VLu47nx5F@(Pd)N)xeWtNPy6>^9cd2k+xeHe*
zT^cBbHdQ-J^k@AYR&Zk;lqM(32{$sqdgEkZ`AaQ;5&Arzs=x9DAS@dT(1tq(LYc<9
z+h>)FVx<h}Qq{vK{E{nMS<Aih9}y8LM(mB)SLpN=c<k3y<jb$XAi(XL(zIfPgtGHm
zeSRw!Vuv#4=E8f4(+Q6sqm31BTkEG*yKTLz6>lMs|AW+M`2gB2%@cvX<4?7KG}LPv
zobY5WdgPB-wTW7P(|&v5PJ3pr5q<hV4A(PEd#9S<PHid`WZF;7NA<ex=XTGi+HwBN
zf4`jvgjlm{j!QdNTK-za=dZSbpx54-mVcf5%T4(Y-5Sa}Ez_u=;%1?(b;qZ7{F&SR
zN7rWCfY0NdSpE(-N&^f0!wU)ZI{r#86u`NUNY;CJ#A{9p$9Wu_OZvBlZ7Ily-Xvq=
z3Q673!QR0^*O$wIth)|jw?qWPy=#^`jGMURmYs8~)KbZtI1m+GgJ*yP4f)pK3+eSn
zeoQ}!pDE0ZAW<Ax0YR&94d%HjbIeM8<eo8cc4}c9>c~@cLt%j+&Wrn_?^UoDDnSvR
zRQ?_e&1HU<tB0H=kWZ7z)U0})`f{A+P8OfB{mDny{QQ*Oi-i#SW^Lx7aqM_B7F8;v
zD10$kGcllyVr(FL02;~h-H3~Gu<uCMrlL~>5!$^SU|tmK$Dv_;dWZ^Bs*tu8(H#t=
zgc~I?nDlGgV>=ofM?{SP4(B#bG+>mem>x$IQ(_f89U}E`jb`lJ(oQ3A6JMSz;aNR0
znEr7J1B}8qXc;`QQL`Jn5Qan8iL5-a**#JULvH7o3gBv8RWn0#wN<!{vFwxsHkY$`
zwq&U^i7GX?^ipv>nllCJ-}}gE%5_&LD6{4^Mp#t;!1JMZ?j^?-!t#_`?z4bz9&B2V
zmZ_I+$AU0GvsjH>c|B1OR%uo37CA1h>IJW(HdXJcYJaDZMWb?BVkgHitr`xr_Zjoa
zu2G5IumwamfS5_f$pFr$ghhY{Yqt~ZXf-}f0KH;o64l$PD%%A}yePCPv~<%T;}VoX
zU9k_=?nKH&>c&SuF<`FiNxGWhvjPRT;3&vARH^`gf*ZyU?vjj*Jm447zF@t|*QXs8
zZ*x;~vxxoA8rOXFXT4wAWEtX_oIFZ7;$!h_6`C(~7*H45qBFf7t)LEHDYQV>sPR8A
zIIMjSBY+W*I9|Mu-e6Xr6If=XT}F9x^H4F-Q{X3RR7H>t2k#DRTZ26Pg8NVyK#Ry7
z@s$=cuG7ph5;U7g?YM&Ub;P(8uPX{cJt!)M=qUrWbZ{BFa87cWQNolQymv|swI=_p
zCgHI`0U;IObF_c%_*w|Uy&ZaHt}OJ6oW*N|Zy2!+<2HbdH$Z)%LzCD+XCc!Z(w&g?
z2&<B$9L!1L-d#RZRcbqD3zgeBRRmh*mOnxbpa66euQbPCGsRQ*i4y&qT}Q><pVh?d
zZh1$|9*#i3{jVd|9k2l#vcKOwV1Hi;p?@S{yHZ;^;#}g6JvXKl`dUn585#tfQEg}U
zrHUHd$vh3|K@ddrm6AU2o~(cA)s7OwuefnQ1+~u6wdxb^_LT|LblSJo_1NMO05QQD
z@=LpS33RJ_OME|HiMpZsr5+M%{UcuHhp?en#3o({4UdR#!egBu#3tj{eIUM@2gEx6
zhwthAu*Ua6JF#L_bgT&-RU$_^CH}?fZvWSHsjT71bgi<CMecG4uu!RKNKJq}3b+ei
zfEw7>sd2y@L;6(Ou}W8+r4V!vW)jtc2M2J9@~(Wrf1{bD=@b66SNJ@_%x@ZU4j=Z1
zZ~B8?p+$dK?Wedy51q#8ThoJlFg-dr983?7-iUYa-o80{I~^SCy?u9ZG}z;B_`$*S
z&G6u8xWAw5A0)|MGD#1ohi?xDVmeL4^x%L;TI3ZU@@KrrS)7VxeYwqeF5cZcF1T4^
znXwaVk;#M`C|cDD3-8@U(B1hSBQ~r6)|{0?_rgc32d8B}VU->?eqtdL#3_`fz6pNY
z=g21U=d(wVls?;t|I=eu6)ID+C8$)|)5ApV$yj$o^?d5aZPu2TruuXD*7SH$jH(QO
zM1nC0;D`n@1r%IJRBo&Wuk|`*JYjr?8)$!0H4khFJvbNq@#aoER5Xt}qXLZnQBO9$
z`zw~d_g&n%|C}3crI|wYxe+^6SIT;6u@mhPm4>80tDgDP?l-yNBQ%IW%~dLPx4_k(
z76k@yKQveAsq{d<HLl<{Pib9bL0fDATZt2>ox7+`b*L3cZvePl&hq;PpqF{^(=Z$R
z@?(3vf7a%te%@`W!Jr%`SO@IM$d*+&7tNI0W0jstqf5~EzAw`mRNBKJP~WN9pe7WO
z#-IgGXtnWfsU&`f^KKddn%(9rzi#1u^7^FI*U#Of=oBM!$Z&#*Aa@I)6Omg!!;}<G
zMxY`?ps&>eofCY(SVJQNk`JgR7yR*a9`v*!x0-isbkFjy^)@4Lp8x8f$1*>zfB7Az
zPRU)KnL1U3gz`3Jg|A1nF^OUQ2~udOw7UYaB1@DEXNBwgrjS1nlkCLla3XhfAFZfz
zHq$&2tPonNGy;nvB|B~0(oxTkuHzW`Q8ZZ%_u6?vDbSIWTQNgy@wXfL$sZ703ny^O
ze1`cvyoeV67Mr!|3llBqnx$;(^TZ;oW28~6R%^7@M%}BRt@UABZ3K1q4!CZ?&QQ4(
zkJj^^8~XhOfA*xBnveJ>KRP_z-&+H>61-cXn|9D!PzUN$o-MDHvL9q7F#TIi8r5Zf
zY_3%9nyh~KY=n+cqn}q$W-Q?a1_4PC$x*3RMO}6~zPMO3Ngsu~5{cBP=zx9k7(zle
zH4S~6{>AttLe=?>cfj-NjWJW2`Q+>U+D;EmRz}2l5j^f8RiKHBGgQH6P1t!TAh18&
z+mB2kkZ`hQ?F-2mc}`JCcv|3olzDZ}$2qxZ$08I5v(9P8gnG@U=$j*6-GjY@!>G$s
zmJuW_@}I1pN%FS&tXTCsZ>nk<?#*{%S#YTxG0B$z<$=1oA!zI|xa{`gCP3k(or~PP
zfI|(UmHcy&Udmh0q=7RKV-p2oM;d;&#6C8f$<<))2q4_>LCXS^_-_)svv%?S6C-zO
zIDOx^o%X%Ip_;NStZUUAMnbAPmo0~pKtvE;NijmB07klm2o_`|5nT|#@%TI<!kXBW
zZwtYRF<c*j^YZYUZx6nK(4v*OeXsKvul`@rY5ePoqpRWcyF}567wC{H^=?G{C&TB&
z%M{4#23Q|A=MfL7u^sU!Q3>Tua!0}+=IYrI9Sy3dwJ0(H$%naCWgeUjh#}VOYFe<Q
z)LP^=Te3OVDXwF%hda=J-;dc`6&xNlS(B8kmc4DaD6?#L@9mqxyRB53q%=mV{EHs$
zzZt%Hw|97O6!Qk9*~cHx*eSQX$apT;PkZQOQ6-=zwuD%@M|uy%-oCj{`c3~2`~z+2
zX;#WL^YUWRx7SZPl{^F6q$+L8+M)N#+^382xu&X|2!$X|Z|}nYO7v%a*4-bNE*+Ls
z^6VBz_#PFX-t**6O{bN08nCf?*>aDxqc3xoa7=_b<uZc`;wxAK$d{n~ToJHWGPkeU
zC4Y<xVPNWpxC-?IG9=K8!BD9AL`;<yY$7Ofq887%<pqaVh0wn6^=q2Za4?|xI9Ql|
z;X>q>{PBA%#n1k+Q3&1hCAe`;ZaA8Z&x$d{*eUb_a+jZ`%=h;~d#@q46Db8F?MaZ3
zG27ZJFwJwgMom@XTjo^s6$-WbnRka_DXXcUx*=B<HF}45jR|A|erxJ!n1I)<X#f7R
zz2&M&RAqU5<mIBuM$k~YQo)KUVKkN~^J?|oIIlzn@X2tekci+Y5*}9rPV2~e0*CO+
z=0)+6pi=hAv~%~rhFH=kMAwbuNqhCXbS18|T?zgIi0u)kY~$F_b<v?U8{)E=Dy%9D
zg7qAtP-F2}z-fnSym=adYwnzAGsl}K3Y4pfVQY1PEg_!m?Y|-3wLxv&7U22ako(pc
z)CQ7kV^L?SFfBg$@O!)3`3XnDO63gQNgouF9kzfXcJub#J~F97t7#iL@Zni}R)X3p
zgb)B>6uZQ?z~kN}9VCyrGIj%)&(HE`aJ1K9tdyhL<%`8!LTbY34fFZD;XPZ;&j~>(
z&s1L1UD90+4|<<G0pGji#pYj`VE}NH+X?lPLw@sA6e3SWp2*lK^W0LX-?Yr!g~o%Q
zHP5u*=@MSaRD(WpgVmKAZ00Y>r7GE<%ZRj)u(d)AZ-tQCH8exJQ2=!>Ik-gb#8doy
z9*OO#$^|t03NadGG1EL17?Jd_3am<#?nE;3K>SL-kPu2s)$5h=>r;EMmSLn?Ae>Yb
zOYs?s{Z(taLk8unk|`pMjK;_dX=BA>%w?4KW@Vi04wNIS%x%y!tS0QJzr78bCK?wA
z$Ps^rEZ5E0CyHvo%K3wX!JzToyO1<~?op!Zwooec3#0>8${r#ONd!$xb7{q*HB_sI
zFL;}oke;L7fI-~!h^VrrQ3R#Ztvvyyy-{x^Q%F0InpaUXuSml~t5?eJ=bja9+Hch<
zw=3nnDl2UIzXsja=kvcZHFAZ}_taXEVyAXlRC~v(eIoC>hX36L^33yA*Hu5fjXd#6
z*&_rinuctx!~Mz?uf^d`41`GE4c{Cc?jIZsr>RH}#G53Y4Bj10-b}<1-=CyuD$+x~
zm!`wP+u<JHdovkMlOvJ7JDgOI+g<LSb-G(i>ZZN5O2Jk)xi-_yteBT0m{0inw0Qe$
z0<mWFUSsy&98PTge#-vMSSIg9E{qv#H4*J^PT#~`ND~n;mU!IC3AXw+=nwb)=QHm)
zC(Oua5D0C47YyiSf|q8cCUH#B*Ek`*u}wp5N7j5|&)Z=owpSc5+q^pQ9zyu_5ZR<C
zM{GD43>LMY7h(Y?cR1KPxQxDdeA|Jv!#Fy)l<;Ay-QHizto-M{T5k1XE+zKFyZzz5
zn7m2&^ypwR7#t1LcPSr;=_KXp;k)E0IXD_lj}kt7bGY~B=<U0My~$LheDLPoQF8SC
zxm2L>_heH6==bAO0pxFGR1H9zbE+4dQ$NQ4H3xM~!q8B>tCs6jXrP2F?kl^C`$z1>
zvnEWmUUxe9nyYF3xrl^&%Dw!BuC1kffnRGWpL1%h_FdNMlG?rr2nB$XHGNYz@|C5>
z0V-I&)ls$q<ZoWGfAf-EH}&7yOSUaYq(p{P%WBUmv(UyN6$IyR@f82<<0&@s#is4@
zj3ai%K^uP2c+CH+I7Z(zM8W1oQQgJiqFCcU9C-i_2ZLe!D>(p1KTlVFYY_Ei?!9a8
z%T+ZD^`_42)3$ErG5q=buhd=mup;WIn7S7&D63ehGhe#WO~Xk@717;E48mhDo?CEa
z^>j_<JfDd)cxuQglT_cmc7`0LkqsN=E29>InR3$e6{*0MthodQ|JU8GHLqK6M1)do
zpgrAT;<3-Z?h-wE3tsHv73gO6S!W~G-EBRg9>JE)M4z6tp0C>^b%sTd`oLC3ET75z
zaZOX3nI2Doqr_>Sk`+$FAnQsk^Dd-9?U4<<=9si%at43J=uH!}@>IJyhSal}iQfga
zakrixJbGr5iwTxu=tCKsf+~#peeSp8f<IF2Ju35}N?Vi`e<QaVY1vFzLm4zkf^rQm
z`QwfJRa{OS2U!EWdR$C+a#t3+1O)(?8m#xwz>L^o1nb5^>KdGZ&~3YCYo(DiYy$3b
z?)d=~<1#rF$ujYIwGDK5a=$sGp32|4OI2<%H48mNmR@pmSAWBTr%v=weC$L&q{3K=
z1d4vW7dn-Rm(an~cp;5#z~27XE;a0q{@6Xe{xlw+opyJ+XV=%CuDgHw_ibvMihSAL
z9ntwxsMJA-eD8Ln?$kEI^vMpi4XEI}UzXORztz%=<X0^s*5%Ep93A@Alopmsj?+#e
zkD@0R7J=3u){*U{GU|Y&RF9;H#cQ5fa706AzhJqprs4X_oN;&kf&m9Gj%|TH{e7*B
zyF0v@n)UE&6U|#)0=ox;t2eJ||JtFFl-QLmd~tm`B@YtvfQ6)1n1Rk$^E4uxGWS@r
zoJto069ADUP78@+gw*{j86N@7v-UN27uG)?UtZM8zYr;G%^v0$9oi^)mPNm|A2a+T
z^CT-%ft5GS%4hNT<mc+Zcb`4+-CEDB2-~g|#tsI1t1VVX$kc3?a(V5#RqweU3cgDq
z+6Sr=fR1lJc=2?1nEwqDzVikA6rJ39+xSD=!E=>AwII--b4v@)<s6rASdsyIw-p@2
z%zj@$E^GbXBbja3I#h!zx$(R{a2EuC-n%!4@7^7y2TAYEd_HTR)HA!o=e|rwth+bZ
z+wTnry}`TNz5UVQyV2ph-r&t>FbEkI&lb|M`(ghKQx<BGaqE2>Q{x_ESkRiveis}P
zjHg-^RLIh&<(dj^9aoWt@vNBh9adlob?=5S6(V&vE93Tgw{6JsV|MrV-@SoSXKp}1
z(cx>owsB4Fl1lRePN+UoM7XZtck37^9TAf1yr<jVBEA;1a`G)V^h|I7d~V07&&=O=
zm98yi_JtR6_kIY+XZQN-`1JB@cgsx+2LM<!mfu=Eh%@`r@b2hg;nwAsROAv$cA|$E
zWo`4X(@-SbUC0!t_Udb*)2}=1>)pMvN{g@V(eX7^<s=giT3XT5f~Vo*?&>$!AN@!q
zlp6(?W+ZPI&=)#=-S7C{jsp(p8PZL3+C|J?;d}Hoy9I|~#U8k{UZBG|2f28tpsT#9
zgCBmxS4O|HQfl6GzXl{upivaU401F1L&EjM&I?P)Xv+*M2AVrruw2+F7HqC!gsRHL
zDu;Jbq1;+n&8JhD^lM>5?r(Xvq_`n@FPhb>{k<!5mP#!W+t~_*X?dQ4!!`SHe9aar
z6@7N8v{3i%F>j+$s$|OEUnm--v(*@fhf42}`(|vEaeK%$OXld@eRAbq!?rB?9lFi0
z)QQS-po1sewWFIqkFwy4P*Ae+m^&Xcibr9XjSGf@nXT62Tzj7Ubrf_yZnWJF13+$v
zQE~o4VV>)nS`t$O+Ng#qQVH}^^oI1x{)Wp;5*niN<(gZl(r^eKvfi`!$x?#g^!cny
zKBTfeIX}I|a(dcrUSC&u1_|pFlX)udWm@u#bY@e?fqQ&eOHVphDs#}rDs}Kky6z4K
zefZz*+wPy*hFx%Thp(;QG^)G*vGnEM!FQp`(RZcFQG+VebTAl=c87z5233x}CsmFr
zstorA@i@$FSQGMZlAJ7awkR_zVLJoVa9}VQD%O3%T|8Fl`PdB<+h&4q-YC*J%i{hZ
z{<quSsW$bW+?6vN^oO)rYTp*Ci_4g@bD<l<9BniV5Pt{@5V8k12YPq()Gm5S1kdeU
zxR*b0gh{E5#dQU)2^<1!tH6UpdR$*2pB<0SgU;(XGm2rFX9|0>>Q3ZrQi8OUP?c2Q
zymm+J4NxiN0UwXgFWj*29YQ$c4Z?d+d9i-J(@gQkjDIPGmcp<C6F(^L3A<+I1gt*)
zmYLI>wV28*17JJEW~&P9mEa^P%K-H%3m@+lt;dt(JLs>W-#?CT9Oc|mbjPLT9s*|X
zzJ0^3<G}X(jnfcAFW%P%B=POy{RtWnM3xzL@xBL#*ea9^NJw+|pxA**OEQ9R?-!Y{
z3&qp-JmY!dq!9=4TQ1FPg2-=Wil-9-2hcjKfpAs2-|wn5PBd`?(oge3_S_EW!FGz|
zlu+@(&Hr9#5HMp7>aE7!H^MLZYPyK}c1?JO%(J@F*)gbJj>qR6UPyOc!~SraqnRRS
zE|_>f{?Nn1RI=zTxcQ|A%8-sMF1h&yV2xJSd@BmVayaKIcg;(oc`Dq!VLDqup99%W
zR~o=WZVOr6FBdYuyHJUHlK24{AKWG4KRV%#1h5O0+)-GZBN}KoA&rNZY`eXlld!vf
zHOTw@UfqclD;Xf!`t3kR%n8*Ue{saVa3DDtObp#$sSob&fJTp_)*gP&wdINA)NmYX
z`=N99)-;b@B=-<_11}7>S={!CfJQF!ke(iU;pqY~!$$_h@lKA1cuBE3JJG0(vJ6#&
zqyH4Njv8nIQa=h&&@uCl#>^Xgy`A}?9<)Gb>y(Ry%5Q}2ckYBJPD6k18}iI3;5GRy
z@CIz~#|*GRt6CPpNfXBM(ZF`Dg_)}i^sv+t2Sv6y92~MowrAYCEjJnEdB>#D5IHjE
z_fnO?N2}@Y`D(Z~Fis5QOZGq6{(wEQee=4*JOa0V{E-{VW9Rh^;q43|H-XvJ@Py(I
zwS-%HofXg6^>eO!$gV+bL%ddCH4xh$bXI+4*Q3^;Wh-v`8=|%fYZbQ^ZVxtrLaWDR
zTtL!E+q4DWk3X=KTV8NG?`$#1l^*K8a4pCp=N`*l*p6MtH(z!cSH?d0E1=VxY9V$z
zTkZ!au5%sNx1^yuIHkGZnVtXYJ?$WYQykp3exeT7+YoeSr~*K!D6vfs#L;lDcX+fN
zEWnQWcediB6ux-x_8&*1KeaSJsv5g7-!H?3PVv<tdrI4cf4~X8mw9@erW({X+1{0q
zv-znsi4!1}&8y{NkL9kxL}{#n0a@3{T!1(Fs;eOY_(U$hRm*J?&<!vhbIl-otXplj
zUunnnf!)F{LCds1Fr;Ym*ilJDUr+-zdi_rJ2Ifu()p|hwgKL56AvX3M+|T}3@7(Ko
z?yd3)aJN56ZHy^tMH=V*b+<kRw*{4&aN7W{)vaJF?!unS)a;W#0vQ-^m#W0)uoF1k
z_ZcY0uu-205PGU^C<38nWyJn$RNjdvYlxIGsX$E`n(mmBSUZ`T-M~McIJ`z&SnydU
z?!n0md`~T#b2FFutb<?RZ47<jIJ&16B<PxxiTPD1D#<Qihl3Q7qrj@DDO0%{**jf`
z-0G#120h4;Kcw8uZv^E4t7_Bq9^6iA#041<xuSTaw*rV!gIEhMM-rhx4kJAz%LKpo
zAz2_5z+!t1s_A#|43MIR<k8jr*E-74H;i)hf>G!qCN-Sr^s2O!+2Lh_R|8)=5H|p|
zws$-dK*0CsAKC56*o&wB4Vx!gaDy%b@QjAWA8$VGe!Tt^dwZh}2y$_$)I?-{fBy0I
zWV~+Rqn8YP^pb&(>I3K82A)~v@J8K5(Ys?eSI4((fd$WfS}aV+#gn_}hJ><$>BO<U
z1ut$ax8^LjS~>v@@;BBK4*2VPt{#}0T9H=+fd^0tx%eP0fddtTJr7oz{ekHSaG&|e
zt$5%~?r#`=Wi$MYmTzL6jxsPN%$4>Kn9JQp!silziz+>>7@F{j8(WvGmb01AAdxgi
z2NI#_-EmoT4T5VT{^b?{RI?nKrrNr4Q4vUDw+@ZL@G5acgWe1Nh}S|`l;P3-+k?)%
z6~zkGe)^}2<12Ps=DEn&nYXgM`swy;{2G>U=1aXygypY8AyR;Y`=RHp3h3mknC00W
zo@A+0R&Z^X%mHMnKn;hxnf+$6F!XwgA2UoYVT5DOZl`2ap)vwl*@w=@W(W2XxgfFb
zun+%Z%>8E%<8gd*a-({|K=5vF9bvG$cR*vfzjiyQ@{ET7KmdVVa&w1UkQYTJg)i|M
zwP}p9cX-(M{~wIG3$U`kbOM*hCy^Kj3+;Y;-5Bk06#mE9auod!hfXR>S}^AwqhtUo
z(;}0JwAu3iXYXB`8^@7!;rZ-efpDEZUA4zjN%GzA?#6M+?rxv9T^ifnvl|l~RS*eD
z98)9*AZ@F6XMg(}NB|^A0=(#AyL#-6*y$3<#2rXvKKW!Wdt&BjfL#lNUrai^xRNMX
z0JC^tIYm^KL8&^a3p1#nAWe{ZYJeOZxNv#~E=$+D@WiLbEY>^;yl$6XkUXW@8H@Rr
zCviPnkYmeV2-n;Kwh~@lk%Gw=jl{fOJF2<xYN3U)u5&ruyauv?4(1w{;9gMdJ^+Ul
zWoqpf_2PRQoQc9WukNoN1t}S3f~$ieusC79r#qCyL=Eu{@+O))QtLe7QRbq=?x}kv
z3q}Xk`%>q0m9}kY_>MG~L4qv^U~qExGH4JJ+ctJ)u$iQg*_0SHq-eYV<tt7p4Zvw4
z>I%s9jubWV@w5wOt81vvji`+<g)B9B58fv4+vI)b$$L;Sc_k=Mk|-hOxx~S=yEV^9
zyYvfXMsZU9q|OqnZae%ghJ^coUr~I`H<1>X5t^iiPHE#(KVR-$ev(?Q8_G<48F}HB
z!b5j(<Yj!P?{xMXWd@f;Vt*P^FP_cSWh>CwD)M#K-sOu)-tL5aFo1Gx2UzGR4%~3g
zhfQ1`;hpsB6Zt%?!<=74WbpzNz$L-2;iOmz@MDm97^nA3q546=EWq&&av9x0v&EQt
z?v92q7djpw9{77%7dQ@4K`mJ|6v<-xG#g63!vL!O!Ncf3&PE{UG=cz1K3ybFh49^+
zWWi?d-4F&WVT6D7VMnc)_y2J=LZ3!IfS`zmQ;HSTMJ`9a2$D2Mp0+i()O#TGdxi+6
z{z4H{3PCuYeb|A;Ls;A)lL@~fz2~LNa-oZP*|{zN92@AHBDpWb-N_4<7Xzz?{(ja#
z)uAq<XC8|nKW)0)!Eg=B`eLNI7o7eVBYv635lehE1RzNHyduniHC1;0#Yo=Qs3aHF
zrviMa6@S7@N(WksxKp8RYK{GT#8CR<=_95D{RDw-(z%tzwY<x&%1EG`L_X1XMcKt=
zMxG)<y*UYD?5E|bPF3cM+)I4gcd}_OZdoEwxC4Z%G6W#~qM-g?9_IX?TL}4w<qT+-
zhn5Wr<~9i)!UY0TXc|#6OM|vyb?AJN%6UD*n%5~?e{zY+%)yzJ*B^KM!yPGKWvZNn
z^bu1TDV33$DwC2h&x)`at>W41nUN_qZHNL!0%@71#dbr<6v@&wty)lu<bk5bXsLG!
z(okIb8Catu`tU^S@0xxVU^u}<mLn%(B$hL$1Mf>HIl>G*65sD?WvT^vg3iQ$8Oj|m
z(4$DQsk$m_c2|b}2nrm1eXGeO??=4Dq)jvpr4k`xxvDFBf(#uWhY#tBO<^HHmUjZO
zBMY>kI*J&PWvTgLD?rKn!3#)dD!EqWx>4SA?94p!AfkT-YEqvu#cqId^RbRHe<`~B
zl$~nY`fv@8Wxu3BZVI%Z){Ly0<j`<QAQ`5m*mC70;j3jib<%=ASSKk0^64)$9DBhI
z;>#lbBA51#I-&tGr5)Va7ezhix^tW3j?K^#e2YvY=nR^bR7X|NT`B=+vSDvigJCvw
zz(=W8uQ0tuaSHpv-vc*8uh-kz9ULAUZf{j5v=<j0jeoL~)?O_KVWEK7x>+cuuo&Gu
zExAUDD-U92-@#OyB54cqM}cUE<`#-2v$)7kqV#o<N0%iYnAdk?7JoeU7b@Ywjxa0m
z58#TX{9t<hKq;375Q#~G@}Ukg>+MPU1Ik(npvmJww|{UXO+4E>XnWA>^-oSd9tgZ3
z|494be^htgYUvEXqYpT8VefI|zC88<W%pL|1r{o=9e*~Wp@ib+Jyxd?T({D`P3Mgl
zeSst93nidAyI;hH<4piMG!y6|63xh*U;l)LCEj2X_b>W}?@Y3EUc!x-aC#l&+!ww`
z@Xe+XrphsCoWbb|5Kg`!|I#Q~0@0+lXe>wGH+2=^V$?;~gh+k*yjYUl!Q>h=)g>=1
zyAKI7>uKV8lI$==;wbDBppN7g7$q_C0swoZ7m;{I2~p-+nc*TuLW7G;E`}Y1{YShI
zHvNFW1*oZySp{Ez6y<#M_@VLfo%mNrD-{^G*;XWN#p&-7uP>{zT?Ye8ca#DeOvvSX
z$raaOujK6rr&dYuI;PeH8Mr2{VB%1N3%UZOfa4khpc(Vh?H|&IgZpE<yJaZxWGkhX
z)n`^lD=Y8ACHHV{Yi>X%TaaU<lC6@JYS0BiDTQna%wS*&w-SSAl;C+f@KSSA8t}oE
znF3tzMKk^PAB+0imMgiA^1CpMjW~Q7O0qHy{Vg0rwUjJAo$7?CZ}QX?wPfKYqHuBO
zt%W4K0YSKl99)ueHD$~$b%svqorYcsUvxR4ZwGz(GAA+ql7V@?K#*eSk}tWG!7-*&
z63cGpkJBeqhxq)j|LXsv9`>!#hZ|7e?P<eHonWO5*Oi*D{J0ie$`I@e_ZhI_!5J&A
zn}(J4@u4qv02%F-0sx_em?kXdkI$bVG$Y%Dty-;Jn^j$*6E10iQUW9-NtXG|PsbdK
zK7hSh=&5&rg=2tR5))QS+@{=Z;|0LBu|vA({r?d%zD&X}WBC@gyX?UZ>d1eMvAD*|
zi*EMohc;mEaLm_@$eXxOdp<-+iT}*B({vM;mr9>dG^Jq@<<d@MW0+Y&hAMOQJH(Q)
zfatJpu7|QSz9bzMt#}(GN)=Sv8p8?N#=gG|6KgvN1F{X5iPWeeza$0WAVVuaWi6Q|
znBpMTvg`>EkMiKlJKF=HOyvN}gaZGJoJC^ccaR8+bONt4@g!+g2eC!qbod$H@gk=G
z=8rpb9I+19xjXkqtdpw1FhhT&c!C3rT+C+U5L4HnO7Lchx42&E&EY`TJ`koodGN!M
zg}#ISEUJv!!77D*<cqfhoE_|AObHQ(sQf{`^iDbnI+KugvZA-L|1_!+zS!@ikT2=m
zO>U{h1+8uM|D#0z%A3f~AHMe&&%}3{q9h0T9IR6cptdCpTGf>qhoMh!VBB8h@)1%2
z!k6cA*KyLRQUuZQddiq_cK-#hB1tLxQ)@vX`bBKKrkC|WNH3uf_5}anJ2%w!`wkd{
zJD&S}j!8&G4fDl5!(4k5%#VnYsahTH(C5HknCX5dB3>;@dnL=J3C9CX0yR+~92<aJ
ze6n)Ye}*4~;_7=&%)00{HDf9>PY-p_-r#ue_~3AGyx&#UD<)v8-){+$pNq2-)Z<em
zoN5Xy-!ugFP)mENOe{VIM<wLY0t@XF%?V?83fnMtag6zH18tI=FcQYN{nzjQv-91&
z^PP*nyX$^Oe*5cp@o#_q&j0PN-vz&+zkWA8`R?6s=(`6!XDW_o!s4vX4cS?|SiYx#
zYZC{Hd;>qa<l!TW-7t~76oM>%+nhrz49Mq6+I)RZr`A72f@FSz{u)#4kR6wdlj)8Z
zOv0T<Oap$aBb0`8$Dtk=CwIch#GZysPEXzhL8Pg=OE-4FV>pcS9^1^53$;KW`F1=G
zSq3WgSn$0v8oRkmhIGK-)OQcl2qV{nL|lPhr+9{ga*R+%nDhPckx=9b-9|O~YiexI
z-8tC_61^rWyaO53c97~gBzg{|U5CQS#1O}(53jC!<a*Ii-><wl5dbGYx#VwaYaT#q
zd@~YAc!Vc0q0)qh0cfbjwBtA?^C$-11jZMEI0N}(8ULe2A*e~rx4SF+bR&ttMuZMC
zi3$TDu6}d;q|CAGOGM}wt!(88=c^Fr3qXs^V#Tsfbx<+Ae!9C$y>PssO!k*F!<_7e
zbUmRSdN0+i52C!RkTdyF+GInSNyK7G@LUw`xk86ZDFS35mMRs#KT|$#Kw@Z_`rzgV
z7P*KBLtx6SmR9$m$8`!`jvS9tB@cQAR3}%ZiHl}o#BT#rOkL$6c<Q8HsSW`412-iB
zfi}$ub_vaH42m4>^3Y_vlG~Rg`-K)iO(xgL{7zKir!ZodhXRp!A-UAhhHFgLRpIku
zeZ|Kak#kB$t`U(hnU$|dJYGdQE_FmuV#FCBImi3m-Cp;g(?1;W|2sa|>+FyF<K3f)
zGug!lgTc{pe=^zY;p0hv(swaFCVOPucMp$cmhKwH@FIoz_;???lkw5s{$bBOKE@M#
zus<P(M|k)6@R+!R!=pWXba-?yAjiGEqy6#G?quv7jE~*Dz5Rn8kxWEo`f_0&$(WPV
z4%gD5Y8iXPsN^&*AnzWgpGnVGQ7$PAC#KV6u2^C~#3`LN{n*NHUf?!2%i$LY&<^G)
z2|0ZCll(nLLH;h~bb@=wJcv77Pm%5mkRbWt`16nRApWR5S4Ev5+mkz(vS;9p3?aee
zJDDDV>wnrXslsR&;i&{t@EYHRY2R;Io2;?78<^XxzPZZxk%6SW82Ux%Tq4W(mBb-3
z;6%T1k@76kKGRra(w(=T9=XF2%7Gw+w*sAxAeWc;*GMKkJ3LaK<q9sa#Fnr9&8V-l
z3oQHSLR%P#KfVL$UNG(8PWtPXnT6KIL2G27wK7OI<c=;f&!$R7n(IieafvQyneND#
z?8sz%wX?$K2B`rty#D?N!`&1Wcy%R9Zh0oE1f>zoxH6-z@&umJc}Pbz1WG&=si-F6
zSKXW-EOuVt#oCT4jLLa2c{<|lUjpdgfVkTYx-YB!mW6q~U_!6@ILA1z9l<GAkBo!)
z->K@<ZsFtrF&{-JLnj^FPS#Byx5^nA^4S=)Bno>n6GJ|O!rqTwx|3%47s|O8@?Y)u
z2Ui~7M2lh1s7>HA+GOanJ@^?d75;1pfHo!vY7qo&4TEl0Lxa3>xUo5bP@8aQTR?QP
zN}A-EYH8%>h5~+J0!~H~nHxG3?52voC1dc`y6&d%G9o^Ckg@*WgXfbeQMriaKg<5K
z+jD_ow{2grEqu*(E%=fV_$UoA6?>L1uEXE6Ud9l6BU#X(dMt9j#E5x;L(n4;HUmoL
z;RA7{w^CJ8V_ZTa`x+I1SYh;%1_RyR02JJqAwLYJk{?GJw-gFW9g&**Q(47CTKU}8
z`#n@vG{nJ?FztIJpSyLaJ*e%utU2coz#kqa(;3%^f>_h5)!REdYFq&JV6hU49x09@
zLIpEqDwLm{dPSx6VIqOPfO&V~1p9Iyk7(!+rX?HwdVPNP<<rIW*_Ye%n_n-6=U-Da
zbKoyB*^6B2^$0VTRX-;hjTfnKWpVflP3aaELRYVN_nwgGn#7;Hz?D9;e-p;n_a6BE
zJ%z1?zLSkhOVaCE=+h5bW3R)QoS=&=r#+dE2^@t`LD~D6D2P4a?JbU%cF329I<<9c
z6WNsuKx$V4iJCCN(muKvjcz{Qeg1MW`gk$=a(8ojeLFh6IlsP31$7V~tJAZqi)&5z
zUx=VV_M}Zad_?0UMssgEi@^$_KmGTAL;Kx+Upa$(J#}W9LFx8CZ@=7}-+un(W_bR+
z&Ki6X2mwd@Jxac3X+qjhqaQ%m8J*u;eZJ1kNUi!@aIyNI!g$6%`+<MQMQ~9mn&F-+
z5<V|-N4xpaB+!VoVfd-n33=rn`rW~x+e0DE-go7L{cbPUnn|`N>|}LQQ(SIQ+7}&F
zPyHtWz)$xEpkUEvkYRbH=C|Tv<SSr^3yYwrM(b%=^nC(AWGXR>grK^oLF}F8eoUEa
z+_Qw=6K>Ny9v33{r}+8&i8#Q$pfla)Qm*8cJbsbQIpL+(sF=S*`~g8i*~JfiaKt(|
zicWHEOPlj8HwB&sp-a})3Ozr}9ij6ATmou#{uEKdn0{VoZ-@-Jsb4z?J1R9&;Z==w
zlW(CHLFu`UU@sPvrc@9X$j~Jj^^s{7m-F7(v)*JPi#cz^#U@Kr1Grg3)|(CGywNk>
zNFR09hk&=p&Tu&r+xKLVB?{F0eEa<G3HJY6e5SwhAf2-Czxo5ggL{IuuS1pH=)XsR
z<<)+;4#lh@@B7^YIPO1eFXJvweSY>#KE*LM<nsBSrHekhzEy^2Ue>T^zz|-6o5sT|
zQ3IVUVCthAFi6!TpM87>|LBOHdC6M{xdBtAT;3M&R*A94?%WGZ`S#&~xMobSW9}-H
z`QNgv@ccz6V5*`mCFG{SPwWN!kZ}_yi%h7>gbE;E$${`bO`G9|VKf$;6tbe4O2vE9
ziG47~DZfFHfKX9f&Ppv-aug7<*Du==bASR3$(CXZlx8QfN8wzH|43axGCDM;xfv&>
z4%p0(mH`4<9I!29%&%yIcA^I0PV@(ZcjiY5LJ*YttMM|7xk{Kb&3(av`=yMXLlF8E
z&*a?5xvZ<Ec|$a5Hll`HKCKa@x-@&1t9mS`84Zfoi3deZ5TVG32}MhyLiOHxhw_?%
zSghJWm#bocl2(C9+rUYy0HroaX@#A>1S>VYy9%^)#h$Fgqtb^)8=(apzm;wF+sDTT
zdpXj!k1Fmk5ts8IO~NQ~cZxb~OIHyMJeX<faA~vtdlJT2rb5iAC`1w_ODcktk4Sy_
zXZX;Fw-b#OlWK;kmPUL3UMiaZf(Ds;i=p?5q9SmW830<yF9RRabI@h5tnbTQ_xV!#
z`zZteqvw)sbxeMi-w4+YWX3x!2;b+uel1a&Zs>puR-s$A-j)8g-Z629NN+B=Se!Ev
zpH7n$;3=mWa9!(`K*uLIkQo+!5sD0eGx!-36MwPw4kdxa*kyzs$cqJ{jm2T4eiqTA
zF{UZqgyeDOzf7<bv#ob2!vt6rnNLV`I*AFr2)x)dUj&$1i)~furg1PO483;}N=Xp=
ziydJb<DIKVFMa54u?I)co<RVY9&06*&mwSUGz`4oOJuUJ1Ixr9B37NyNl52tcs)Wt
z4!c_{`}XG}b`2p+n&?bly1TqBXIe_B7Q0)qpK<tta-l`r&%#F?1SJ!uh1ivx5|FJ<
zE}FZ`+YW}fcbVEjsLP-Ody)p=J>N?GMebv`h7bt59xpPNZ!qN*=PeJZH_d*Mi0mRL
zO!{p)C`)<=ciJN+EbhFhPbwBUml*F;o(phvex>lxYGWOqB8TvK<N;$ijE0DQ<To`9
zV5;l6n0MrS9tQmLI7Cxme2IxJO7`4%A#)*$i7Qs|oUj?Jg)mTv2*~y5F%(GUHBH1A
zgj7fp&R9ZY$qGg_4*0AFu(xTo0N^#&6kK7_$G&QL7hOywaj0ZQc6ZWcs2V(8sBJ9e
zn@>yR3pf-Cw_Yy#%zu0I7}-HM$l@Y-xgJYDmxmGmG#_lD*Ha&nS5aMYiPviTqk5j7
z0uR{tTz&+(+WK_yg6UEGdek>gw83=I@HFe5U!^PsQaeHY-toQxk0E9?fWFW;30z;3
zFDYp~7po*x#R&rfeeyskFwa@%Z&%PV$-@%HK*6k7YLthY*CZtY{NBM`hsNJaw07!S
zW0B0{qgP}{fKL^Qad;{+Q3B06KVbrXpgjhi*qakE%RfP5%a=LHFO;G_^PSV(vfLnq
z!AWDgNt53xd$V%87$pXJc0U@1aYwXXuU<?S%Ly0uyn?)6_$3(K!iESCae_t4#7wwM
zkj#j9E8pCU2}%OKv5_F=Ln@A0R;V7NQ1X0V9@eo)`IFLf<ueDq)7MpAj>jZ}mx>@!
z4u(j;;`mbO-Vk8p=w7SaN1j+i<qt&vEq_3ehp_YM{Kt!HG(5k#yZGT^czSmZzozeW
zyWRZz=htWUx7R08oWnrN$VWG#VH`T4udHYM>`ouf6^0+S1-CN`9r+YkpG#+?I1_=t
zivP#MlMn1+{J;5r@<2-Yyx^7XuUkUuNLD7}z>=#+Fc5SUX_sJKqJ^3^sge*R{~<mv
z)k*xk{dG$gCnKh}i;9mR*W}&vBQ#FRLn8S>UMg6+j`j`*(3SAzj`;DQchrX;g%H&f
zaAzq+1wRTqhS;ydfDtY9O;EW4pBxNVs#dD}rHYA)*KM1UzY!<i7Mdm3qaeOm_`jI+
z+x58ODZ%sV$s^&*)gMc)w{4e((YCGUJ4h6R-pj7|Ab#Z^ZOQ6ghf;02kxe?0ADQUg
z%gl4=>h70((h<SACb<syV-Z{KF&R_th6ExGq>~@ud?AZdfth)fi}t#ti%2{J7as{&
zk4w8yUyFT-zn5J|zXT-yzw$r1;2os><Ns#w>}<VLPhb_mO!A+cFA`js)`NAouI_$G
zXM?)6iW3D-;b;&lamw&IygBP`Nf^BPad>m4w%SMH`#%TaV{qZBFntr}i9E0P+Z~Y-
z$V=ZhFrARtaf@R3Z(_NslV9EnY{B@7r35}qd66_y*VMnEERMsUPOpDF?_8aq40aEX
z3+2lu++E&&yuG~?qa?xk57K$hOXBrmEM=$CFTxgzJ@rbaLZkOeU;a=|mSRRdW>VG%
zd@M?SAqcxFzW`tFA9j14h!R263l<|~;02A-b2<Wq4o~GzX9ZaL{`iROA2^4*&fs`3
zINIMm><x|&-2L%ke{gUx9+Q5bklw)AJ3c&g`tIQP*xBvx;@+_{J{-7vgHqA>_k<F?
zVECa}Y;S+EdoUOu4-T<=+$V<<yf>Nj_IrDKdt<kExK9S-gTA{z?)Q5~`+LXZqk|sa
z-Q7QQ#{0*EqvLXm@gvI>`p8Nx-5ZnrJu=uo7?3?@pG*$NcydUNcMm4y&^;v1*gcpy
z17~;t;HXa=cYJVk<hV!sz2k!e_h=87i}bxQ9%IK36E|13_It4sxbGeuk-^cvb997{
z`p3OqZ`aw|9~|tvy~+OI;CMVaIzHON$L>+D*E{I<kB^V~yZxhs0U0|LQ2@2!2rQXQ
zyeFLmIg2Nu1VYc4g0rdZr8xaX2>M)@@YP2e4!MyZQAsm<60_==J%hPL{`}6tta`=1
zDMQj<177?#p;K~#2K(QwPi78-zTf+<3f`g(_8$P?;)Rk*;3Hr|w8lvfteaK?v4~%O
zAi+jVu_v=48~R0kaSI;|v-i{J41oxFy1gflDvko?lHOwVk8Zx{zlQ-yKj4SpF9E}`
z$0nW_zO(Q;j1{P0D+kJunXL?!2K1`n43m4oia-n@3)W!}y5!?KFsjPYSsSXP*orrN
z$ujtoLa<p$fm<p(tSDyL@UWtsf2u&SV&mI|jG4b~7(CWCKqxJxd5n<yq#{g+_tCW?
zb{EiuEz$k**Zln<jVf|vR8gVkrfY>c#7L_{MNin}wTk+&iz&qaj6(O!V>AJ~`=`X6
zk~qyADn2Ma)-0_u>zP4@d}oPpJ6_X|ZYmDKge->I`s~HExv;OiKuZhrF(T9<K`gKM
zBL9j;cSOk?dx1I=GVTPhiF@()0Cw3as6PT@J|-DG(s+Ts7F8r(Z9zgX_kz>>?`v#s
zE(?yexsp3@j$MM1td?6Q-L7xbbzgTtS>G5?)?X^1tUovs0cES~7{wSORsURw(3S~9
zl;-N0Vmjty>4d)I-S28<oF9i-UZm~)xxf{brRl&0vq1i+p|CU+o>`K5oRikiiBpMq
zbJAu6(|Al|ax3-oPwLk!&+cwd%1T))Q8jO+rgGc8L(S<cbK;B~menGQES5QWDV1fv
zU^J^n?_|fSjolK&r3{y4$YdG*n9^MCzM&y=Xvmczin$SA2THLZumY&qoc^*Pv&4aE
z+8Wv+A6LZMwMHuzT13lexi!>kX#`-Qb{0fm15Ui0abg8xywZWbW@<cy^5l5Ng;hb2
zx3mGiK$K^q%Ci#^+<TGOvB0ISvhA0<p51%V@aAkN-zvBlZXirenKt2E2AhFE$dy56
zT!E9cUBa)m&?zRP&{dE<k!F_*zYbk;C(TLe<!31tKair#B!EQDvPz|DGlVZnL?Ki}
zZ2FSWohgmzooL~h0E1roab|`o$mbGu;;-TLg+dF_GVvc!=3!Rq0Z_$ay+?8c^k6h{
z!azo=$~&X3?#Che9tQCH3@1SeW-`;z_oBiV?3d_!E!n7j*m!qzvs%d#Z(|%M*>EL+
zOd2@~-M>I~Vx3?5h5(Qf@|E!kAo3(q0$rxEO^#K8UFm9qZ?r=`w}<a&glIdU)&jQD
zn~2C!kS>d3x$>kaOQ~xA&lq9$0SoK}o-s*8im&ys@BJ<oS(fwO=JJHZV8Gh(LcTi5
z&(L8G^`cn!*g5-q&LMFL9v@CzvghK1BeH*t9e1~XjK_mLJQ?f_oZX3;KI+Il9Pjm=
zJqPdYA06}t`+MVEr+-Way+OaXcQ7E6qvO59<MH@lcen2z93J$XJ#x@Hb`SRZ<H51B
zq~oZ8Uq=lV^tznUm7bk!j8<`)6b)Eu6_zy~rUKd-&I+G3wU`;4B}$U+EYS{~qE%k+
z^KZ}`pH~0P4!^7&zNytU?ds;{R`p4RxwWGBY=vvYOs%Y(MhRttqbg=7qlnenp;EDH
zWQa-!=!Gq7@^s7WV@2y&&NkNTU3pDSWBO*rx;A1RGwaP8cMb2y5-EunATNr=>Bi?j
zzhH?>nGYhBnrJsy&eVII2_-~xn&1BC?U$?1XTMyY7lp$P&6NN`wfD;$CMIGK@!RmH
zo6n!`3O|nSZcc~iYSN6uFy?1}^aEdTlDbAPYiC$?Sd8LA!2g+kBWQSIJdafV$VckM
zahgX>+d_1;F<0gZ+Wr{NBem(J&$@2uCxE4=3s$jkLDpS{WEOoVVR1P3e$QCCv_p=o
zgXn#vB7{Q5*8&4A;zPz*rq%(ug%46Y3x7ZN6I3JOs(fg#hI-z-8uE*V)rcsW_}+9@
zQsCA7hLVnWA=_j!Xdg_nB$`s}0>7{&qfklIixSD!V({d|(ePkJRepl^cLxW9qoczC
z-W~Uj4&0-I{Ui5ycQV=EC&zoe-F;^~z=!VPWPdW)>-YC}kI8ty?>K~zgZ|-WRrz#G
z8|m`d+w0WjGpWle^O=Np+I;c571a4ulo9;&O#z?EbU4NvNp9+VgIAKQ{%?1ZP2Wkf
zzHWXgNxx~r6>CvMb92;oD`<Ah$%|Uzl4IU(-+&x%K#mOoIkL(2x*;4J;RLo4&i(*M
z!AEhK<Bj!6I-MS|7pn|xGOAz2af*Dq8GWp@Ri6<bFH$3Sb7J2HjI{g9ZE_V56l4aW
zsMI?m2n?(rolYE1{tmc!N;(d9X5_25o5dl}zl*0MN{0NIt|K<2md`4Emc|*tC1oj^
zc`aS?V;b2fQ^m@FX(Cg00A~ep(eQedX4@0j5|!&;`Z2T^?>W9Fh^3))j8O5rvH^(D
z1&=TpG?5aOfIJy?t$C4Btz(XPD^(47m2{?v^QVZ5jeW(Kq$TGo==I&Lcc`n=-FAOY
z#^hI#zYQXw0)B|VmtKIrLUKZN<bFjC_I<Xq^$vM4ZvqKi5!86ZknfEtro3%38=TmY
zeuC_Vf=VIsc!%OC=DnN743=^bk*qnY5sFhPE?rb);&fi69G4m;Tw4GaJ9wPo$LW1a
z3BwSO&_3Y6A>A#}Z9|!HXr$k5(vD7p{T{-F>@blKS(uMxIDDGE@m%oF=F+;0`fa`A
zeRg_Eo!P;jv=fP2D?_fJUP*~b5Sw`s!fBsod9>cy>Z6WYEs8(Ah>JC(2l#hz<Y~#K
zwI^F}n>-y|07VcjT)^){Y9j4Wf{cQybK_9u9E5&GL-F7WC<U@mQ8Dj9Y131og&EC^
zlDGql9>|gP0n`P9Fm+~YD5orX9nWR(Y#0412txiH4fglNB6W#F31%c+kE(exubW_$
z5yf=?(p3o7d{;`k24*&10I&Ogzu(Q}OCqkUJUihp8N8htLriM?()|A_?DW=$r14Hj
zMa;5Hh%OxYGhyD0NfzD-WC2k`!-#q~CjO!$wPxa?sUME9pQai|@r(k!b-tU$a><o{
zo3CnNw#YVJC4TI6q%4JXVd!*pp=L`e{Azg1r=IwA>C6)v5lfQ`g>hLxCVk^OVvbc@
zJBC{MYFEoM`N)i!6K`rJv}h*54qa49u-t&}EuaLaoH&|j7y)Q5lizCelo^{AUmfa{
zN;CGSzyih8A|>#CyBLYbT#BfusKf~Za*>p(Hmk6TPS$slG1mwP%_;&P3$u8-g8r&>
z=kzD}?-Id>d_k3|C_Kckef_IbiSW#SxC53k;5zgsXb~ooLc@jVL`s}cqOMX=+Q*h|
z&v+$L)TpXZ*Vt9>QqF^X<!a@N^&|tiQ%QWF8VM4OPZL#!fdJ+NsW9FjpzoybaM^jz
z(7HN$Q961Ebx{9s(Cr^}2mAW~mq2L0-9axmK;v5GC)FCq_kh|xqn_E(35NvljZP7j
z#4}I=x@mcLz&{G4Ho_6~KBH;<z$a-q_u^R0Qb!&nl2}OQ1H}#v8B1qq7hMF3gkLhJ
zq=jvZU3<H_lIc}dE(~!jrAw5OLd3gV&A=Ixb$9G*-Cbg7LM0|7cnJ@)*V4^W+r-Rc
zoSEr!hWg^2x6)W&ez|C{uQA!1ws~dmvfA*qttJ1ZZqzp<c<c3#j|Kybd+zbU(Rk0@
z8yxOWaL>hu<HJMenDq9sdw4K*_Q%J&n2e8(CkKZP*&iGpxx0>&+Tl!w{o3$up{W&9
zYnhL^e8R0_%B>?UUCA&<MOQ7gaDP=$v)r9q!H^ZZg*t#Fx5d~CFkSFf<OPnOxFvQ+
z;}qLLEX<TX_({ME@i=?{w<0Ckse~XGg1FHDo0XhUGIeU2K6?j^iGvenYp%yoOdt!R
zyyb{&io6+0g9lc#w9s+l`GQ}myOo)67456a0h*~S5dXo&X&DqH7oe&{x&rcM6}5DW
zj(p8hGRWNdd27jF{{Wo&>PcpvDM(OJHZ~EtCf3Ex7<)M1c-4_c+yDaB1wVWoDWCp1
zbFg2~Pm$ct%I<Yo&Q!TQ)n5mlUS8_$@VyCf7LImHO|xj`>Z%Y5>UC{g6xy-P1js{7
zY_q^T56m;cWHmDlrGj|a=0iI<`DSZQw=`B*<P^5f20-0pNj-{D#b)6~58@I9Wxhsa
zJj7&{=rfPq@1QGacx8w{Htdfx0{n$A*pNe;>k)A%)nE*Fl92MPQ8*<9`;@C^>rsG*
z?^$a0niJPc<~xWb&J1COT&UUY?HPiM=rT?=4k_O--}8EZ*g<LJ!8>$wdWGJLhJ5J4
zCN2J<%sApA!jL!T*8$>+`UC3$*IvMOm<p4&Qye%1N!l$Z6#75T#!6;U2PUS}paRZT
zwaexjEMJ!<Y^Br|Q~JmzUO{)9Al^{nAryqI%4&iNce0;<z2%RE9YgyE0^6rF<pd(X
zIqwciV(O6xlF@L(A*5Z)b#q3h!pS8r^1qk(&ovFee8lTDD<15nqrI<-G9T``JmZmW
zJ=DufPnVVB1F)^$Dgjm`fOUlmc)a8RmOG#z1``v;)a2qGzQozuw;hZJd#fI;{oY{j
zYO6tK6~PN>9~l4)sVrSU@yLGFr*G8&mJeZR@ye}vzPkZhPh*hII9xLWk)!8)64#dN
z&?O^9k1oZfT(_`PCBR0Se<7|RUBWim?^1DpIlZ~Qxc>1(cR7Ta(K822RCVDy48eT!
zl=nk#lFGYJ#-t;1m}vy~{K!eEUoq2SZ!!Zl25^9Ij$#BPcA9oOMepAY_708*9|YT)
zs*5lS&2ZpKzbcH_=!TygK9nttTaeRBb$%*0Z_!QLM*z|wvQ6Z6Q!wF`wp^f|&5jPq
z?5J^7i@n+d3}w!k0P-M*fO1OYjIXK8v}TF{m=YJ5KBTcyR!`DK?#Qg|zBD;04L}Ev
zx`f5bR|a!tO#CpIrfEopK)C|)%~g{qkd-<?yQvk(U|6lb*U1slav_RPTHO*_n2|C`
z3||0#h+Q<6B<m;)w8;wmXlWRiwh{gdI{o?fBrSMMVqBm#5*%|}c1OwXs3K3Yq*Y4X
zd7ZdNRuBg28aYARN~$jI$DhwnP{twFo!%2JB`-mOy)O#i+k$c}+T<l4<Q-*UsnjRo
z7X2hjyAv~9*b7?iX+{Yrssd}SuIk+7t80|dxVk@`eh&P_4mt(5@D92r4>h$uBNI>A
zK}8B?>9m9#3n|P`TP%DRmQ;B{nK!Spj9L%TBwz>>+DE=zm_v!CNQ;}MT;~u$3hUm3
z>yxD81P<4LWXJ+V?<ZY6S(Bu-Qgby)S4|h4DnlwIise(F;q(JX?q}L|?fVMLh%lNY
z@K3e~9MM~Fe2FVg5R)lbUD0i!_c9|K=4!Q@IATxsy?f$&voMrQ;~qmZ97QDXg6WP(
zoQW4Ii&kpL$&RRnbSmbyoouKKSqj7h)Ir-~s%&TEyNLhWHvTflml{%u9h`>%7r+7P
zt1;>33K8>gTh7P&$;H2cIlC>UuJsF*v4g7xnHnwQY;&5X{3|s`2I1=FG1=cfzwpH&
zVu0Q77bbBo0g$(wy9T-mXfn_%6VRt~lTD@vL+NekwwTC74T^Qawy-M~fGQXcE|nZ)
zDDV{O&C?XW;N%FEOP{1X9Hu3oio5)j?svL7K`un0mWpIsyhuH1Nh;!f%BrEQ<bHRs
z_kYrCZ>7pLW;<xvagsRR$(499s_s7PXPfRqQ}<kq^uEb8Pk&8I7SmvI$b0C;NTsBK
z8&fgIUbgiaPl@%mQ*VIgRW(z?=6GRijxc5WR|K*BOtSqFmkG*W;mQ{{5LAf+Yg|*1
zR|6^A)f^%^VV)U6kT-LbjU3IyR2Vx-rjBM3wJ-={AVfPkx@Ey`S6IRLU$FaI><-PW
z4rZG}(c+NV8&;^cgj?D}O(o#+It*^YFz?~hkeCPi`?~}E=O1a9METz*<sWMq2y5$H
zhOeVaF2Y)Ymw8sBS}=PBoE<d+w4-%G+N~^4l?P@+D&@6-+tIq=?N)&MdYisF(A^Am
zZ)5wl>lJ0oZ`tl^vie$VzD0|#(cWvd_8NlBw9HNUisM3PnT2W_!aFB~E)jIbH_Jx?
zai6^MIkT-6+jd9jyckJV5r2lNW6)484y{5RRDVqa<0QVS0e82x&^iupWMc6~?RmUW
z3np)5iP0-Y=C#@|mx;|YMdww;=b@?yy<F{)G>sNx^Hy$>EjlkBpO;f}%tv84DApVn
zYtIZ|$qi86Q&BCKzv-JSM?io5l5;z=rbXA}iLfp+TO_iEYb)K@is&Jn#4{4ao+KH_
zGd~nj-I`3~lPPu<C-Co69h@$2Z+R0ul%>47EbqoJSx5x#i}Fngz4yALyCVfk*Lw;Q
z)IovrShvW_vJOJ&!|Q*ORrDq)fEUeikYL}}j7l9e_ogZ%p&$jD6W4?C_>xSc_xX^C
z;C<me5gnwdg_e2&mJ;r(4}>!OA<O=ks$X4&jsPqp<RX-41B*-;Wktm&&7KjV9p%PR
zeJg@U`0X?Hd><uD_u&{silm@nKvXhEZSK?zj7992v>O=oUeVc!{{5hjlx!YM%5&Y{
zC*~wcXJrm#Ag3cvd&N>!0g@A3A_mN9d9HT;RRvA(XaBBMHUC#Pp{+esD8M4#IKP!o
zKultfp*g{U7fdIKFY~s6NxyoDnjpTpK$Qq*FzpPwj$r19)OTVO^}Px#Mlcpk#O^`W
zxd@Mf51^3EQ+y~$YQW%4RM4OPVIgy^KF=|l6K944kIjXOt#k4&3>A<mc?(Rw%7EjB
zL>Py06#20Jagb)ggamTwaHay%3NUbMK8kdsd>AO<M+;=NFRW=<i&Vyghec>&?6Zy<
z@UK|_N6~r=UzZUzn(a~ns6`rPy#r+n(jW}5^y$XdAq|877ml+OzB8hws0}oqhAvi*
zrBJSMh$Y0aic5q-v&)vujVk9<Sb!43El^tjcsq9rpzy3ld@2_(=1e8mMbbwmu8zDf
z(uh@S*o^WUB6X$CcAKsy^kSl_2lr`_LX_7bjsDPjLrpL(f=OZiVbW*-Jp)_{&T}H?
z(VWDyP}o}a30X)PY&-tNW;-MP{6yQsU=IPY3EycU{87)`3>!lsb8{xm5fkRbA`P1+
zmt|6w_bIf}G&9N5C!TBop|MO{eNt*bKCiXjEB{+${VgZ87Jov-33PUTZnw_JyruVr
zHQBOOg1S8kEmSXrl57J&@AKFVu}zYv$dk{xn*KrWEASMGc#MhaBafkNIR&->`Vx3P
ztOkCgL6kTNg^<?2h2s=bB4dwo>q!K7$fWjsT*H8L*es0UOHT_wu1YE{nBkRBeM%Gu
zUVH6K`0t?5B<_Th&Y156uE#g<aiX?uEgVP2{1$c!-SNTYibM82B_Gmmhd@z(!TV37
z3eU}G%z#<fpUb4A3Iina$t$r;rcq{@YUL82<U3Svo^bRsK>!nwE*h##%7`t37(bz@
z_dpn$du||zOePvHfQ#V_BoBn@>vR$(6kNeUJnI7UfRMF=7|}bSo%PZQgP30v31uJo
ztm^zN9J7z_l%236%FsJQJ~=_#J=8;e^e-Rx(7$Z!5beK8oR5CT<AZo57WD;V386P+
zlE;Eig-u#t{wk79y>jmbZVJ&5Vsg)AkRI-M#b=$|u7kvLJ(<4ACf1F8*5$i?S1i4M
z(?sO=h*HZ6$kxUoXa)pTK0UqQUel7`>uMcr6W{Y1f3K#xJl|48vlfAcieX%+5X6;M
z|NJSY7y=jJCZt*MwTeBacI15K`s}FXQqBUnej9-IqL7P`9yGdqITz8X5>o`LE;|_5
zoqNF=#{%Rv9*UK!UJh(rvF<|P^He@>9$8}}gy4pausPO8<-97n&};ZuJ~0FfFn<1r
zRBEeAsFLIb=yODZt1My59LKdt|GWuH0Eu&Mav@&rE+VZAL)i@_&D^3qhK7I#Yb$g}
zb)$CJm2i7o%7xflqqS#Gb)6PPXl;l{n!R!hZb>W{XZfM-k{Ek_7N8}?|9=w1vOwQ+
zB`09s1NokBd@`C*H4Z?=)0@!{%{&%|Q;O%sWGM*D6eoPOc}}Cg)GE@b6L+<<q@2(v
z*PX?bKDq+>$I9tr@%NT|;FdHzl}@Qrejl^Hei_kbP%+Zu%p~kyODUq#pGa<9Z3iSz
z5%6d5Te=sxIUPEm+ezbI(I<tLT4j5?5cXG*DG0qU?VZ`cn9~PUIx7sxdd%;)OCw}F
zK&q;4Ofj^!nlF)RsC5f0X^6z1@mOgx+J-acgC@W>;-;Rc>pR;w>lpc(W>`jl&8=A5
zEU0Ns<xI#Q$W5kzetdq5V{fbfH#X?DW*A4ipoJLhIf~&)J^G7!Qltr2#9^RGmE>fh
z%fDVR^d3%RG){T_K6J~R;f1<6V2*(P0mETVr56u*mH71npo?W@Cb*qKI%cqC!6yUY
zJ=AIZCI0GbD(Gu2p04~En4$QK#8tMpcj&8luR9A_d=rN8R}|rRrkrm;VdXFQAoCYw
z@`)^9O$6-WDZe60Dp_f97p^5mu%}gWN8G^0c~4~WDDk%7^$|5xH>YwdWF)u5ZWGtg
z1c4XbQAW8yqrQ>B?8>~U`lF&zX@Pi7pmPe8SjB`^UX0R|*=Q&x!)X$SVn8c7P;CG(
zJBG^$;e!0J>i4$bG4-`&R)=9MmAC2%CMOWg8qmJ6&%%>*tg`v=L8i+V(A1AK2~r{*
zc=cgWTwrX$oY>DuR9wOw>Wu|)!Mj1PcR1*7iI*nclPS$tK|)uoq;%<sDEl1$h2Y<W
z5#&#~`tK;)E3^^lVB}2snil>QC9&rN;sghX2nOri7Lw6yW(`auGt*cv*b!V36GvEl
z6?i<DA_k5PJ#jDFddGVrq^^*mHas9dog}`FJy+b6KOeEXOsJyXtF2xVfZOft`c`m{
zE)Y%lRajB2^3vEWiQVuq*m{TDfQe|iU*NmX!L59zw$frzU{NQjV^<_9^a2;q5D*)S
z<3h?lO0c_7(=Py|&AXhB5=)CcB)>=#w|w;gf7pQ{y2|6v`<*%1C$xZ#`?{kujludB
z?}?crglTmKW*&xI;&_Z-nRWz>JdN*_a`<R*F(`?;Td)INhw%+>5o8YpwB9x}DkW_D
z2(NX5Fz!Ipx3_>1H+)*06q6pm&vNX2P{!+!WiiGo1}b&E@}FUBA#z)}IFg9Pl;FAI
zRnr`-y`7>ck3k`Pan2>A$6uiL(C2r<5xTj(`=Cqc^eaSQ#aJ08%wMP=>@jxk`Bo8#
zyoRB3PvT22m=c<1ZtnL|ic;XvV^J6|UWiL1o$KFZtf6==w#*$pkB-dDgegJa|CL`h
z&nbm3CkZ3&Z{PE>-GJSIq#Ien5DY5vovj@9BHy<Vx-*Zc0CkCvh36`z)l9P<`j~=)
zbA|)7-yfh)3x2njy4U&H^=(hqc1NI6fUzsvbj|`cltqD0GR@Fgf=BaZC)xGpeEMN8
zKoOznhd-ZP3nUI~JJ^|})zmYDU*V^VXhi5w68L(8_Ivu2L@r=`CFP3e`UK+pB1#@S
zF~Hb~y$5|RNE8t`J|!WdABOiyBnCzRtQ?t^h))>bdk|S$T%Qb6F<QjU3F@)h)>9HI
zYD-hmBJ&e3yHl>QBxOC5u;;82XW$5A0*c+s5#LIDe(Z52rjQsjVPf7uKr3k6As-Kx
zl0Wm+l#;WiYn6YJTE*jp@~Ny5N-A^~n}w8bM0a<WJ9?g1epCXvj<C1g-CZhpq2k)@
zqT7^3S^dWA`#Yf_;GV<`)~Kx|d36}bse5;K$z<g;$UwOP(4$^(7yAO>nXYRf$q^j`
zC$YzbGAok7@)JiWCPKB7$&W;~nKFU+kAkWePR=lplT>I19U&lFy)sfl*gm@{D{7CI
zjM3-Yj(`u#l<1<w@M$4v5_%@iV?OkSEn*h>E<-p-gZOe=nWPYB5<KU{2>W3$?V_7>
zH^Jh0%r7@A<ozH9lXsZvCxH{zNR0#Xh%QDt=}=mICHacaZXXNEtvS<2MATduNEPxG
zz2`g5M~TG=so(@xQ(N)aWn_8s<^^{|g%G-<IA9T`B!~sVEz?tOhj*g_&5$5t-eOK1
z6}3TlTPjFhbp846`~(dZ`N&T0afUflKTyJ#1n=$$I7dP%SV?E$T;@YI-4tcX*J03+
z6Qy%TAhoSnzfvQ+<~syD=1)iRVcJpyk<ua}f_yoTHs;Udf_pzEG5)ZXf1%hVh0nRB
z%a4j+3JSm!(=nd%9nSZ~J|?)SuS0-%;FzB|D&%KJX@!JOA4&QGt6uEXV?P9fa~Ue5
z;{uDgS19CD5-Yws-p{;B`O2oEq$z@FfjCgE4Ahs6lFB|6Yez_yZ_5|uS}UvUvd=yx
zlL>fNe$V)SXE+FmulhWZ2RS7U;YUNE#xh5BO54Tv3GAaehK=d(2}#JU_d5}RIm?%-
zyFNA8kX|~kn54`R3<Ux+<zA#L<bO8TCTDCb&kr>vd7BUkVk-H}r_M!YaNC~?i<@a;
zizY#o8Q7INao9<n0!f@;zu2h&Jq17|Zx5T{dqtt1P19I1Q1gKX$_M}*s-?~MKdv(K
zTdNp(@aqK*T|_B1G!z=pT!@z2M(!m|Y5a>v$&U%9F5f0DMvOQ+I*UB8B%~jTg#lcm
zaN0pDHAB%zo=V`Hg~LeP$<5u7bwaAy!$&MNgGh=5X?79*y1l`^9zG%O5CBulQFCZi
zKtLJ9wR)k1!`JfVR2AP>!7@@^5Nq{zba5l{K{BpinYi)b6-nVCL2+U`lXhTp&}17v
zcPP3ElRLbq3bwK9r0o-7`7sTBVI7t2(C}^miY>YRk$TDOAT7%&`AA`S1xgR!6Pai$
zMYR=nSTT3H(6+AZO<<hW{nAz5YN$`<;sYNvRE`f?2FKDIbuz^k6j?0{`{G_NIJiL9
zRCr_F6u`ksEesM|0BUhZriB-VKyRM<tqan1(oK)?LA%cCXz<Avxl!jbepHAR>k+uS
z^Bz<F*@aF@-Ox5)40|$vR3@oLMWSk#uSyEEQIJh#@o}86#W;M@eI0_Ky5HSB$f&82
zfqB{)?Dmd!2V-}4+#8eqV|?K39TN9oZ*aUfId;flpB(qcyMx2y{lnuyZ+vh(IL18(
z<D=dE-Tq!rmu+UBM)eHTa;0hgZdyi2JS%yL^zUF0b!Sj<pv=AAV6bc-ng^^fWYd`g
z1I8k6G9hB)5!a9H+(&BEj=Kl>2gPCA@AnR{bI|J#4hQ(?=-_D29ryQKJUN`~?~RY~
z-u`5_KRG-ckNXGsxOXsi_sP-W;r;<3hvVZzCokPTaE*q}Fb?Wq#}06?YOl&Cr{Y0=
zXvBIqR6^Jtv~H^^TieOC*K9xsg8%`y(B3fMFBGOU-9BnO0%}s2XqIzTP!2D28pnji
zAx+bYJrF8%zuXyt5WDxHpT#@BYOj>KvD8jILe{+CKwHnUVR>9}kR&zAm7)ugH&MA1
zV@CW*em@L_CN7Mwx`PIkAW-96#Zjr)$e_mEoSY2>=!(Bm8cp>lb7q3wHeYCJwavYs
zrNqn<VA=$BXy_NE&M}Kik?E_6lnP8I@^L_xmfQs%G)03}C?W}DGCS{g4U*fah%C9N
z&cc{0UM1f;b=@#vp98<x<$4CwT<%h2+$t0;f^GVzga|cTh90I~v6f)sZa89I{N>{2
zO_i_Vs1ZtZ>OE!o1z6yxkwz_EDXD@h={Obv9fV2k7=mK6T~pDwv|HaXX7^eCNCLf)
z%KWGb@5rWoe8))KiD#r!eA1bOw1fHQx~^i&>AH0PWrRe3<X$YYCnE#*lHQTUNQB&~
z(vx(2BkEi}LyY)quFoCg-uQSh-aS4%+}-c*lfgbYIKq1e&R);m9Ut%Z$Hz|p=%6=t
z_V)Ji;ju%;d;9pPx9{Nb(Rgoj`dpsMcM}R-iGjs14{}#EmP31aaf;K(2bGuvt)Lq!
zWOPI2(AazSlVN?jWPzhxZ->tHm!iB3^~}#<SV$`7YE%|mVVG%DfW7xi;OW+~?V5Xj
zTCA=INJ-zGBB0m4*^S`Y)bHYI&ehe$F;*!^Y<1=D+=_P$>mg@>)1<1jAGt5gCbO&?
zH6wmAflOH7fAkD1O3=c9o2`{h!QCNzX*UGBf1zGXJ_k;*!fQP;Mf*i<BzJAAe$c+m
z@x`Hbx|YTu_(xW=Hm9tX=rjMw-Pl%J&9<N6sdc+?u<6uQU)_@hEV05Xr+>N4M?obF
zR{hQGX&0Rj5qOirDaFyO%%z=^bx#&|B6R>|xU<(gE-0P(>f9#aA<3^r@mrBU4>UW_
ze1Ey!E?&6l6leK-w?TaI9WezY>z1_psCulAf;)er%cQIj;XPg`Ytv_G9#G$<-(O51
zKe<wo&aQ6-@<Ko;z~vzEM2e>6J?T!n=wFpL6Ig}1|C)Lu{=Lf{ocG;-`Ec^D{OgYR
z`rl>X;D?>G<U-994?YY12LfnA)s*o9ph{jaMM<RN4KGH*^{XncG{bU27?poRa+IKc
zugm|he{$42>hI+A@viRG;cbC;w$w`DubiqRwEt5Wh97=7=f@<ARW@ObqHRKAX9nR0
zWojb$=1k`P6_+bn4Z}EtZ&DzGgx54Xa$Mq*DF9$_<SBC`lfa&g&IsbKZ$Zuo$1@3A
zh6aBW;@L-dr_2A<t_mraO}TW91}KVrPk8tt9gSudJx$$Dg((a2>MG6O5&z#(bq$vp
z3zzPeTB_<n>gwI?u^i+@<t0Hfa|ROENeOtlFsIeXkUdh0&M=NHMrjsh!K45LlS1I-
zr;E|)m6Y(O=6@1?E~a`{Y!}_Xu`p;MqwcTQ>-7%y_TYbey<Yx*_j-qe-Ge{%_YMvZ
z4hM$^{lTAl{k=hd|4*p5#yVL45*B0nr{2nC6&v@B{QcJ!Lfa7yBfifNwta&B3+DK?
zm{94z&2Pc)@>st71j=dd8A99qeA+%i+v70w2@bMDPiYPRP@8=EssJU3H|5jqtGi$H
zx~NwrU1t7Wbq#G&`2u%uvG$hF^maES_bq*o(6$$od0DV%L$LTf**-ykEj>bp*X!!4
zy_Mq!u6VJjKzLJQ6|Q-;jaYbFG7>j<Rht$<4=O5H#lL@4K2PUmO<DSEZCg%784cxI
zC2VV~$JN8!tkcYmF#THo?YFI(N~d*z(9C=lbaA;4tv%FkXAuAc!`_nHv2t%0<5Wyv
z>%EzNe9y*<&<VUIJCih}Y-m5lzBk5W3_i+NP#a;~BtIXq>(C|5M<X+en!Yg>6?r!}
zCYRpaGmUz--){3O)pj=F3hU#yywn`LY$F}2)g(ic+CDF?W&LY`eQR^l<zbDcldNhF
zDXjKwe$lIvkvr3ELO_)_NvSzqwhPx8%hp)CDH`_O?ZTyFt)h(+-6+;}UYNv|?lJ4E
zvw4P>M3!cHl}rh;w8?CsT9o$tWrQG$nrVEmsiIJ&4AhVRT8je@a$P|!^tf%|$!((V
zwNc^fR5azLZc(mD-!8maI2Ww%HB&;1x>5eGu7#PO`nmfybM-%W$uXWjcabSnpiRNn
zjV)Jl)xDvrR%==3ev>QPT1wI#tj|$i+2!*brKV_u=O~OlfBW(%mUSKw0t2)D<yEt=
z13Yh4Xrs;KMVGV%=iGF5)b?tn$s$7~)Rkv9edS)OGK1-V4QxZL%ueuy0OB@$yS4QR
z)lW|;_rAu0vuY)3->G|}wi$23vqB}_hR5>vHazO@ZFp9z1h_xnW=Z*rS1~#&TIH1w
zQ04QgYko7O(BK+rQhbGjsDZX=`MSoohZ<{?R{6!)<c*b-1}d+^B-qHz)p&MRsoD)q
zTg}W`O-x!1){=dWSKic{ny}W=Z;j1XYbmYXRJE33nwqCt-144vHwoIT@~V!q6(FOI
z-i-cL#W{GL1|12reQryw#O5|Bwxu?-o#AtvYENy|kOu0|wnQ1fWEFHU^Tz72syf^P
zpYzftJ1zcZohvX4b9wGXSg#$Hid~B}mwCTG|AwOl=6u6`#ur@xZ|>%bH{aaNZ|>$M
z1%CtX=6o1>V;9kS>?3b(@HaR3dfnh_Rn{8c^;)%}rX{HH>|cAS@g^>ZFS@(Efg@i1
z5G?~xc+J*%!>>k(OM!!P;j1+$Ub7xsrMp(lma>j&s-6}GyEJNftEQOBep@0iMML4I
zY}Ymje+dS!e{H9$ZZ2-CAhtSeB8kH@j}j-o4qb8+CNVLETxj7FY71%_LGgQ%1N6U8
zB+3{E?xW|%GnuQrNsY$iqAu4gjAO$snMO@2&lQg(C@C|Q@gRPP-LZ^Hz8F=-av0B{
zazKbXyg0jQFK49%xbfZ}3L43gkAuxjY<*=Bhmx4t+@;mgJvQy4-6&eLh3e3t_9NJC
z6rxF^HIVT29$n!lOXvT!(A4s=W{O(+%{WwPHn=upWVfhpa)~&xRA%|WEi)~h_%v8N
zPq#Ypo%2j1sB*{{OzVvT@MOl2bD59xVsz!j-qhqyX>*R;4gX`guOTf)o5?7Nj!l!X
zF8XeqP!<<sFLQ6GI>QJxQUs|XoU@I{)s(=(BywqJidC=en3aR&*4he@$>vu=UC-!C
z{l=OTQ!}>UwKrp>&3hKI_>xSqv*6mgeFtx_GaA}w-WmO|+SF1e%%%1ufBbC6@f=5I
zivZ6(hu@xV_%6JBse-<$NuliT38C0}eynp)<{~xq>2yj-^(j*sH7=z5;Nz*4<E6p(
zs|2nGIDVcv5fE=Wd#0j7mpt2C7u)*t6-Np7{m{WNZ(<8(pq!y2EGf!O=1L6N_?}^P
zJ@`2Iw217?M-2)q84tChwhBeo-FJq5=-iKJI3@=3jG0BlAvB(nMywSU_*<g`$?oE)
zxt@l>{|m=eSDz+2z~7b-vC{cVo??oBg$(R)-77WPY+<%plr5syDAk0*sJ;i-eALx<
z{=&dipeF3rWt(N$V(R^^vIdo?hE{E<L@BhAWJVpd5>bUB*re4U3SA==Sfh{a9-0+q
zb{zY+BCGJ}BqsC+FYwsRZfRT5R4!8aH?%uFqbaB~SM5&v4PQ%c+8pZb`X1;kRZ9O`
zKkudAi0L&oKiDU1;k38JG#l=pwN7GTP_g<l?Nd7YGdm3Z3WLfja)Ez;HMynVYH!(Z
zJ-e=+&Hekg+Kr%MPiA~=nk=X!Nakg=*%O}5MNxI0I1{!G&Dr4#{8Kc!jq|>c8qJyi
z)b<lFj5OJmycQ=^?wVY3#H?#~6?LBzHf!oyv?%<I?hBD;jN7R^9V_B<YOQ_MT(C{W
z$alzu&{fD`Q&IIy8I4#n?4LJnl>T<;s$RMybl%{TrJ|3UbJea^5Pa2!!*=!J;LA4L
zwz&`6Ag=O%^>NPWo7LzrV||(c1KZZ6VLg_pLnFzJd324HS!)1#eRW%QLaoH@N8(Lq
z%~&FuXc)P|E1y^51g+0((GB%5y9)f?8c}w2ifSv17Kt6>EwJvG<J<NsXB$|bPHD*v
zkT0YbKG~@2E!aV*!g=uUay4iIaeoCEPT!jlXW{rJ>)O&n>)O5~+O!FbzZt`;?}v{g
z>OFWqnUZtnV81R_wHa{QHW?fo;j!m?b=>=nX(Y@bg4{dLPoUQBO#5Tfp=@-q%23iP
z;(Ccqr#4@Y)2C-1ySD+ZugE;4#x64euGf1~Rh$?V`*hV<8;dZX2<t4N!k@F5qBdB{
zj9@>Wjn=`&ZVTY8)kP`;b?fo_hDB5pg!_U43$?+sOSQK)Fm@@a_Mq3L#MK3~J~trj
z{(<kcq+rNOA8#BMX6T|it-3~^tveU3McTFKO_f-)hi<6o%H0k%y1zc7f{k4-AdD4p
z9BYvLrn=`oepB7ce{ZV$Gg@(~Hjq|=<|L+`W7HR4<UBK5r<&BKL7ke_%ThP^cwWtm
z)M&}rWLq*Em1I|1N;iAgtk!_gYZ;|)peHM;xSUEMc?7NmV0xv~v=OO9v+dJniQP02
ztbH3nZO&!Sj61hhb`?5Ku@m1Aa9?^srJ)?v-bvH9nvk^C9IeZ8w9;>_Et^pxEOWHM
z+*;{4so$&7+fpdK^R^V=?|GL(Etk+r(%a0Y`rfbW`RZOb_qg3%_=@ZNN^eFrTxqqp
zn)_r-Xh34Zx?cD(tTlOTh$W^NY!JGqm1<dAX=fgzNyMdnO57=VnQ&c$8au~NzXbRJ
zdp?)FesjFisW)V;pL@aSw^8|ZPfsfbuC1VY=E2&DIblB*f+>s@YIVP&NpQL;vDaZ>
z2yQ3|Zncm=@Gs2DU*Dj*>zyLh3t?D&%$S7^y=Bx?jk&v3^(cva&%u=wxRFzH`2d-M
zpnCgweb(xBcJbvVS_4~nBeO$|4g8r9&CPAzZ+Jq4Dp^hIr{`wUlMA)vmN4dpK^-i=
z8W{7_>F2;NMvtUVPyI){V78~%<iTuOY^F&NNr`bs@nqsT)ewN{R$PV-w(1m;a%1_5
zf??oWsHh)e_mkwGt0LZiL9mBjMI%MtE2`fu9CJ4~nA-RK^*iMG^=|F%c=^#QxaY-$
z&b<Kk#2+bk$cRu6RN^pjSJzEqvw~i`PrGwFTWXV|-675VF-w^_D+4T=iC*8)YM5L=
z6KHoEE`^N3NnGR`N}n|y5J^>f!B|4*4Vi4p{Km`r75kp+#f!6qHU?%?JLg`=u{0;~
zENmqH<tCitd&J5l{<dCgzDm_cphjKqm7L5&D<S*az|?$IosRFtyAME$XMrHoZFG;_
zT#VC2B>C50vL>%<KCM?vt4s*6CZN5FAia$!!R{~&SWL0E(FlSha&b&<V~S%kT`Cx!
zhQ99w(_cW)Dob^apKcRconN=!?^SIuN7Yv%)Y@Oy$a(R?Rp00q{el;%Ez6hIue7(e
zoiLbqC92a(emP-{*x+JxZAmIxS;=390$h}uBUHLw1kQ|xmJFcw%9O=k4R23J7q>}d
zz|b|5GsjQEFbIef6L)AHNc%NJ7nCr<t77CEvDaj)AjsII^69n{c$#E;HVH2n;kbzO
zu}+oT<ey<L@PcUtF?j<v%JO8iFs{qe?l3L8oi|Zl7)*Zfd=WXabQgueWR-8d=@pL3
zR1nR+Pgoqzhhb2>p|@Exkb33n?w21zI=sFZ$}w0@;1l2bya(G{ss4HvvY5B!%%dxf
zh!?OJ`&L5WYM$tD%4ftf#oD}km1hMde@_TAD{gfPl@lfFG#t%EH19WfL?=P(A#b<O
zhCvWh?A-r2G_Xw@yT<V86@F^{HFf`jz4*?XlQ4-Je<gMW?B`6nFO>es#bh2fV*>X5
z@R9J_%*301mO-~Ga3D851;&2p+`mA%V)MT>?-}bajwbE2fR>}oX5$c3x6zDSk;ZKm
zZcPA9F0;GChreP!S?X*EY-yC%G|ue?i;R=$Ms^0R#SeszL-sn_3t8r5&WhW6FZv~*
z1Us|BMcmx3ObFBOEyJ6$=AQ<v<oT}L!1)ISvU%$mxdFQ&yv;X+MPb0maLF7(VzAEw
zHVo$x6$ptXwMx-N{Je`sg#Hw=xQaot@)qT}K9Tpayx((~CeHEGnPgGSWS$Y9#MTYC
zx^{CfxQngZN#&;zB}44YmKrL^L}2iAH!V4QTBzA_#k<7EOWi&gKR4q`FPIWqR#9py
z)M^EjDW8x(;+Q<*Myp~a`eovTf#dleoKSbvn@&mlEF<mO2h|-`Q%zUyF;W8cV$Z?;
zNC#B5lyNb7*!y(x<K1wy#D`a=G&BuAK3KNYgXK%D!6!A5@$(V8Q^<^9sz$G+kjqaO
zqtmOFA7#ykE4<JoTgtfR8z3ZKJ0rmYI>0mLVXYE!lLWChCuiirbI2Kq#m3rF$ba13
z!hZ4t_Wdz-?pu8B&_z@%aT7a(7ct_rx!udE5tm;p%DZfJ$;e=`1wh@zl6$O;?f0H6
z40euX#N0?#z5>6|R^(rB?97br+;+V+w^)%{*GVKpT?(1LWs%zGrW1rNIX6x3>b}Sw
z(lPa%*kr%0B)#T$@f*M-T!${nvO=#sCXVM;4(#i7To@c!jnt$^kCJJEX=%@?8i0sU
z=CPOr@y~=r*e}~uTlZSR2!%VSVTavV|Fu+u#Nqi9Fe?pb#JSH~qF=~{rRr5qQodY$
z3b)^KUURhG3ovQsC&G{H9O^xyWa9CAK}~kQ%8ds<vK!(P%*gqZLm0alS?^fY*GXq^
zI=V3ERjA#~cDW;;1m0ame!{B#V(P4tnsDkYTds%aH{o(F3^1by4&g=r;Q4XcbGdxV
zB$kW=5?`EcNbn}AEHE$U!@;SGqnJ=g%JZv-Pe&IU+i4!cMi*RL+PtbWg=-TPF)#H1
z9`g6ZTQvhkBZQA0sLd}|&7f+Q7hWQr1*CpBe^Pd|W_cVM(zwZ&o07SSza}D4>vn42
zRYUrWpEQB_nf@#gD`OeFF}O{xk7umg1NM{lDL&dv6792g(<S?BR}5OE@5Ep8d?KiZ
zJFq0V`Pfv$u__B`_-4aYB@N!H?}7#mZ`a(nOdBhrgtc@>FLx4G?<BQ5M#XvC_z-EC
zkZGAyxJ3e{B@#-tO}Mng=J+Cce5x0Cb$Knys+80!QBsSJwKvX6ZDsu3v}09oF1BFS
zweKy}N$1}7mz4#hxBbOj?%V$IhudGaEMGRVMy-hT8e>K-&X&SCI0E7!kqPEF`DT)e
zfGJdGX|YAczX)yGYIMRcICV_8DP%XJuL6#2Wv@3CWEc@kNtUb}E0`%k<S-0k>;;Bs
zl@$e-(|N2a@u!f1SJs%YV^!f5xj@z<dW}-88AO_6<K*t9obRjba;B6^mAjlZ)lw_B
zWJP)<^ZG-UHHgd$9+ghglEPe-MyXX>DpM!5l4MSo)Yji?O_8)oKe_Kc5F7Vi<$Ri8
z&rc}1n^D4Mp<n6WZ^UU6t;UeES}%mHGzM3IurA3%37!tm!+=;WOO@w3ER!Z$f>BB}
zBUenZLu_nPLS?c%^nyufd-jMagr8X+6G}rX$*CjZkGALGWMb0W>lsk1_m4?P=Xm9P
zFj@wuw9*vKLR~fZ)+#5+96#O2c(xItne3&6Rgg7TuA~Me%^U2~N;2lA5{xE=rXN>x
z<W^r>qUe;)Lpq}2!~zbiyTBMgQjL1O*z@R_?;3R!v>Ui{L^Pa}ct(;|0i#P}-%3`(
z>MWhjV39R>WnPx%bG_H-nj{zXv)drEGP%K0EpM98z^+=O3iTSES>0{Tcp~c)7rY9?
zF(r|Y9WuAmrD-p>unkrkBt-yuLyK}_BtQ$_e<Pc8TN87gfw|g&-P9Od>$tA51q0{A
zr6D}DqRcm2aP3$6iC0O>{?BtYv=T)$`Z)Cc&q+KA?K*mOJizkmVGWym1LJlc+?ac~
zxjnzxVzurLt4rSSf;OD7_k=`499@(6lNY$RRvLEHOdDEl%P6iqm2+Tq9hQ+xFG!v~
zM^?JMx+&>f>@8?njqY2$|F9U-IEntbH|91B+s%v^b~Z@MhG*UA43oE3nXN~^HrT?-
z+gE9x=KlR#?GV%=?ky~n)kI1)?2@%x!8)=_z1k#9mThT+hOno}<T{z((S*gs{V9yt
z<)QGgoI@=CQme@-^CD;|bgLk|J}6^Yq=DQJ_drY+tAq`SNL9f!Y~q`#)bA*<tesY;
zvVrTPvifMbxz=t7^GSa<GIlCTa05Gi^)9`}{g<&#aj2=BHTf{WmkQ{VmHA6Z@BI)r
zW3AeFl}fk}1GK<2h&d7EeX6!pBXne$vhz@pWh7XkA<GE62)uZ0ZL{D?mKU{xlu1aP
zrP(&7f<-4E!&o!vPyJ{WR^HQyUo7I#36~?~Br+;Fd|IqQ&XT)(gPdE9PH5TxrYut{
zp3du6;$|U>uSxtE(jr;Fv-qfjuuQ~QS2#kAfZ6rVmEs}$oR{%$REaB^XBI(`EvG?6
zR_eLZ4Pir9g6TbZd6i-6hhsCBtm*BUl~kkhxG-WA&E1%O;!S6_4))2#$SF|Vy--i_
zee4I1lE*wp@C(+a*r6{}lVn`rz}ygJt4qV^{DB1V`P_>Q91YKLnp8OOTY@|>tIO_E
zK9Z^&7|Yw{Oopa4TKbA+Df=O4N?NhfPQIG1W=j813BOzfc<vcbt6COzQ+|-9UuzPs
zaAYAED>Z(Z98^vi#MM}aS4pG+83kM-m|fb^Xw*OlP|XA`|J4fIo_NG}uP`%_YrVRv
z`ouzxS5bH~&_{jgUhr)VtVJQND7axyRX%@BR0_6@1uh&zwTCs?zpB$~Ha+KF1{v7+
zL~P=g;Y;ueKYhZ^eNwuspvwD7g}7VqcXBmeSsLT|-cm;*ut#2c#>f*?zmS(fJh&uS
zJa37cz?jyZ9vf&z%_;DzK?^=GWXgP&%h=)sTDFxL&Y0<<$(N}58r7(~O5G&C*~DBl
zWy&Z?Yz=lcWzbkjsx7ldQRt>K;;;2w5aandBEgk$hN9M&-}*~*iy%wm_EHmLSrcy1
z>_iekHhX{#YTMCo5ex>QZI<8P!f_R5dijmwEh?h;%3D;#TU12$b@hd{`R%v5>;Gw@
zA`DA1_E`x`VU+nyiN%eR|3w&OUVFBEk3ps{@S<+6l((Gzxlh-T)88U`Zl3$;^M>bF
z%~~i`wbD#gQD0Qw9jMKISyfB}vt(M1nGB*yDG4LBs|mI1I@>;9J2k6F-(C&f>z3uq
zMrMtO5NeLuX_9vSY%RIr#ldf&CPMYMw$&O>$%N30=;2@~*B>P=c3Qdq*5zKF#j(lw
zU3);!2zKorkVdB|*jrz2=XXg^x%IE9^!2T6gG!T7|IZ1jPk-G?Pf8e}7r`WaCEkX6
zJh{h9**GH4PLa9sR;;w0P*ZZtN)D72XmhJsy_<-TbzTGeE^2lcetwUBJ4W921;7_=
znR%Bh2EJ;`(2JHa7Kp!wIRomQ<EW`Z)wcXLj`@a6!L^?GHY~oVedm8W4*J)k{1%R#
zY72QQQLcx5bEaWbX}w)5UF5nHMhm+ts#cjQ5qG8%DhN?GQ`81anU)dV=%tKcFG;Ih
zM7A23TTzpKu`;-#Ci|qRS1Q<CQRNav70VRamnv%PVX0(!Ma#CglJRwEsb==qrNvb-
z!J-$qhzQ)qPvPq1!9r4<nWBlL3c5+uWGOYEovf`BT6<4d(orrW?aX5|0lt+_i90nK
z1Ycw~UI%+a)$X%SW(QOCz2NlQsQkL8r}dK7R!}wXDQYq?C+tTWCbp~GbD!!_M8nBa
z<{Bd)u2hFMC&(XMfvRJFMQu+LE4M59Hq}*&6SxvO)ugGY{(@MlWu*hi<|eK6{51rp
zSM0DA&??l_>|m2$35i0h_D)lH6skRjP|Z;U&nq!0X48nR=Jl|t7p$}4*VkZ=p(OG>
z2d^G(VB@h|qDC=YytrM*&a8=A+jgp1Hc^v9poVR;i41thrD0`I&hz*P)`1Os?N(Eh
zc_0Z+S5+!)Vz0yCCJa}&)7u39!tCI#XI9LZmAbTc{qPID#W2vYB__j+_~;ef>{&?T
zPswCL=o!Uc@Z!5?R-a1}T;Zqn)WkA4)m3Rj<B3|IdQ0Lk9pAHqrvFJWlk0#8ZgjhT
z<-pbrUt->XvoBJU7X;3(G+h8%vlhyVS9(#hlQ*O4S<%L&sn83z5hd6ih5?KDdA><s
zZ6(PvYI2y>ku5h70`D|3+oNVz_-ZRRvMV;~Z{yea*QHQyS-xz9t7G?G^h<Cbgpa`x
z?l%`_wg~KXX3u4zb5CMJyt=is^smdiVKo#miA~VWdR33m_zDMjO6Ub+386Q{WXG@U
zYeV&O@_)s?=X&u%rR`hmEoUPRIug&qT9Ivh5=;OiU&(!JU8o?d3fgGet<~q#L>*jG
za=i+;3C50QD&Gc5wySurdXrDQR@-F-a{7hvf@AF5lfbwrYkhEbbROE^^sGVaZNBJd
zEY${ELrt~EO86RD_3~5$Wkb!h(mKb|QYxvX#<dVPv}&K!!rfLb!47>}S#%u?4mH0L
zZ}d)3l|Vgxsmc0So55(K&8^G|_=jw--EF$G(0YesGtq0+iN~0cU+Bt&yX#V|ClokP
z-_(H?MZc*7>f1MUp#1HdIv`5;=RGer;zaYx(f@5_pl132YCOiM0-93q7WyVgD+<S@
zXH2Sxnw*v!BE@qm;JIjNW7GzWowJZNIIqo<fAg7+jlXY{N^AX$es;&^s+!4K*O0a0
zt)#rgCcVWby~QTgSAN~ob4{^H>kckiAAtLHA)Z$bzj|f>?jHjuyCGfej}E_$ao}P<
z43_HiO`I|n8c|c=A`>>BCimfQ@j~;4-2H<fch@^B-cWvTD8Dz9-&XO9^ljst^69qc
zk|6ft#i{Ry4y>Z9FlQq-wy*g0aE5~^(SkJ^3n=&utobXAzJW%dL5tnL1-h|3vSx6j
z)n4DIo>p6YGiYSV&fe%Vn+@Hr!nB-Te0)cV?~CJ2AJmpP)1@_&Ur+eHmebtrvxZD?
z;<sqrPU%}wal^H50~4rJq%nK+`pbP4`Pl==ivLp_+mk+53V6$PZmV0{tI-To;$8wX
z6QM6aAuX5s<)_TNIHF|YJ(ar9VvD!h;0@hheSDXC@}E^g?%%)F4sSuf)koJ4u{*{-
z4je)Yx<+M1bQy06_6-6Xtu3>msTvn7R6}wZV)v6AxNB)0s<Jz_2ots#N~*(z*N8JF
zPcfkZ_U|a3OgzU5x@a}JUH~>#a&5PyEzwm=MO3fHjpb_-0F2@5Y0)y#>Uvc!MlV;7
zwd?|~WtLcOxz&wnzZ-28-mbnt1YUe&0MOKY#A59G*WoY>f|z3G{vwLGn#XPu-z+A#
z1Eq4JE6o0WI?bC8t+$QV>TkQAi155gEgaAHk~yDF!tirbKJ6NvvGXO*W?m~?c68T9
z>J3F6YN-7vbT3AuFkF4ll1Wv#tc%gZ-W6u|x8CoS)4Y-Etsr+4y2FdJ8%qY`3dl$$
zT*P9ItGCvctzkv0ne~cb*kpt<x27F4-*E>U8jypx0kIWj(|t}y7nk1Li$5il#Wh2+
z>655fr$3Kw*HfDynU8BLv*{x(df0mn$H~LqHIBUpauX)87fktbX>7L513X`@2?t9z
z;r@s<X@Sh;qV4fZ8K*Ka2d%}l>XZ8;HUxhsKlWkmG->6SuleQejD|ICHZ(4y8<^^5
zub-`swtAx4z3A`elm(kAz5V8+^>4YZYa7M3vrw91OIPU^+AHplm`ur6pslalB;;3@
zVR)ZJBA@IPjtc&OaxWKqxNtQ8R#}Y6uC=xz3YScSTq!4Kk<Cqwf@ngbGZIna;Fy##
zchy&{{KpVM*y7`4OvI2B7)7cFH5m(E$4!<D`zM0^c=r1zFK|y?mo^pU53Y$fot=5i
z2_N#==hipRbH~Vp5;iOOSgjRpzfk-E4uUWVM87mTBR9Kp{ec7;Z?;Z_*-j^R&)cd!
zd<e6z@hrE66I<Ip!JeN`ayR31CG@SGP}=Zw&g=@(#R>`SdP1|}HE9@j9HPKJ%a|s}
z6K@rtLnWr~W;4S-Y-c#1hSZB^^HnW`6*L%a#6&iO{gQyC_Nq$D+2LUShPWOjPF&U_
zs@F_7y<M=F%r8T11fv+gn&YWY9-3Mi=OyO+7uq2Mvoc~lu>z%9d@jRcR#Y(p+~}?`
z$I)$!V|E_Iw7hJZZB9zYg_*X0O&fK9<Gq8YgS{VdOdjzoP-277B^RU9tJhJJq9SSC
zwJm&2?SU*s2VikeGG97z5{Dxi#;}Xf_yz~1F!g4;|JVy$DX8KAYJiXt+U9UZoDx)J
zIVqP_?ywDEcUsRELj;_4&eTM_t!sg6wQ6~9;h%azGwX_lSgX;E-tOdX^!YdpV-`~!
z{os{=yUkRlRUlnv&JByY(F8kE$EmR%(QA}y;>4)b8Lb=`tu(y~u8U`Kj8}43v}#Kw
zM@1`1W-f|WBC0qiHVNCQh#;<<P7NZ5*X`cd?~qjy!c8R@p^;5Lu1+dfeS3?dQ#udn
zh=!B$=2`c-UP+VJu-0ezlDv@-B`hvwovG}tC}i=iL%nF_y(^+*NkJ>NxjM?X(P?R;
zda3L>O8%Y@Gv7pgY+IBpJ;4k+{hZ8K$%OlYQ?@#Mxf&2!ov5ivx<*@%y*O1!d5qsA
zZ$h&1_w`Y-thTU98?5)>`DD5lvg=DPNS;1NRupdC;_=A?v1MIcY76^T&s-K`8kblO
z{@7=(J#=>sfgQDhtu{15!={%z!2HV^LnkUjf-9$rWmT+uY_|$;S6W{T-QU`TQoTIf
z(;)UvD`?GYBd7&z$307U_uPtv1zs?{m<D0`^Z65TlBygIo6`as66vW3fC>((Wd+0A
z^&xDlh=(t{uq%MgA8}Nb4zuuCv*TO;v!}02->|6>hH|TDHky`MQ(lX*DkY^H2R~PG
zMHC8MB_F7jj`3A%Q!AZ#E1Gj%%x2>d)3Qgt(vq>pK&drF%ffcFs@4KRe#L&${%9*m
z3M_$yXoCjRmFAHfu;rNsRtwX1qtFZDABU}duSH|~DJ>=aUe$iTerLl^A%k>P8+12(
z8=j1c@cL$;DoGWx+Qd;(ej=F0V}fII-rQ!g+WKa&?~U;oJARnB^<ID``wo6&YZCN(
zLK}D{nuwZ`fKbm_kFYmKlt~gxCKInJ!}33aJ8QL#;GftbRzs8fENmyWj9^QwZaXvB
zQVYL^_VxuTxa!o|q$jkIl!%7KM3~hFra*qJx=XEV(niluWwREqVno9^iDx8fb?bZC
zUMo2YAok>{1etBp6jXnSMNJGLCU?Omm|Q*cxmFU|#;x(UaC~XGGcPT3{jC0T5>wB)
zAt2ccO82{>@Fn=htqIzjk)hMqQn#&|x^B=2MaevT0K$<w6NhQD`<#Wu+`cU|!bvo$
zzLoX7S<P#p0?p6{G4DQkAHI!oT;7`-)+MeThqdP4zW1Wx%^7fQEQ?`&^V%88s<50i
z<qlrKIFkf($XD);LiaB?c4j4F`$|<o9a!dQFVy<9rv$v&&wQy|-aA@Hl-z*B@#!|9
z_Uw1nN6M!2f2<*W$*axs@fsc5(L7Ez8xq{EIyR$2-B<RI2+IfdJEq;SUx~8)<}eKr
zSQ>{HXE#@T8@6z1*9X|?E<=6W|IJX^xnRznlOS%x-CexR*Tru=x2MT)@2pTR+l>+>
z6W^Q8R*K%KgPy#>PW}L}llvpqc>|m*UDg}m#3cS30-U^s|GkC({ZYKG-?+c@&D;6r
z?X0Nco3~T{cpcu(^#lZB*E5kfp}M)tFApB}&xnr~>$1yLaXK}Sw$g~MWb$8w$v!4@
z?gg+FX?dzz^IPTYx|6@V0UJ>=#LjG~>G5VtH<a})2f%1`eZaoQYdgFiweSsX6$I7T
zG3;AZwe81*D6liir#ZJE5$_c^c{eZsp+H{0VXG%w>DKfT64p1BSGifu%_Gp<U)Yd2
zshtTfw_jJlJ-)SAg$g)FtII<Lgrk+5^(1p?0@YYTYc!fbs#Vu&NXD9}`Wu-50o)*&
zVJj_D4XsjEGuXD!i5l22Ypl8Qr8=9g_^UOnwlQK>nG(&ZT2ZxOu+ExRBVaqmbV}kX
zuvDR(WkUOn>1Ip6HO}$SC<QT1SUkKrW9Ltnq!#NoK(x|D=omYVlnGP%wRI^(*6Y@{
z&y}n0Pk&Cr7&lYfAYQi3;XA|BcwE-`tD-U#tJM70$hokJ4z^4xgMW(tU20Z0Mj1%(
zUz#S$_@R-pk%}B4ZCvEciKCatZ`h3=_N8y9G^*n~^B1=Z=EVNz2SOjI7n?beo;`n(
z>9~I_(l&eUi*3A^gf4yjHWF{r-lY8@q-}T~;b)LIH*aGL&h>3G*_gD=4(>cmf_ONk
zVTnNuy^U)@+L}kAy@s53GMc&gnq5LF`S&U{Jsa;{J4D4RMBqx(^Qq$$5khOcD6i2<
zjgvTp)w{Bt`Xv+Fue1nc>ee}7v(w1q1K2Kn<!v-JG#U<}@syOJ#NNijEM)y-L4t>{
zm7Dvm``6k1vt&H>$=fQ(z5M*cV92$C{+UN$U5@SNAIW8m=6~doeEtzIg+8ITA$ZOq
zpv1>-hq`?E`MW>y-uhm={7iknRd~C}_5C{hByyhK5Eg|2Ywoi135iZ8F`*ZQ>}-|J
zK^8jqB)<Ig3cP(H55OM}z`!1yTk!Ql0>)zU!<yk)1kQ|xf%iN4`G{SIZi^)04BVM{
zzQq?B+ol+FbC;)5{AN}y+-9HSmz-72fn3I~*!Ns7UYsSyG|kl$$|UsO7#zAu`v?A%
z1a3Pjf^})+%QSW!n|eV;!pJRgXerpLL4#K6dIp8EPsViD))ur}gT{~xgNMZE87Yi=
zC2*%YyrRZa@eg~qrvLq$wc(ndB5ijP1jH}q?5*Bt#3wY2Lnri`p1{@^4eL%-MZZ(I
z>{f}(d(rSVgX3gP(>sZ#6uV>?&LbRqfB`aPO<yv__d`q?0iqnwE#2|0?b})5_|1JQ
znCX`(cb>zpw)l)$$<S9D#z*YMKZNw>WK2dhd}^Nf{*n0p&q4SYTnMK0{LnnN-m@j&
z*#2M4nUOiyNVaEj9G!gp_%{{?9r0^7q|=Ws#gn+xJNzhqdk0gpB=sMEdi&e(pG>n8
zlX>Lhn6Qu6pYP6ZyYW-JzA}2fUhiOU5B|5;>lOcZu(!MWr~cl-;lbhH@Ss2VQ?I`_
z==J}Edh4r#{V(BHus`)yF00tMZ{+X4{;Pw$33`tM7rpO7dKK19&4yjMQ+z=0gD}os
zz*7>$ABw*!4JiHU!w2*av3LAun4lScAc!T7Ll~PRzP~^e2PmEql$M7aeo^egC)eR4
zn&W%^2_+~F#WQ$6NakZgQ8+<2=ci}?iK5VD$Ybz~;W<H=72cys5O~29iRlg>h*Ium
zB+!eQk@TIkQZ9-7a4{!A%nQLj3(*|Yd*aIC`ycy4*u?}bR6}uqJjN2jP~;QL2%=;{
zC~pTZV|YD6zlxAiFANYP4*aht`a>S;Xqx>0?7jbY)VPu;zCY)$&@t?XWFB@B1_C#C
z+4DkxnY;len`HLxo_+g3ZL7O=<CZ*<I-v*n-#<qs$(C%{?M{H1*-Q599om*kCAn0p
zD%BTSkZenTBT`Dz{ZQu0%KJ*K7hrsBK8O1n?xVL_FKGkmQzP=kza3>#;j$zJ`tSiM
zs!D>g<2e>8d!xU=r%&jbsyX@*K%+B_2-3LQ2fv(TH7YQ-FEOAu1S|9i{z}HzaF}2>
z!ePXR^H)6bPAbd_TyjRb-|$ulHh}%_(f$@U9Kr%JE57xgd?}D1W)EBuA%V`N?rgjL
zyM3s8ZoT9JVYWikrBHJs(43UjeRM@7RY=Pc@^E*z;JLK*;WEm13ERE;@BwX0vbZ9m
z1$8HTjsMPt20qk=GHA0qBT7*=)1z+v-mLkn{B_R%x8%JdOfQSfR8@YCG1i^`j~_p3
zo&S#x9`1cR|G&oHhY!2oZMD8R$~jY*GKm~nph?N|OMR$fg|Hw<>(i_tg+9-4S@LUC
z;rtTMh>%-~qXjSMbcMJ;0J(rutsqmpEcF?Wg+dcD$5)gKnQeWys~H7ga-!ktqY!IW
zLl%`<HA58qnn@)HURW6Qn9!yu5ajjRvgq6AhMlHx6ax3-OQqSG76%$s4TAMKzrc)6
ziBww!6(m>X%3`TGTS2Cj5$7*r0B6mZ86c6=$BpHKFukL2sRFdomB~k@9~zizhP3TB
z9M8^o&acCjxp;N1*>cX=l+Kod6xr6+QQZ|S^x|Qrj39>DjG${RI@xaS^yEUzO;>se
zmr{>76@0N(P>Cm{Uhs=o=NY<~Q;8M?Gb5$dM8*gyWb?UgUNg#O_mP$}|Gt!J3m4|W
z^_=E&J@WNje?02ZDwWXO5YJ@g=<Yr$>7|kII3sckPxuuX@mZ&ImZ?(K3rwdV$Fxps
zRmxg~hzeo4fpK>9MGaL-Gg4~ar8yBQozjvVqTMSjc1t?h^)cF2rQEe}a-q5aF3D<a
z|4XuRGg^o8LX|SaH!mq+D$OyBCWnTz58MnfARd#-K7F#JQa4tmJVZ(?NvC~H=EGmE
zq*4)fWRu#W)OL@~*R=hSONBmtI)s&BdATeGL4%DIWi{l@5Hr0;V5J+5p1ZwP%}j87
zGsa9*xep<F{%hGsv$4-~_^&<x_aE*(e$YPu_Z~m|cK&~jKR70!Km@UeDgy<Y6}7OA
zrRL>@W~HDWLn}z)5#gRzEQdx7VON4OHATrk%k-aR66gypCEz2n**H-0zY>(ZP0&ZZ
z|5=U>zK4I(#W~c|LrEGx^UjD`3ZqBYg<kccvXlf(xo931sE$YOpGZ?HwzEs?S3lbX
zoakdM<78(><AFIE6nqAedf2jp2&7dj1o=bF`s-s8&FB?j=n6)=k4QE<+<N!!-4--E
z+(M{HmU)PNUE-BihU|Ve|Jg!F;n^X&+Ryg)vi&WD>Xeq2t0Gj`pLmiNWICI}5K15I
z?`rPnbS=nlTF)PTzT3K{Wr>7Y^mkD-4(<5=+l}!q+j_$lG2-NkFHw#e;tQ&bJb-7K
z)}&Fz5LMEwf&Pf^*s?6&X))tnlDtFPl%X6;vbEA$W-Wsu!e;s-7Mw_SPa(OiD$PG-
zMRGb_X{Zyf=JjZr+RZv>3fTe;m*r%qpDgTBxNmyb_C9=ywzGPTJ$jhpQj#4_z(g=C
zR%qL8iT@27!t~!ki3d|-cK8%!`o9gNMDGaltNE{kmLv_pLjb7oY^MgL4|ta)HnJy^
z$Xhs%yG`}~B`9ks&!Fk%-=^^xy#t|W;m~~!6eKp&-?r8i1XVQ0<*DCb>lbP1zfGS3
zoCIy_lM~%V{}Md^SM)DYu>ZQVbv-A79BzGw-UU709cqzs0ArHP(7TQiw3DvworWA8
z``zL2l<%7%61kF!EK(b@k-E0YyDemdYO_zMW!NB~x8|Z>zGJj}r-^<GHFz7L^f)&B
zQ_U)%18P#tx=lq2L{<MrX?>HLxCQ61T_`Kadz7KQ=2f`3UYq@<O>~+3whw&bZ-E5!
zR%ED_fl$vE@Eoy3eHf+9Sn&pHH_Q)&X@Vl4X&oQI5oY3gfrlQVqw*TB;ET8PAS}_8
zYfVZX)^^alZ_Ofw8z;w^Bx+eXId<z}uDeS*W1tOd#(VcI(2grsfF>lzddzErq~g|e
zKC{Rc==cOthA^6ye1c2#F6WB{XU9kHw)C>rKaJxF><)B=1=R~Iv#ox)qQ<mdSULrD
zFLNO6n!8oUdcu~i)=y<UEW9<q(;T;&<pOBbeSfVFY3+pw6}G!1t4KTjGz~58KvEhi
zbg50=4%4S-vZQ5kyp)PBj`c82V;@pzFxOAOs#|h?xvWrfwV$BGy7cHHGW^({M3e0V
zOW~Q|{ps5+RbYitVzjrU)7CCQyX_@eb=!`dY5Z~kAY56$GdOT#->2=EhCU+7)Q$(+
z$7Mz|-6UpPq2r^(8=-{_EBs3ow^hUKC5b}Y`hPN%II2waP&>`<hVYZ%8#D}~pCy1d
zr6#As%??Z+4E;s~H)p_oCy}`(_pLny&IH{qX8FLfcI0!6=`Q2fdQSR34MSzbyx4~S
z{fG*z$ZKO*+E)A=oFPzVE-OG}Zb|ALq21nvk!DI$O3I?1hD)zncoW)_W;T`JSG4e6
zfk8^oHZn&Cs54P5Bh{0B>!$n>EtXO}k58{VJ0~>l$-&tkb9SX^9-{@Wz~F^6UEoxb
z3LE}u97+z+C0Xr1g-^PF|B|d8n14U$PHcgz3yYd}%z_AX_!Pl^-BSVPyStb7(cLTH
zTdnp_5w0qYu=%;&h<{JD^mq3X-M!k0$a?7SoHCT$Pi)61@xFjV6oGp@Ry229i%-$z
z6M1ed7hr<{9SAf|EALP?<>(m9C$Dj}^*0c2G@y6)5miov0t=!Ast-$y-uVFDSreyT
zd2ZCicUr1RtL3Dm`8!W(+}6)=u}CLal457;f}>ha4%JJ|*K>!Mp~|JyL}Ji8+^WT_
zW{$4_#acf!@>OrUdfHZ!Y=8c6?ZV@c{EE6@VTmD1Awj{J=T^s^j<w?9uVNB`7(uij
zvROADy!R3Mp*LNlkl{QCj=>t8B#J=zEVv-Qs}VA<HP{(ZUTb^8HBG`rv}hCIdT#sB
zJ_2d~Ctj30^{UFm@|u@a7|oH+>X(U$lz@MP11$xGIm@b~%6MDJ!`<D)Lt!U-yKgNg
zeplD!Faan#+1owz5&gQ<dU<mOd55oW`e>0+w_gwA8@2ht)cI}m-)Qq2Tkp5c|84Vc
zxcT>QviV`Bj^6w+(+{LP$h_M_M-j%70ejEw)R?n#cP{|M=a?)wJ16Re^>pp3i*_>Q
zWAM23=LxpD)-uqk^>w?XtT>S<p$sI+hFF7{gsxW6CjIM7r^vXez)S@}$-h3`&-M=z
zv|aBP^V<QAt;|lSAS$s82I;Dh-n3h~PW+?(-ZvND{yxWF=l;*yLcqgw*RmkNOOmbd
z;)WN3Yy5v6J^cQ0c>nic@B4#q_kUmIFXGVvpWd*$0f%7sN=$H`nGj{iAa=jo`iYPV
zO=(FGWk{}AZY)%mxN2}60^9m-7j#8jQF|kJh+qV~RC6xqZ=kg6BPgSM_iBGj^W#Hw
zY`~oHl58!A!uo(d+(ICv9isX&thSWZQ*GkC4Xg7WG)7a!^>K|d^bs-23cWfHJDd@j
zD^c4GS5+34W2>-GDWBHZh-FFS;Z}-pMWN6N^h^;W>Y9s7%4T+!aM5S)DT5|Z5110U
zh0qld6Z>*T6#Q3f;P8)YtnztxoWhl??j6R3*vOLRHytHOBIr8-Ou|p=tYCgrypZAG
zrVB4dV$koQ)8m~}2wuIoB22wlP^CieoKe#OZ>JV=W<Qu2)o6J~sONEGDb7VYj~*75
zWLGMzmcih6&;@s7Y&4b2ClXp4(l<uVdlI>QG78J`fd;u`rb>n!T%??HQP{xeUgCn=
z@%~kFU)O{eh99~hB~gJxPzMEEQO~8Z4~HDA&+Z`zkQBClh*pcjV2S5chSzM?uBg>M
zw=Xs8YZ#~L1DEBD7{^Je@Cv{!nW81SCdjznA@ES-*I*gE;<P}?jHm=rCY|<K!@Uor
zuI7XRBsu5HvOp7p1X=JaQXpCoT$bPpZ<e*u3$@;u1lIE~BzH6|+HTzqI`oZd2kyv+
zfmbER#RQj_<wVe`;=GjJ+sUk|2oaRcJU-~X)D&-2uGR}&ToIwDG?d(h*zIHwscTvg
z5a9<~beXejL}r3WIm3!v<5lc^!17wp%9=&G7g0oL9S0aJWR6Qgj4Nwo;C_@H-}Qe-
zW={(N$!LQ?1C9}aUGbv%s{Pw-bGnJHL2Pj&r;24kgM$Kx^>S3885R>fBPi!(X#;uq
z6v<^iZx9@XtcQqYe4EeSpQs1VGEKKJH-{S|h1mJi;oY~GLIZy2GsY>c+c#tiQPexf
z;O{M-fAPQ3`rm}ILJOrgPy^TKfBXA;ZT)Zm@!q3v`rp_1yS4t;%E0X6vaCkfqb1&4
zy?bWJ@K2-V@sga8sc!DL;J}Qx5bEl)t@+6%1jmEwXd0gfU!ZRP;lsLb1fHgW`L<Tg
zp!<;L$Twr)|BSz3{$GF{T@rN*>)#swzrX+J(Zi1YZ*T9L{qL*%-I)Ko0F>SD5PI%k
z+DOBECpf>n#-flY_pc?8HSig)Y18i~LaOJa5+uip6p#xKd^zFHBJ~DpkE0du{p<<4
z##-5i3hL#`hVhZYA1Z#Q@+7=cd9v<C#q;JILj9?|ONn@I*_%bUb2@9vj>0uw&T&a(
z-W;0ImI=U48vmQS=Emz>!yvzU{(e0-Vc8B;m$csNTWOjG$1$!d*_^y}_n`xKvs2@1
z9?+LhWQwcG!*$G|9dG4N+OS9e#;*Qm0YR8jukKPUgy(M5?cscAze?L()B&DdHYUvN
z;5$eCI?au`aTrg~PW!5lmMA$fSD1CkC#?4&Ix+G6l+CQI5OIcn`00iDWcLOqanG*4
z?sCt=;GX9$0dB+6!LA7mDejxCCM!K=hF(xe17MR5co<<+(CL&2O$N=CK5v>DbkkH4
zg<@ajDQu*BN%YDy_$e!rYkHDItM^<O+FEE`@s&qxadO*;LN=k1$R%yCslv=`rcwAT
zy0ySnV0ec)VZpA0#~5JewD)cgK{r+D8@dk9oceuOU_6?n#A~g0G#Ba+C7uZEy{}9t
zWzy4E<^oskrS6bN<imD~Rr+o3Ai^NS4CJcOP0jJuc(0gmBkLYbf(z%K?wY2M2}dp$
z0lzhFn&@tJVLwmy3`=r~)f^=q5FpPbJMhKj96xw;AeW0!7g#rK|68?+R%T71qe#cr
zLHsZK+4p<do)^LN&qemn1w5(Kb$Asnv!9j|VvnnKmXA$3P{zeh_=z+d!c~Qis_IBA
zxVR@ZZNN3A;wV`%SU*OJBtsW-Vx3g@)C68MgztgOG1F`fqV6dv5SFOqY-Xe5FB!kK
zq3m`b2#H_W6hbc7p$Ct$8oR6^6&LuH;i|&$&V7+=LKJSDWd0d;7)<NN5KDqtYT-(y
zc|#m-Ys=(dHrBc@f2~#1b{3u+paMC!Qv>+(Ob*JVrY5m)%IiX@12c?lm~oE+243;v
zs4W;ZO(W9Klfe<n;Hc_5tTvE*;*Dd%ROHJKpMsm6gQJ(TJIoDM(n$l+K_D*lbXk@r
zzQY@<{pN5396Hmp`p{2LWF4hl@@pcHnq#dJX@-gl?#I5WIf075z&cJ1vq@Z(1$fZ~
zpw)aS(KRuQ2r`mrxeQU2wHyC|IeHVzv1AaB(~!b>cw$ACW_b16q}7I3H*Ot`xBBc&
zk{JgkMFX4D1d7LWvREW{?DVgR_LP@2Uj;@*c$Zc6%K^zKOw%7S_r(IUqFI#`?M^7$
zonSflo~60}BW>7^m`T6y$NJw$AFKM@7EAJ1RB-PFLVyqYe($f|(}J_+oGs}UVMIz$
z=nuVC<bAXGduCuTX)!24a6vyS#I6%(bT#8#yR~eo6%5mYil@73QPuJL=J5ho{d^VD
z4;_iw5MOO66~hM=LVi^Qe;MXVRX-3FuFRZE6%uB3^{^HsycqfY2amJ8Y%kkSP;z*<
zpTr1W|5aGc57F+N;8M+h3txd=;f-Y)x#TQ<Q%Gz}4$+Sn7pEb<N>x7+TzI?KeFw9b
zlZl{Y+D=FfvS#PtL#SO5A~gJa3z@ZBh8PD$A^L#?%|Zw^OQ46zzW3JJ=bn=iuj)}A
zt>1B$m2lA`I#`?Apg}G`bM%I52{7hieQWGLOjGz|Ev(zS^Beuf=r^+chlnwtlbciH
z;I0YB7~VFDE(l+$2u1g^{BI=vjifz<LqhpNG~F8HrbHc?8evzyEMXSxrzhuc-~9ai
z#oISWuU~Anmh7eAi*TJm4YBv+{-1v_akbxi37t-XGPF*XF<y{2ctJYI9G|>8`Q`On
z!0G7qi}TZ?<F9~|vx_!{`98#sU;T1^@#5_Di}N4f9{>F2<;f3i?7ZxHPBLri_U?Az
z{_ykb7q4HPygs>DKTYR>^|EKW?)@Pu>4GYmEy#k4RjXA&uc+kW5Z&9q*Q@e};fEdx
z)l~D#vlnM?UR=C5e|!Go?B7q0U%dVC=kv}aLY1Z+`J9b}eERd*Xvi+f--Z?(5RG53
ztIsDHx9w+)X70YjYgN)I$ya$9J9QWddgpUY8D+EAT+bL^%QR;+X|XOY)wvb|L)z$`
zIz8tOXfIl$YctRkC28J$__6iGE?QNh?d&BjiOhZ=3MF7J-8GI18by#(Q^IHlW9<ZL
z^@F`|PH`SB$hqRxEvC7fGny`${U({G#Ezkt+8feu6}U(S3(`wP`+MWa$df=Kw=u0i
zi3L%D<}zlY)n~Bm9s(6<Om<uT;#n)kY3JxRBk6wUofMWWxr0k}oBoxpb99I<j!*lx
zS7cElyrpS1YLeZXsCCmC>@heI|Gv#cpZ49lIWK~p*bL!aY6)P}Bs+tRoa%^v{S%H8
zd3Oy8GFi?tTr4Ov@W-wIblG73oq@(Kz;MTnR$%x5S--d43fKg*n-D<@_{bGl+v_&d
z@3qEuZI+|1G&MHvd7V--7{8-2N%D%a<@=wj))hI5od|6#!p?04r^lqc{~*?|bNc0;
zg*`+I7sZBn`mn6K=@Gb<jl}rjD2x#*MEkhb6npgQ)$md8mF9d+q{K7g4BRhqSx#_%
zdBI=tnf#f(5Q2-kpGmn6SCw7ohT5BHspf<!nj6>N#ZoPCnaPTZPL&blZ7^tH47I5#
zQ0vVBZZ(Zw@!<n1s2DXGFpzVA1%3d*;%SZWXI8EbjknqercryE^)g6<w~QkWDvVe%
zr@}y&-ENo75!>7q;STzRd2hUm0WLTX5J$U};Q6jx$z4Xgq%@jwd9V~W_hfJ}j4&wa
z-U|6^pnC>Dy@^{!%cV+ni&U;;>bKY&=}RIQDL+5n2JRZvTaE1J>pzPo)pXbsz|q>I
znx+d}^^uuIa4L5vRoi-X1MY6%3SQxvb&q>SO&lH6s94MF`#)KZ;dYiN`_Zaq5O9U-
z8Rm|u5k)2BJx15Wgp?W>`V&v8DVmzP3s8fKQRO8@R&%UEXwo~uKvvQyX+T}H0H*%N
zPz1ukY$Ip<pR&P4)SCJQKaPNiQ%V1}->z$wBtCC3{vTHllD4afM*oa+)$;r?DHW$&
zpki5-nwi=KkZ3}tT-aZf%{tWRT&n<nFU#&hBO<Ou2;L4MmTVMf?d#8oVk3ETyy=)v
zSRV)~Pqi}4h$_~v3Zt+j$DB={Q}Nn08jxIx%8MZ;q2Ie}%?hjez`RR3+4Y)7kD@@d
zi=iTA*^5RKAH5cZZqorA*2}v!1vKWuk=S(Yj2o{DtzKjKE69CAUy4@g0?S`pchn(P
zMCH4ie4X`XvnFF(Y`GXs1Gnf=6s&u^q$P=x?<VMKj`W5QTVH8H5M<4R%yzgy_E2B&
zVp$T|!M&uDwEZqzO#OMgEqc&%VBagq&777zzwCjl`G;+m1<j(GcrI3;#ROjMk=JTf
z5tPtMl01p(=9arbi(%pp^z3>7=$I|~c+M~>T`niYq?v2?b?AW`e1~@9SoK4@1+`CR
z)u1#rt2W@1mMu(X)ooB4pPr>{ndo`#mtR_Iyhv3!lKXkpi@Ju7FF0#|I@@zBe<G_^
z6O@FNjiNilqJD$v-e{U`SheVpgLeHlAL>lR!F7q2D|Bn4WXHhk{lZ%L$~zk>x}E*W
z=tk~W_i8|IpSH}iPBUnR?dx+J6CHV9aiOwe#qfgWBZz%k^6Qe%23gN;Z==nKyL;>P
z@1CXPmJYX_6<LIFAWgg0iD28+aDP94$j|NOn0jAID=kzjULW?e?9r#cqJpFU>%B+l
zzfgMKk?`%}?7w}GNuFP#|3?4c|A!`m;7j!JqxF#7-}`F_so;$KHGpoHx|qyRd%2qp
zeizPguR=oo1+NHG7pscMATz)2ixQNePoL6M_kH@|g9S3Ybw00M@3!jKSJ)YmLEPGY
zrOU*1n-%7K+}J&Wc5c+3wha;o0|Qb<)p5UPbjaEMP&}a7Jl;bnjL~Muc2U>lpf%z8
zR<$`dA9|-H86;_HNZ{#*4@3R@0J;7{Y8*mP&yy5JvUSzcVwgcgCyic`mFyxJhxIwJ
zg<7{`uq_B%4I>)|H4fP^8b*?)mrrEcq?ZN}{^^iLF*x)$U#>V#1HN3}oSfD>IgLHb
zhL7R#YQ>*GKmX!#!OcXWwxMioeC8c=<|=~K_fMwR1IYht;{WRu?yMl9gaV8|HI?M_
zX3uJPe<M)Kj7h>25$@PD3pVFc-II0z(5KCaO-fl;i8^bE0e)EMA3zw0GTP%G&VK&o
z^zGTtKgaj%h&u!a>e<Pgx2H!JKMuoTG@DQsGkOK&*`b23=BE~snL>q$G#b+#2+5WT
zLzTU9g-XgUNr8Ugs1kf8@B&RJxSdmpD7)g9wtPKgSjBARK`KZ^G>Z93Q|?k(PX<##
zT+ThpgA%4L$eT*2`@tE?iO}+>50XkHxOC|$ys`$(p3q-3L&v-_m3A$<itAq<D2W#Y
znd?C=prn_8n?UCYYG@ecjH0Ss&L~5Y8$`)_lA}s<1}SZ#TL%;iFW@}$l}%sUtI+OJ
z3ea6^B^$1sHR|oBet4bR&Z*slPoW1~DDUqwX)o+hYI?TcE|@~e-4BkcKLx`i=&rYO
z{6WPcj@ZZp$KlX(>U3WFw+92JREyEAmDX>*ObupV&6f#2<gp>v-_Mt6wDxVX7EI~;
zeq&irdV@c}A=&vdTGK!KT4zu6h`!Ca`bRy?{^5_XdXscci~3FcDBI|)s$nH-j;Olf
zw`1ztF*P2~;FtoYeh!56bIsEK$Oo2xHyU>Y+#cuUx#R1muiI{Mbc(1l<#Mg#9Vs%c
za)K9KMZ}bgg{`BF<z)@XxYMDSD_>m+JMJ_WbL6{&I4f7^nu|;8sTcJTjO(zIYMM^J
z9nbAMv3q9eKcbl+6-qoWPy`o8lWLlvk00$9N)=Fq{(rCKy`i&ulMA~qz$<&0-stT!
z+RSzn@7l3$vZHU0{P{3m5KUSgXNmg7gmWd8z|~7ylCFe%jj2kfT%@`~s(bvy@1C`?
zXx<|}nNl^1NQF|V=W5dqCSKZ@wEiAhv74anHQ(zalzH6Q@m9B!v4`Yyj*`D&s;qQc
ze@aMBwPabA1#*>3^0VKY<L8Us71uLNr?ez#K}CE!^(|X8#b+>1C*$59fTm+yQ-7nh
z$++iHS=<I{?stw}y?T3oada`_Zl`wS{E4h0S3IGUcH7La|1QaDa6Qc*uM98iagVfk
zKRbQ-JL0Wb_YH9W+u6y*i?_#bP9Xch+rRzz;?3K$7e~+k^J`54#M9I{-KN)b!cswS
z(ati^GmmdqaG&oA?wgkPC(`m@^P6~^bA`KUbAAs6Z)A{UR7j0^CvPl`_W0BHT~qqE
zltG*v1UVTql&OeN@uKgzzkTq}O+sw`Tz+X^QNE2R5n2a$$;D5uqypO3Z?_pi+lrqn
zp~cE*X@(t?NF`{llAV#wAsy7t4jNEIOu2jA^$#Gm{l1#W<|=PA{Yr`g)x4#{bhFAd
z*+D~&$6M@<P7$qa=nI>wRN^awQiT?n%|Lenb3^(9-TQxs+xqlRPfjn6p1pc;p8k09
z=HeqfIz9XOKmId4K6-O>_MbcV{_4tghJQxIdC8ZoKwUtH3)F#CqlU!Nlv=(wfb6|?
zrX7UHd#cc0>+zJv*5KezwFv##-fk6K5EPl=d}Sa9v+rOxdZJ^$t2gv#`JSI^Dw};5
zZ`2!qkkBSD<pMQq6%KDxZZ1GWcI^aFOTlNc6*Sxq-5KEhk>JEmPOm$zEDMMy$8S!|
z&6=$;j2SxdouHBA=$hCB;HH!S=vWX&2(pclfT+2?^8+vIpiDCyC}nP_KfqZP<^0L6
z!`9ptW`3rzt~V2-U(bQ*n_ASjG8^kk>y?quYtb9LDD7UA?($0Q=8Wz(cc#Jqk8JPw
z{s&<^*v=z@CR**s1x^S8Df8SS9hKL3<u-XGC<j6)v6OFI++BOS2dxscT~evgT`zH2
z3kXV#re!SgxuD?Q;0G^;r7GXtxRRy*)A}WRrm#Zh1-~S04Ai=R1JWb09|X?HX>V57
z!Ilj`O*(H({q5MjP90CcWSbe*kAh(%4WsH&SbuE_rSH8y?#ZpIR0QMbuYPWeXf@6J
zr=NE`#Y-aE<x{+ey`%MK<s74HdN~tpOig%+z1`P%Daq04iKbQ}q786GCA`fpucYFF
zz*7g@4^h!{byQL;8#e02<5`$~NL~bK`>4f!EC^cZ-VRbmE9vXIv;wNstvvRwkpfrk
zL-b!zovZF{<9RdvYyhKzFEC~3)29Ue_s|C!eqi{$_x10fms}t@$Dr2-i678}sB1!u
zpp=+bNf>el-@Z?d@<S8IqEf5pR2-rYpS-azIMk;DZ!c1hXPL7^yT}%!lr7K^^UvG{
zPX}6b+X`i4lf<&)p@!h9{182Nj#)p8V^a`6z!qGvC{r9&yg<xwFV6=*j%S!srXSPV
zYSqp`GmP69`=USB4b~lWi%B&_o*}Z=J~=S4=+*i9S;g3mm$|h!Mq`8zC@jLdpbbzM
zxG;{QsO_EB>xDM35G`-D))MqhebX=2ol%@HTgKZ_d#Gi}-Cz&FEc)FXDQhQc>y<+L
z5gp--I&!N=5DnR5KfcifP~#TY=F+(#&ZF|>3}wq1pxjvM92nFj&ufegIcND&2*Omk
zGC~Q5LZ+JZiIha5ZIaD0&t$RF!YrC_X8^U{>^pARUeb~bGtG@MSB}VAIrz0dOA^bQ
zanEid%RA`Yp8jSE=9AfKvoCaO#|^=AS&OV_vO-I6md1ufdYf}ND`x+)Btyq^m@qTB
z^(w3jY8(oX9JP;!q9q4O@{4<ft@qLyHNjqoCQaMXQYN?iQhhn^fCCAFjTow1SuTx0
zNhmazwhtmAOmC*V+PTADgkhJCJBV?m#ojqVC6pYQq2Gw$XhATO#<7+y7ZV~(-~!^g
z!X*-<5=0WF?9FGv!9lk!I_QmHi{iZI1vx}}5BGdCF;!&IvfzM!Nj$lq`=GF@t+(Nd
zUOtg#Rc&@LSWj$SewUI6w4k%OLf4qVweeCCbn)tZ;3Edv0ta&in&1AU%#%0%cj!qS
z`1^j1sJG5~?X11{o*IZ^Ir+w<IIIN!JINIZ49CCk>O^eKY2;(0&X$WNWb9q<_GDp;
zK%|UDn!K+{no|V<MpBUi&50oQk)$j))J>RzTLxF;*kITJZeonw8Cem?aBDvnDehYp
z87p+nmt|pUz$5HLcMV-jnIJ^S4sfgxxguhPa8Xb_$6Z)#TxRGM!B_gb=}{qHgHf{4
z0$&n|2+rpgW0*+WpX`oHueelvQHNU9#A0+@4cb@?5S9poI)Sd|ToU*&nl^w(kX1JR
zTY9uw+jLSrD@D?ri1q>xe%cP#Lk;IsrOYl#d)|)o<$ST=%y5sqq=czRV-Hf^L2Lk0
z*!V*?Q#U}w&z7txqlwXj;d8vv=xL{Y{Bk4>OtwBkOG!+nUcX+M`KF081ii*pf<AqU
zf8##D-PCor`oev~T#{9Hl#Lgx>qlkS$TexUx4%QQ-VM8<F;AwlA~~JX93l$!KSBr9
zJ4lcj7DcJ`Cq6~ja{`*uPyc?dLA=&{pVoOD5EmMS`*l1Zb+L;9$Z$v7K%e^9_Ce3|
zc`la|Nq$`#ZOx8!KLDup0lw61{?{c1MFBJG7iO8*ZFhgkb6kGK&2Ps0412!|=qqmh
z&fwp6{@~6ZyIyNFFfX-p>{-9HAfD`bK-1{U4&A$KeM&&D{2v=(%o^M}h4H8a#>4Xe
zP)6gX-TLdRw&|^v8GC(R?13*BvFx?Lufr;u!FXN%;sK1BE^83jw6I9JwuZ+Vt9Ya;
zNZdLeAE{MxW6WTkQXV6%@sSPj1#=n?WHkPtpxbrJU+LAdSH0vtm5Q=ieJI(XQDRra
z3J_X!kjZB}V1|!<i(R+DDCxspV+Restdj6eJQ$%EY$6lfjvw46v-^m=?%&vgTb2K5
z>|uaVY_~;EIe<+;ba&*354+!?U##WVY!-BUgsh573N%?YMqxVD|6X~9FvJ-_-|hBu
znl%W0PTsTe+(TjsYqPDVmhmIskU{N!hfb!(J^BbufY%`^**)d2zsu8M#?vjaY<<ht
z=c$i}-{D}|{SG`=(FEt0Hir^&V`@|(o5?+iCWJ75mVHzBcEW9N!nGcbR8>Y+YZzCn
zVVqJGAJX~oIS_9;Yd`*eW`i;vLq$4<?^NB}IKy^tFIq(aoW9~i=(ZUrzVyXJ_V{0~
z^|JQ<`A>h;KUevMEUFSKB3&*DQ&zpeaz5c$6w;FB0$14zFUpO^*xTFNJ9zjI{=2ug
z*Z%K={k^?^+JAWP_~7w_#|Qfl{%P;QgS|%&{|W7Vu~~b6OR2E<r@dQ`)t=m+<ge{#
zUVm_(XX!?F!Ho_)hHVZ0l22R_{vM*){Vw~v<ScP8tn0Ae^Y;xvFs5h*a`@DZ;Kr-L
z0OvY<iUgUF_cqk_s4P*k{r|G>c6YY3?{@z0|Am3>CI&c4?tXai35HG6bgPx+{gSfc
z5FI<lxaE?&YqnG~uh#G%HIHODI{4mtho3K}Q~Dkysg<Z}?^n}1vYvGdPgLJ-2UOIJ
z5_H#^KT13yr9A>KpU4zfl`|Q_Gh9{RX=9RUXO!;-R>j7u*=<;1p;A5#z&RJG$P54z
z$LV@z>Ds_DIN_nUAv{LOeqtTt&E@TI^B_^sR)?844ze*Ym@%$wL_q!Ce+V$V2Zvk1
z>97vwx`X0j6zA9gw}<NeaOB-3>`$Ly=UA$>JDVuGk3J&B|Bp0fto~#N+qb__f5Yd$
z;3e7oyl?-lIsYF$*l(Tx`v;F7KK^$8e~rJ0+0NW*2kAB|L8c|0&FhQ3o!HqbCO8LI
zUM}cw#*_E*2^=)_se8st5;<@Kcf$I}3eVJmqcUq4UKrOlim~@I)PSA(=kWTY6oSnU
zw^D>F`h(!h3VNm}Nw!*%#wn^rYq^Ec6%iBrd<OSGDY$0AKd!OL=UYDe-MaDjTNC?e
zgXf!+ATvRv)Z&`pWl2QGY};*NZ!+Jw?^Nr9pPg>(*xub~NIIM17|0iYR;p?iV?9az
z4iq)Rid^H>(dkKtl)P78kB01^YiVdLa{s8r^A%|a0wIpW$lBPuuSY#5(8Hcz>quxl
zir;AHi__3#R@rmlw8X4?OWA(^^=Qd@r|6;6N{_vkpvK`E5Y->;v;W?5@IUI`di`%g
zSwY$C7HZ%c{qNw><NcQXcklcCN8j|nukrUg=zq@)LH%Q>fxIL(FS28u1M9Sfkas`~
zt%_Vu{!VgbxvS|EX1Upl-W6_;KWDRL|M~~`XH!WHC8IAw%K!5<($7cWZ7u$fO5=YL
zE%^&F=zjoR`SX!=d$Ag_?j`D*lk^{*Y2Qk7|AG|#52L?-KDv%B**`RKe-@L%7bNmO
zqG93l(PRJY{*XlZdn<nSZ&?4gt8mLJ;C23AkM~>p|Ni5LkM_Um|6k(|T&-L>q{F9(
z{OUO+ndgv)=$xn*hMgrSb43nNYDxN5%(W7HLDZZqJ3eQgW182<66I^osN%x!6Ls{m
zd%d46{_*V$U)b$SRwUO0*|_wR(?j&eWIs2)wa4!H7D6&e)Y?U?;=*Zc1|RF?56$(<
zfXjMcRljp;StYpQIWG^<#qlXTQCQ4~I)(mCr>!7lEX?W^rr;XH0-D?mmp1galavh{
z2*ZY3qXoHP-6VFtK0SA+)x(kUU6~84sljahNQ05<+AA&mnW_A1QrTy9#2a<~V<QFK
zR18>i{_pP{wEe&L_Z~d>cK&~jzb~vBtzlwL0FSz0e_>HPmP@xU5xjS>-@s}3^SSg!
zD>ke}`PS~k-~4_5$Nr7t{|hT>e;NM&@X@139sd9LoBsDz{=S6vwvo=(Hg;KBqimMt
zTo5j^oG*6U2Zsf;sSvy#vrVIPvPhK9_&}S0llLQKfcso}BQ74Eas9*mk&n4?Sl{}j
zb4o&}04%V|=dZjkJX$fSDdoHi5Ui-?cREgBA*`r4Wlr@lDu%CgP^O5u!sSR}cg@?^
zqI1r;u=8z#gKg#@f4mJolORCFl+EhT<UJZ=9=Q#X7^Kg-ICNgz0FyiDWNLIYR2$2@
zl!f=vHMv)ot{xpml2lmee_A9VYa(P30Z0@&LwZ&R05Tn#93^HPv1AfaCTT$ek^@F=
zhO>;+<|v1><#s$v^0zbl1sPvjri-y>N3SWQw?Y3o(#^BHNnf{_x_W$cORa<b`8U?O
z5x>UvT8G0I-DLegjHRSu&#5!mjJF~Goljmh!L9DsNG@7;_CEHXMtSO!|8tz094fa7
z{I`E=<o~^cM~~b7pO3!ze}0|6i2NVTY!iK%o9KNw4|)UbH_9?|?y}4r`&nj&?L$2&
zW;VT;-6R(d6aasY6;4o6z<*3CoZ*Z#hqeZ_Uh~2AZ1KV`$w3D8zqvlYefaNM`|tPr
zkJ|CSj}G>}?f<XwSL=sc$d<(SR7LV0NWT0V7ndc+MOQ%Ut6sPhZPAo3)MSsBibpf&
zuIZwWVP2qQPRd2HvlBxc2Z@Pof+Q^ut@_dpE@@Xh9iPuM@~U@s?KVBr2^j=%kk+G|
z2(`17ItQn_Z?z!b=5smDBvH#sv$;VwZMa+yr#1QFkB`n<DTO!Vu@0`uy%j>vjtSfi
zP7WRtmK*41+O2j!krfKs{jue%Kl)!U|G%}=*Zd9g|NVo#{f7_R{QuzK`)~aJYyA02
zJmLav2P|}_`OPaLu%|cge3nyUM3j-naQ8ceo?C0|6*M-Q=>+GO*H{!1<$O_LMWJ-~
z3VpX*yC&VWR@`UR^fj)Yo9uY!^fz*b73G>`?qz%N*7DaS5x9WlQwij|Okxd>OP*hz
z3O-ra@ZwbP_p6~sC#OfR;k{k4wBo$%Hv8Fri=&FdLLL<b)bdRryZ@X^b@-PD-#?6F
zt1j~DHGZ$#KYH-+!ILNPR!3}QTRk{<u>bI3)5?6D6D^-owR(-kC5#<<gx#GAJX;W^
zE(FdmDVxRG*ztZ^P6#ZGP41<;MOO*`wiM(SNlpb_V6n1!!iOL~k;jnl@!w9t%=M_h
z#j~Z5FzSAn8lJy72mFjF>_T8BD=Y|uG`~?yZ)I9@B;Tg^Ibmo&dxEa9gbKtIiklRq
zD)|bse)|4+k}R%>IM&-j5S0Au)BWs8g0|}<!SK`VJX<&Q*xy7uo|$jWCW1Y*_ux@q
zk9s3L?OG7y8)={+?2+ge>6id%b@i~FdvonRdWw?$2amJ8Y%kmQwvm@cHQfNze;pp~
z|92ORZ^(*m&ZlUvXN}y(jJJqxrKc#V^r|-WsmEVWX@9vfrTrzOw7+alX`gi>`+GN@
z$^KqA75#hcTz0=hZwM)*tup2nTPvtEL^&a*6dF~4VO`{iK|Qo9Bc)69uTQV^#>W$W
zMKXu<nvK?CNh4S4!Od6dL2IQRj9)3g2Ce4t-GsSA{6C!Rzz*vpD)%{J>}HtvcTS#>
z%lz=>%lxpl%nvsr$e&Kn>U-@e7X}wbNI?osru>QsK?{Ni79}OZk)Z1%ktE8{p_xl;
zNOyhJWJQlsY~R-yBHX*Q!V7(>Zs#1AMCM*RaD^AyLVpzhq}XZB<Vh&}bRkTtX_mVd
z5w6^Z)rd%auxyJ6|Mp-RYa;a1Uq^#e{2U(E;4UL;wc}IDHu<#!Dft&h%YSucRAOU2
zMM<#G4yD*|;XK=rhCb>}J5FGmk)AQkZrT}YVaTJN6q;gMq9odOv6QOCc{TYej<DX4
zv@qKeZR=6B_5-kYbc38TMcI;MN#r`GpAmHl!SJ(Xr)>`mpDv)#^Q&iZ0;}KFb|o&A
z^^UPn449nJ<2j~`vRN&zGS0&24U>NLlCt7NqJ%P7orbYM-6jvnPH<$mM|j%X4>iPQ
zJ>xeR_yX?v)(xG^2qS{#=@n7)9xf8+tPdWi`fxwS6$U;=iOe)PTU%LX{~P0EzM4^M
z5It>-qVW_x*y|v7qh!VHQp`88$+fS}J9Vb-po^xeV_1e)bNi(<$A{?yRTlUZ;ktu9
zX{0iBAMZd>YCIzux|maGt2d%b@GGiMAyDiwL(Z(=fMi?9{nM06Zhoh{Qitf?hr}!8
zoE)NL_X-Or+3yvA-u2sjy0>K~N2OmS8n!>COg06zYu_6^vlU+o7f6ty6L_F!ZGgQx
zM^#C%Bv6JH$)zCBV9LvqUjs<BR9sM8BFfNQsY)L1TFYBjQg*o;R;>1Z9ioq^aT!X@
ze*>Q&6i?W1KBvRKmZ?kyh)~9A-Tx2NtyV%$zesZo)zc5ry>Pj0^yO~1*5Ex8RY6vx
zJ7$+;WqRdAsPWzE!Q%JvZMx4nV@lxs@`vLS=fPnt(e6b$%hSLkq~2e^xUeG6?Y2k;
zp~hVW2Jm@}-w&X)!0&H^mJfUwv#@SkEjhnnSA1pJ*72O=mo_W9eQjgKtt^@5x<zn>
z+Xto(8}O8}1}Lp5@!YT?5dVzto<wtgji_lviK%%l=U9N&rLLi5iu1<2gBUM}L=zAY
zl$N~aW~Z)9KPaQ00TVQ3GYq^W7e#U(C6*5*<{s@1N(#Q5l;m1aMN&a<Q8(D_zSA%=
z=$0CQW;p31PZ?^w4H1^;`0Tkv+xb!|zNj;>X(=6a3eI*6M5Ixc#4%Z|9#YF=4{ZYk
zkaJa{8BumgXyNdw5s%`e*|cVkwv}~Mqtb%*O43Y7$*(hX4B#8Zc0#85eAv$pkX%+3
z7YelBa^+VMw$LUxza*^4&@V>kkZ3CSLO0aMO<53Ov2Vc3xhXepg*oF3XTf;`=<lBM
zg_arhr{_xrZ|z)HX+vQtP#8?+zWdmyrWp#dWxZzgNA<pV0yHYka<*1;!qq%LOUugo
zL)(+m9JJGAX@`YVmEZ+bPF~QNuwJlkS!y_dw5uN^3izFAp+agkP|e*67d&4sT$wWf
zzW^-Rl#7LV$eGz0992Z<#{je*Tu-@g*}}v}w$V}D2IM!hxoZe>f`yt8tWrf6gfG=t
z=2qWUI8Z-2NEZfB=$Tg!cmwv{87j`^QIj{r9K^R8%K_;d3)tDMM$i!A(A`<!-D%hS
z+hBEk_8hz$o$UDBytb9m@C>9w!wOs%P3OUZVHYVEMICZFa8kOpKb~vJ=Ldmva!Lf{
zwfI_p;T&3|Gu<SuOdDImAD$um3^*Bc=DP|@!_+Lp(u~hx4lU<cA_KZWRMmWPg|2B?
zA}A2<aUTo3KA%<@dcFjOzm3Ozc;YwJLje$6>eFLos(;zNMhajW94e@rGmSD^;0&Zy
zG{;v2VZb#v`(AN$J*SG4RH}NkWtH;<@H96pH^tT5w1b@<S=6xv*Z<`<lSE96L{h6O
zydInjMBbZ!g5NzUnv|u6SK4Evo+`P*<<iwRwvin^^Rn?6L&Aws39d1NBS9=#JqSYu
znJj09DVv2eg(r<ILbGY(7!1uqF-bqE6|=~eY?akD10`2POt>UYCesg7`|J=U9r*SY
z`t&Kf<rqQR)c39-xK#5~F4PYC%ag}{abMt^7;3sWJ_YA$I8XEg<D6r<fmXPb=;-vM
zIpi2OJ)xIYEdieHZds`5t0@p*+25&g;r1ug;MO;rHW}G%@?+gG*=#<|M4*k+jiboB
z8?0XRJIIWkMa4^+uU_bL+nB=i;hOlWyg}OO-b;ljvjT$AQVlN>M1KVh3y}tx5n%w7
zHE!HTxV*+I3CxF)D<X{S<5b&%=XGQ%<-3IKg0qR*bw#yz%_zH+DZzK|m|v+kX6nW?
z)SsFbX1Pj!O}zM~*xWZ;xZ{)OXRkG@@RrS@l+!|_z(yLG=I@*`l%S-ALI5SgEHoMe
zF6u4&i_cMPq(FULM9p=PGfY?^8$PkTZ%m$UJ58<7dOfGP5jKO?=D310Ld^*k%~0<v
zE=iF!<`Sa^p@LL`=#$5sp-D3XQ+PJTMIjP<3K`|dZUk4K*4kn`BbRRV=I4tS=9~oP
z2zc>|ux2Wpp`%x?>?wCWC!(H9#S75SjI~K~{AFoyk79R-lEcBIBuV$0%4_77$bP8T
z_9x(O6_5#OuJ%N8`&SF<?ncId0x<eC&d~P%GLPO)Irj`~-oyLIF67$@7P^Ur4nUeW
zpbuJ14<k0BzWE@}Ml>9c5nr6V&TI<Fy<UfFb%ekcnYxIm0;a7Ax#@>ykZ>GWsHNK0
zI>@YMYjEX+OLyJIrzpW?nE+q1R&UVfovxV~ONt#Tg`v`M%QQ5zF{>6kT02>6?jT_M
zdd9E;5tvBoUAaxNS%#9o{N><bvXix5nqvAyn7uP04c$RuVymT3DJhHk#*Tno*S7ri
zg=rbaDERwT>TRs<Io6l@Bnej}j42B{8_@(83(9(;#QYXbY88VWJncm+(lc56tvU+R
zjaj#4hYrwKhV48~#<A>C>=cCmE<1IYX})TdDH(EA*B~9kUSkX9t-3wm>pi$$_p1TQ
zOIjVDJwF!2*eYQ8^+T;irn!AQ1k(3?AIMa?KJ|1YZ?ADu@2D*t7te61l`)a*1dihV
ztE_ySS^JlDB1?95Tu`uQVs)1Ub&{qaOQ#@8tTr|Y_$vVr;wFa}(`c=q#aClwt@Y_=
z%donBr}lp}e;r*G>V~}ss|iwN-N?wd!wJ1@pC5J85bf58H6yi|pw>Xuec{IY)b<zz
z?$%qbSiWfna^0t8FKa>ljLFR%=yH-ak^N~U$dtY(>(<&ndG+k5?s{r_qK}Q79v#ri
zV0z%LwX!pk-kcM=Ii2OwTNk)z(4cIrXxfQdi!F{xw%LTRMNY$RH;Z=@nqkscY|tUT
z4(3~p{<J-43@)`d#HP@D89+12oJ+-sy5{0CwL5*yD7wcR(<5eOiGz0E+Dcn#C-K|x
zIHvn6+xxVWAul$hKBJ8d%4L-ZSos217uJC&8Hoj)`k9yKV&n~F<ec-lkIQ|ID;jXo
z_RD_uG?YTV%a<aM2e@hn`StA7hm5N#gzHHU9neQrRRivCR90;Luw})Dr_lxD_kTZ~
zrfj)L-TnQXw~jCm-uvnF&2n*JTK>q}2Uz$84Wn~z8%p5ml;+M((}S;Vd|?`&8dKB2
z7(>U+X4M9Kxa&BD2YD@v=!1KcJ=-(xrkiz8=0uGX*m&8~Ow~UF)AI45d)s}LnuM8w
z4ZSr2wCFvg+wgEX<ASRBVi0ECYJF-3&})p3FFHBBdWf*`$D?ePne;9;6$>s)&ld;_
z5?sANUvoQS`e&XfR$V;|4+cLx!MEmzxE$O9mxF#>4%)aJ4Bad=CTW7%xx$Kg+AT(s
z2+EfdQ7M-M@jPD&i3)S2Wwl7S16x-28`A@2S6I?3=Td<dc!eg!xoE-#qT)!91;2us
zp^69z2c@!pWLS|5y{K0Jv|7f&=Ti{lv|;n#Trz%Ll43@T(G3HDN>E;#OU07iN0J+-
z4~>c-InmfLa*a+--69f+mK9tK-GMQ%P}bm&OWj-0*^CH@V4+f%o4%T+23s)udvD<B
z7%dliJ*%eewfC=?ppCm|dUpEKtdKJ(Q0bQSuh97n7FNQ_>c$IPdA<WvS`xXEiYzkp
zOU0R+?0x7PQeC~);Jc@LL%Jb<(e9%;zb0427&9<iA<kx8f0>*!Msnl1U@4%WQY<S?
z#S=lvv|Je*#;ckM=zayssqyk~_ANmqQSc2t_|VfI<BDQKu#kGmj_C21!uSUlbUG!%
zk(%Rwc&dn~zkB;*)}MLkgSPJIaz;^N{CKp&TVK-rA~h9V&j6)BTE98ErV?zP#+`m;
ztvvjiA?yBg{N|+PlBqwQ@qU)XOu#fvb4I}!0DdZf;(c>jd`)F-@6l_*uZRGL6?1v)
zLx*XH;9A#KjAqS@#$LTl`~a{d5P$T#=K5U<;Xh%CiXd*R&F8I`G5NJ8&df${tQ#!e
zdHB>_<Jml^rkMiav}MTA<C_=ldD`~lCTW9BdnV`&(CrhSSDW8hHsjKa=}j}638G~d
zqy&aNI^_aYdh0azP*kFlT#?eb9wa5dPVS>*K?=HDXmS)<8hTF`%SB>5?&fqhC+4md
zy56_{l+pojoGKhIkc2QqS&bfFs%i;4);>ucwqO!$EwpWO)HJEjWsQ&n>Vc^9grS+<
zI@WVotty)15-GYMwb!BTZQTwPol@()NUq=tPA?k4`5X@OYf^aJ3-};({F#+2M5a^y
z+{NNV(UR^wbt|kF*sN&JYHVyE^j0kDFEq4l(-O}lDu^OtK^d`T?u+A7`v!jBha<PX
zK%7z`72*@k!vV^DWTNQY0RF1F=sO4t!1l`L%da6|-$z$3VQO&y+d1cTGeZc@=#go(
zU(p4%R~mZ%nijPoMYl*x-J~;QFRXr%co>_>Qb;w74m25uj|VM&LmokB5eY$dP8v4k
z%xpg(RJ6U9?WOzK-hYD&6IZxIMzBE(vfyH+Kdh!6z3&PG*NB(&H}D3X)@~oi7xxk4
zEOq~Wb94d5IqM?fgs9A}$^uuZ1(-_u8%Y75E>T3L)5GE!Sr>}Em+k%8)?&?!ZhgvX
z)%g{f;e2(*mx{7k>%i6T(-In_!nEjoqYjLrFVqf7vKP<p3}r~md@ia9oN3I7X1w;`
z1u0NfE@u>&k07$*Oj4~6>JPJI1rg=S7oM-ES{cb)a(6Nl{S7qY$j%D95eiU{uDQ6p
z58taK3Q>ioS_{xpuJaQ%3sQI0Sgu*J^*W4RNyZEE8bgSsT@d{Q=wpH3*D<4pXssN8
z*m5x;LX#h1O6a%F`AT=zgy!hX2iEzD-q_>Jo4ONTs(Fa89!Edj7-{Q@srzc2Ey_Nq
z4$9u>gAALCFu*m4Q1$T6RXQvA1efV|qfqxWCqrJfmp;w~mol_L+()u1sX~*LSJ6b}
zl|~P!J3~J+f+|dn_`|10>s(5MfF#ayLw{ee!*~c7g2l}26Ai=x0AQML#b6xxFq+f<
zWE!@{#!(&umSI0KXTUH%vF}yOl2OYe%B48r(@|P&hK?k{dRv3*oFG-XGWG}~&DI?R
zuPW=&3tN)oB8@4)ATdgXCnc40>n_<wz<8QA(|-x6fwhilLbyR(*UG=0<bL)5JZDWD
z_<hY57L?Hi{jHt}wPp}+nQS<?{`xtQR_G7uPUU9PD310`uB6NnaX`VfaM9^%P7S~9
z;MVAFg%B!cs}@w-cCFDc!Yy)TD{<%*X$Gr<wQ&8mu{0;GJ>P<ntQnGF)!O6?*OT-2
zcrl7S0Tg|7=o4Mj6sdV@0Je*FjmTPz37yT`IO}Jh0c(IW(WgUzdJB34`39#L`Yo%?
zq?$TsQNx`Re=gQn^ajU+<D`Zi7*T40E3{n^QNP@=lM09FPRYk_gK3qM$dt;-O{Sya
zl@n)dyC0g;z?=s0YO6q0Y=-Ji$>FxqbY9q7rn<sc((KG~Qr}pm*4>&`ol`ghqu=}A
zSBM0!qBlyuCM0+jze@4|*-w2%L_u@44y0-Q@22ru*b1UH)_{aYy_XfIf_Twh_EfG3
z0qhtORYaubghM4(gyk!%nhR1abGXk?){p}!8wfLD<jX3Z3J$(=prUvKIVrFuU;#Cu
z3(FM>KLv}4-7{vQ`aH9MO=yyZ;d)Uf6)sB{@2^hIu$EbHB_&K!upcO1&kGJ*4(a(t
z9UbT_@J3E<PGaAi+GK@Mg2RevT<YWaVb=Wnd)PfLM+==X7bU4YSh~rCn0Oz(SNU=_
zx5WjVIirQi$<&WTp>lJ1$Xx|E>5jao5+?6m7-(r`Q;ErV3wNZZn@UV|K#3<ct(BPE
z>e%J=meFRcvCD(&tT;xX(x0o5q>$nOZ9jXcpK6K`c6q5X<AN=VGXg=6p0Fh&l9q95
zC+^-awYs*9oCZy+*IMS*9Mrgm;stS<eVx+)Y-56y<O(xoOk<NJEkR7gXhGy0v;)&z
z`q3;MZypEJ`8D-jgxCPJMC<SF5`@uTmjs<W@8I{^rgmAH7M?N!pHV9)4mnK?_P)_t
zLYRp_+y^>&@aWNPrb~-x%uYs&&c%nh*3EGxm!%i44zWReu~;%^2zHiYR>#?#a%uE`
zqpY~t?X>pkt{+^zFEOh#MD5hiXM~X}((&K9B+()oj5L`)t%7f(SnAYM3~R2J?9~54
zUfu{u%ClVw%G4AkXC4HXlgI8I)7PxHhs;xRZL!n!?y}feA3Zm=?+0rmM|DHeav-)w
z8aFe1DJLtQGkViCP)o*0sn@{%>qcu}`kFQ9pfq|VECyT1!t;ES5+I8B8u&Adfb}Rl
zT!XIl%LV(|#mO<`L%AWAaeIvEQ#(?@h#fe768^CLIHQm4REH3_0os0jUb}ICtr+}<
zKQkimnX&8Hm8(5Pd1^)E)EfR;QJMo_k^#&4>x*B^Knt}D=AmDVn*izCDP9s^xBt#y
z`$fG1`?hF{zVT9V<F!xR1v^;xT<~tNwOd#&s{$+X;`qT)fh$D>+%Wt*#Yd+n2DoXE
zlKer6O%ropkzP?8xGVN+vU(hREzbz#`g!p_CsLlAx-x0kG8N`cO5jyWt7tew9O?_}
zkVvNV{c}=!w~z+53xk9PX;HU`jernLv!eCNx18;1M)C(orzdqVe#-}urmB6LWk`Wu
z;F&}pk>Y3g`u|AI+Jw}am|RX6Q76ykOIqr)-Vi=KOlcw0DLn2B)b1Ad5*uDq14H8*
z8Cy?pcyO=dM|6YXL5*NJX(QmC526t1JZcH*f3~ri<zX@*{fXPjB6`~Qjn*CF0=o)O
z7JQV5Y`Xy(>S0EaM4@Z>%S~BIoy1QZNl9mn6fXPF$#c6Wb&FKDNU?2_*69&ws8$a`
z>vO)S2S_WEFfg^gRmN`FlaX-bQkHarCpa(pviOoKy3Q~4G5DX<(!b$>61{qC!uUW^
z)<3!t=~|G#qS7WHZ4fUXr(IVXJI<QLS$~sfT{P>PJe#@BTu&UoIk8uGwE}rw-<?1(
zyA|S7#7r4___yZmIiv39w8UD-a6kRrhVGdL2_{0fTt9LNb>rP#4J?~c)wMbRK3f*$
zM#$?-b>KU76TpWKMm60pu()h(_)hBho_kbC02*oT5`+$nXVvitLymq@yMFao^^?_{
z^5Xd9`56eYO$H@c%C~T{3LJBab1<>gg&VDN=&wr(S;PJ|ryiNyx9zO8#N6zfyt!7%
z_3n2Y3i6_!tw`;;^FrQ#yYV!ty^GMOqMlQ7x~LOJ$G+C-)k80{bTr6J1DViSs`9D_
z!n2bfE{;$8dLIn;K3La#-2@Ke6BsfZo4yyv{}Ix*%DZ>8b<>Uf@Xas<R=C2-&otp4
zbu}<OnBU>{z7fsBMZ6GuRyFK5&KuEN{~nLT)?o3zeTSn98m?QWikqE~x?`wA77bWX
zRnAQYy{`P);eHTD)$~4bEWjlnG7WrWYA(?de|jOs<;frpu+sgGf;v~;vv_E01xT4n
zv19x-2+PF^Opj5u&x;rFTB=n=P(mw7^477SAGJP22Yz_7(323L?gb#T1z$3Cii1j}
zttOXb^-?ooBXjFVX_J36j!_%-r%$^>4TBNZ=2C6<Zq5<AV(`8poM9wez57OQ@t-yr
zlw6Y4-ylPlh<rI%uxs;r7@Y=8yZ-Hlt8z(JXEu!2d7ZYupl}hwg>5iCs(r*@L+A%<
zW1*2E<yS<Mcs0C2b@QK1>qs<f!$y1e*fkYow#1?czgGQtgS|HVHEM{Uv_M4NOI()V
zE*2d*t=pwj+prIrA=o#io(5(UG4vB56)x$Oh1Q_jG)XUAoAt=X01u(t`4Puli*PUM
zpCL0~ZE>K#-wm=Oc)+9*G>5cVJ<6bKnVObeL1h?N$m8SSAko$cn7Y|GfN%?)3bNpe
z7*V;&zB*zc=za#h-|)gIC6o-L0krG&UZo~kf8Sovt^VWU9NNTazj5)~jv7C_Ds7&H
z)_dw*tk}{Dam9AWvq_a&pYR-)Xax>6G8M}bEC9ZOQJeoqbq!+Uq5T_v>{_4L#%H?i
zuuphfGIQgcVOH?P%Vk+QTS9{Yyh^9~T`T^v(|5zDS_k13&o6C~+4krVRpe)~ZIABt
z?I$ZRxfE28TzM*AxURa*b7-Q8)!5=gu3!PU>lsLsvt)wce6CSxrRUad?G4uXC9QsG
z8m`x;P%^=+xTb}gzs3yD!l2_?t7x@}vYxt8x-hLm#iS2JOmCb_)^wgs#E7ur)-2|9
zHb2j?RyuQ>&*KbKH%g^$mC_2D1(@{0*fh#J$K@F@-_AtVhjM~38VK7WjYR54K#a5~
z((3Br8@QUaR0C!dyBn?^rsmqVroIld@9jT4=0X3M2V=&J_aCv??P`Z@`T6Q$>YAj^
z`6U><Q!a7HF4k!rwTkr&8nFzuSCV1%@ZkNy!yiokfhZBXHZC_sFq=LA!^Gn&d2=q+
zODf1UF3ae{_|D=|rBmA?+*Gly8=Wo%fzmp)o$!^-RA`^qHBhipIG>|QH3bu4#?dxi
zR3+G{rE#p~1v%v|lsdo}*1*KhSgQbKvmMCV3!}vIjXD&@-s0-npDmd_iJn8(=R_IL
zr(iXOX_6Z7Y2g};F&%(uJ__7q&>98PlqRq#TtrjY$ykV@C7&XvQGY3^rtTYH79Y%}
z=lw06P*wz&F0~s-^Ce>AnDo8BJ)^9Es*o1N_(y80K6NZm%`0o1EJ8n4{o1UIYuNAl
zX`81e>=G-IRvb#qI1jk>fO@@eJv<?6iA%!rGppq>9|cH~B2&(+MAi)2>AmUj_3Tc0
zaoo%;g2dQ$=z%z1P-t_NxxK7OT7o|LwU1~kEEL71O%^z&NSe<aJ6<dfff1j0$k!Sr
z&W-xyRDOlY)K1&9mA%MA<JMDRmQjC&`G6qb`8W=NjrL!=GfKeY(NcXqPzq0BxEWFX
zy>2#So%q8W7DlaK42<k`c76``Z;D8uyO;whiE2RRM2ate1jr51F(1+#34Wy{w?|DX
zc&Lz+x-}aj2@g{IVEM4d;WIXHkZp-pQ6I|jGkoP`WvXK@Mh!b^+9CM(BKTwv$9N@p
zEqKI6(Tz^)Hc<r<)Nl(YjqR!qP~F1<)xXcc4|xMJ>d)NOC~RH=EU7RnaLJj|_``d}
zasp@WdgAqgqGZurRJvfDw)HQ-V$pw3IcB&zg;zM{i2Pq;l7FooJ<mx=+|@yVfcItq
z2d~vF&?uyMPGyBvJ`b@dq(}?<rXLHh`z?^LZl@Q#;w7K8YzfYJRoS=w$h5%t2;D*J
zFU>=o$oq;23MH$`q$M9TZ_;wokB{H*7OUgjkDt4=Q8Yp{&?qhFblQ(k51=tB^dPzm
zJS)i+O2E)~PJe4}VtAb@^EK&j;f^+Mv%2r#QPVT<9LxDRX)7&uT>UbYq!oW=hjl$i
z9dMFJNjW=mk%b|Z!n@Rk9R`E7JC1VglvlZN8~|o+j^SX$tK51Zn1dlw`!EJ#LrdR-
zH-ygS&#BD$6%ngsfM{Dy+p4594L-0DvxRFI5^M{~8sbC<i%N@Ff=mUG^9?IRbw;yb
zMwN+jK&ndcX{&I7eiY0rY!n>&@G8*$!%n#CaOpaAL^#u<8Xq{&q|EQmqRGAAnNCl)
z0L8F-bb>7~(V4cubf(;bvBBI+K0AjDHCoOygOz-inyfV-GPZcB-+a^_F8S<d8(&w0
zhl0W(Sl8wwQhdNoIlk{MpGcHgkHC}DtB2OH&>5bd$ke_xW?L{qwC&TEPh{2waT_!a
z2GKYegT}!qG(z_sKR~4C@i;H!;1)I7eZ$4E8FuYeN1Qk6RkBHaBUdJEAmcD`y&-d=
zD}!W46$BSvp2c>WMb4%#X-Qu9xG4ny^<;a-Y_c^v^R~(EbBM0?v;FUFEHRWmWP}u?
zKw-B-ldcs!po1~D5Hgi+-4xR6Ibl%ucGa29oJ*ylJ*Og=(B32KTMlqbDpkjh(~4@-
z(DWF`jM^NOYnQUsJWj;heyCHp1UtcVd$H|S^MaJ6S1eBPIv*W?HJLVXPbSYVwT8wQ
z9BL!Vw$lqlAi6gpuh*S4kL)<l={_Z&fg9Xta$mAwsWkBVQ3ra{co6;?$5;4n*8AZC
ziy2YQ`8Dv3SMaL4<$|8^JEZY=ICEtyHJSM^*2Ec0N*3umh)U4UTmWfK`TF9Qms}jb
zIdR?~0jo0}v<tONr(C4|;&gEtf;oy9E|(KxO1@Z<wI>o(r#AI#Dy%{^x7BCu8MNIw
zFFZpMWlg1;9klHXy}bbgJ3a4>D^0sPk3G74gI6bOS}92@2*FmBbj|OZAmJc)oL9RG
zD%IL>5J-c`$S4$g1137R6~SutoATNe680NM57(qDe`5TaHLg}ssX(_&FLlGfp{s4O
z9Mh${4xxSCrS4B7HDPswbNjxVmA`L6<%;EV!5RIH{PaY=;YDpQ_ud$h144!Z#j)FW
zL&ed^FGtIQs&1uAtRHucd#yerf~f2@sjF9ZRMB%Ht_a+P8ZQ-nW*z?J!S@f7mNwxE
zOSnQ}USL2J+&GnDzMM=-(yr2Gqq%;BmuPl&dh9~7y+9k&HKgqjT5wd}LBG5?`43d^
z1*Qy{TSN%QvZKJ<Aa}AUAA=OvgBg&{Yp}!h?1<)djPZ44Thj$4kj>}cmSpLhfbO7Y
z%juK|B<XKWCXhKqp8429GJca2-=)d5*@5cZDD7&3_v?f{6K{wnbxKhD(!%^zqX!MW
zwSa+Ac-1vexla&GZX?-0SRb<*$GE~dRZTded*D{c&PZ`v%wMk!Q*KGxsGHVlZh`dT
z9}Yf_Roecp8fJ^IT`Xu*MAClGRu##^$9s?WlAWxsU}~vz<MNSq-mbo@0n@4i*h1MW
z02uA<;@wr*%52kuqe_4Jk-Dve?R!U8rA%`ol$CjRudvuH>15YP)Vr#byJ5#&(=p41
z8U)$|p^S%lNmirgWt%THnPW*ct>zezlB2My``F2T=yiLq>%F3Gy;nzzb(CX<&Iv*P
zwfEn^f$$ZkC2p5|4Qfo!sG2V)S<V*@S%c{Aq~w#`1(u44-RC@Cf~{XGSGx|@qUfy3
zVWjx$&^FUk&3eMpEM#60=7S%G`*TH@+lZSm0YM6!EAPD*K@v2n@dwR4I0U6#3}k_6
zrUfCY6w(pd`Iwhp8p~+td^o25SnaXQE1Ne?GgfHy%h@Y^5{MP5uuzCHG%fjccX-`6
zU5XOg#+KC^Ia`YI-vDOolpaQ9DTzRoP5C-3BoVsVS}Y_HCmLLTvW!TtIl%=Ha-+s3
zYQfF&%zRC)KEu2mL@1n4aA4t3RmzrWFgAk7L~TbCQZcYo)?n0BNgnjd83D8)Y&B|@
z8%<9`-EejdB4Z}E;gm1&^b)Tn*`J`*(dh}gB<nU0K-5z9B^lZ~&@96h)gsd<XR5*J
zXeq=cS8_5EJc3gvUEud7Mf_qCm6D)orklRT@3o}&dJ^vE9+(rHUoNXC>kVN(GY!{o
zPuorE<0Oxsu|5uca(oCyH*L%GU2vo<7Fb@60Y}Q>HI|pXrPV^vus!wGSPvSSf*15S
z(0Xr-gREN)03JzTnXNYv{V;kzlzb-Bz_he$AKRzyr_5G(QEuWpSSu7pud^a}tx6m*
zgo}deZHr4+Bx{XgSc~ZoA3S`R?0AB<X%fA=vkMYnv7WB`Bu1+NSSj3EOX|0yh2*Gk
zJXRVGrC@*P@v>`6W({pb(YZ#mb`8>CA$avdD|9awRH=46lN$u`1B1fo<<#lEjAv%*
z8;M5ib4Q>Gf~E6uUI)~+z3G;$1ep?XQe7Pc*qFz*9AR&6v^92gXAgnEG%)KO{~-9X
zI(aUg8P-`;Oq823{pB;=D5XVo0b<Z@>_}{h$;CFlB%~k$A{>+Ts*wv0G-h8=kt{r8
z4YpSzkiZ`RBZ#xiz{OSCSRfmLXc|NUG5ayx_>1>s)ua_(9HPYKO|3XDJJF-i<iiJa
zSO05ts2N^lW{bb!1^ERM`<>NA67}mKGnLK!C!kE<I1iNmA=V^dA-~$Ggwx)MtXfbE
z)Q=Kx9V~#0GmzGBPdP8Uegy``?sq8Yl*RklLYt6u`f5Mhe|X=O-ZYjyOiPKU1YyCK
ztbitu(RaHj^@f6!rwL%X(U|w4c*mF?AQotfC)nM~2P(I}&c>G_66ZH^m_D(lJBF6U
zx@O72fwWAv-c0FH$HA?s<KPC=aqv4(M|;fm)Nyb_>NwbpIu33^9S1j{j)M`@(K;d<
zR<l@^ih7L3tifIVK%&E^=3J?t8`T!x-bZ(3MRMIHjwD_xehj((Oggz!UYwks0$lGi
z-^EIa)<|u7H3KDj^CXeJPZ6#vJwf}s&Z1oJXnFY0GC|vQa0mc2OcY+bgMS0C&1VA8
z%9i8yK`-oQ38D99+G%Eau<0xhhG%(j!&x4zpXI^0Sz3B(1~b3w!Two3)dRp|H-o<>
z7N?z^$mWcslB{@<(h6wV4}HC#xZySs5o#)SZWBkRCy*BS*-}Uao6WfYK^kBX8*oKU
zEyID0+YfCdV;=(cZ>Q%`q<(FgG1fyFw@_L@IypUh9gp~ioGC_%TO0rT>KVYXj)JeA
z9hX=-|H=u>!+9E(lQh>a$3VpuJqwFr>ec9}ei<|#85#{4*@nX2fm7HFZ*}B*uj10q
zxaEUKi6A*=n$khsyfBr+U83DEnVcOe4ZEba+IUam-e59=gN@8%8~|M4_r}HXg)P1k
z!?#_cs29B$v=JT*SBg}j8;X7sjH4g)d0}=xk#3C==PP4D>xc2&*%o*=ZT4DPFav2W
z?hn!tM__<<lB1EpH6QnZcPxegd|`}(n*+~7*m(?ezIh6jToix9RJk-bMy3))dX1?H
zlIM(2+*+_U$&c{U6Y0{SpO-Wb9f&TU$i|;amhHIF9tay{2L)Gc>wp3w#BcDTao9Mv
zPNJkPWN$JgLyeUt-*0Ap=v;V~Np8@o&~o{tt}0LuwLz{9>jR6+QpTS3INB(!4dif5
z!}+DLe%gZeP`R`cd?xThdfqp#>b!;;dLTwd8yQ~k05isy%*1B*;ri+U3YrCxGQpcx
zoJ<^eCq3H$LQp~=%zoG&Gc{!ff((e`z{T>!jYjH>FmnBz;G(21#I%E%&~4JfHd>Ea
z2=kWcDY3FKLVd_7vGRkFM#Jkt>_aDsOarmv#Zf<{HPoa<-XV(Wg%jWu1JsjEGy<~8
zCpw-9OlHj~yWMe>*KZv%nIGqUa=J6nvNHO1qb^t*!m}Svp;Ve3@IIO>6=FQxr0ALm
z;+kaW6uzR%q0JdVT%ZLPB<z(X8%}n_6b<&1Syg`!E%mnR3=Z_a*=HD9(g;e?XrE}`
z!MsUc&tuM%;N@wFSv>229zQpY(n`1TZb9@rNpeAygcA$Q<89o65p3%^WsIpfHZneN
zp_bivMjuz*!jFgS*H(OTmLy*as#Y3N@?K??pjWgcvpNV-@O-LupWQi^YFGapQ7ggZ
z4i}s&FPc{W4A-ZcX8Pe~f`_>lF_~%3ni1@6NoNrAJaer_F1JSQs>JNss;c$Ep*s-r
zzA9->RcXpUUXudp?uZum^kJ<34Ozq|0I#zO-cW0AGh(RP+mRP_Zkg9qQNJXQyJ+#!
z(xi*JO$VPLc*9t6(X2d(c!7x7+4|=9akpha+Sc0AmS}^rOumF38CW<?+kVU(l5IM@
zyd|v-_m2fw4kyr!0fad;Rn0U$@Tlw2KHPhQRJ!px89zOd7dC4YWwRHdX6fk@s%g|$
zr>P&@W?Nk5s_Kbu)UU!QgIx8h&uiviFllu9Uzk46erD(Mr7HL}^Xfb57wGw$b63;_
zZYB|DXeMw@rpppZ+ez;-R#(DZLeG@5)V<eO*SDE{Bahtk`ovRMxwr~zYO)XOaE#tF
z0Ky<W<?0yR4QgXl_G@K#iH2l-5o(j(fX2KIF4!tNkUb0L(Dc^<ug!}!_H~#>Y#KM8
zMLm!=o!C&`yvEB%HE>BFHSPt5qO^esTDLLxPffEOd!1Fwp~pZI2x{!cA-~4&O=ONn
zLbvS&j-Dc0N7kD~+O@*<0|4C2)8NKi!RtOV<?eS7jG<d1(^8KXE)SLd3GBE57pQ}S
z4ehWuf89eXzDjVbVE(pEpkA-DM;yS82f_TUUoNXuNTN1at=NaKnAo`QbA{DXc3@MP
zE<xBeZeL@p-Sq%VX3`xOr@XM06*57f?6MiBZU92OEz%IT3J(HxJ<f?nw0pf$dups3
zFxeZNndZ-6uNt_@uG_d$JOVRWVL_N5tahg+%(~9@j3|jJL2^<MmJ@Ss7|WN7B56Q%
z#Q`^N79BPs4|oM{hU<m7KqolvU}}mZ4;LHG$q?f#4Prdy*h#qPxaV)qVG=J!&Y>k(
zt#P=jm&oSDq-;inHL^Ngy++qYv6av$n*DqT+;}0dhEgzjM*dE6<qD%7*GIVG(_gg^
zq5oe%o4Uqon)eby9N=2S*3k2FCXe}|5+?0X5+Z27vHoY?G#aAQ5Zn!x&B>gv@%xkN
zl!za>RIX&VkC@dF7Wh3}%@ScUxVCM|>)~#WA}vbNWL^D1ONhRK&*7+>c{yBD5G7-F
zz7c>oM{<GRKPOWn1o1M&J|`tn?vBjish6;@O?`X|(>RXmAov?#OWB1gTX<2HDpmH3
zZ#rx~QYFYS&gU(9ssu^9De$|UZZaN!zw)X$*8^&%)Jaej>2|{*9g}#iKU9fVvEgf`
zV@RM~FK7+GTd1Uve&h{TX9O23kb{0AF2WVwrHm_+S;PoJX*)6`3ZYN0Ku|hA#Y;7B
z;>11#Wh&-`DO>kGZpv;T^hE!*fczQ@0QSK^$*870D<yIyWZSXHM-YuQ_J?ZM)E#kU
z*%~umdAFmlhMg8mwZvs6E84D*+n{FJbfWhnO-%3rc(k=PO?=pPaxWhwpkxZrS;1fg
zKr;{MbRLa)k05Q?>82OPaRe-|UXf(vmoSkFE(#;MGBy@B7RoUma$H0mHD2OB&PI-I
z9niDdO8@CoCa?0tCwou!J5}9#Fz}AQn20zueA6}X8R!sQq0hBViB5M~Pjs@P)2SB8
zmr|uB+r#J~pwn}cA)=R!nq%Yrbegi|!i+<Tbj~Z8Qa0<*3Sn1#mA#)%-z*mwrty!w
zlCK^ctJsO@(n?m?KLpu$gcrR7#5QIKG~8_wRn&pfho>OFE{RkU1kr{PB48Kz{h4ii
zN<<?&^+EOpGRr4YX^@FS_rx*VegJonQSBNGfYr_HLJR=iLa4rYfPP-l>ze7oi|3du
zGzj&=8Go~Oa%<gvf+cBJEjI}1H({0XuKSE`SMpg_)p?u@)RNC45bKuXe9-DXR?~e&
zu1M*RVxL2bvQoe788hhLyYURnOG2tN$5qORnow3)XPF4(_I;lpI-hAU$GCb!)HBM8
zbL+XYHcgOo4%hq!B@LyK;@G@!QA8fuYK_9a3@<wxP+1I8ZwgnhW7^IrC08u(9mO;b
zu2;_M%taA5l*mAfT&B39Yle7ze13F#VvDS|wg<xsoDikLN-MG8V;JUd!YW(f>RdN)
zK8OKcA&97L&4&>a+Zr!YW_PO+csiwdtoW8`dSY8%n1<aVT#fI@B(3A8LKwyuH`<AT
zx@k5{L6~*e>{dk7jo)ZJ(^!`XTb<g5!9w3bFWxJGZ4Sf#pS^egZW~t;2Jg@LE3iuD
z+_+C9OY$q%cXQ4<j=S5_iQ_MJ-`Q_x=JP-#B%w_aYyh;QPWpe}g9k|v1YeS@*lA+U
z+>S+{Pyh;5g+if9UDY!A)HR#|NGF(6NSA^IMu^JfiMgEWy4~Q}bMSTvqFCAUFb9y!
zT7nq$EBDhRz~n1{`QI6U0V5zHjA0$Ah}<Dcv5x@yjG2U!^*ShU6@j$^nP^Rblm87D
zfwRh25aLjr0>IdH?$ZD6_xr9J2v?S7*EcUk2S)f`h$;in-RRjZ4*lb70-h}phd$)+
zSQ6<19fMq=XZ>sDK9NcU9S<`7+Eeig5?Bg>WAIfBBe|2U!1OE7ld^A3%HO*3XiM@o
z8ZDv#a>RC1Uw}KZ+*K>PfRTIvziJ=D;c$4kzc2qg91iXO4v)sezm4_}j}DK<M~9>F
z--hGiaJ2t7Fx>1=-6dum(!UMY?#mwB6DeYwzEG;+6*zta(C^@7t;)EQB=PU(!)vC1
za@VO5MbiM!<~++mD>$WKkF7bINu4@KLu>w~4y3tTXr;U93;rw;xbeer`tT`{3x*Wf
zFPP#K*5ZekJPN?e!H+mVZ17V+CZH$d6O?SU-3cL_aS9_nyuojbguR`?3Dd%7uw%=g
zb$D&{{`ckDGsGWo|Bv^M#s`J{zd!Ew|2E3T_W#Q^3}7eGk4y#tqloRMTp;bXh6_B(
z?GJ#C5G$MAz81%qsDL*RLzXd&X^6N`s>p5xDeseMQn#d*a~hnp!y@DzOHTw9npR;X
z!(hEPP%KBXWU^Egg)2@WM>BoLk^jv(Wt`$g&CDgNNMmX&zMKntO^jE!c?>BDf{!u3
zB!2ojS(N7hg)F8BMB;;}q+=>499Rz{^GVTkgvqW$`iK*u40+7rMUMQ`Ls;-)aIMEP
zcng_|?9{7LvU)pmqSzdc4-Q$p$RFFX@fy!@jVUm<o!cN`J0RzpGqkuv^pq?jND=7$
z-=o3aa4_r{uX_E#zxnbPRTT_QO#{a-@dWApJkbB$8GL}h5!$K&4hh}KFWMF2VjqB$
zC_14FLjTUhc}_@DaoFp{p`67K`Mm+So+EH4=0F`5F*B&f0O`RHOb}QQA5Ssz0c0Q`
z;Y^16W8gL<_uzhxy?N3R69><wa`sB&Q5x`Ym|{1`h=+t6;t<gRj3Ow%B`Y$RAP%jK
zZ4$<DZdi4T@A%2FZS_-+9GlA;IC$IZ%6@_z3#sCCCG08r)R@IJ=bF{CphI-8HvtKA
zb#{dpaE319Ah=S`5;8dUm*W;V6qZ1{@cr_dfjhN<KtS#h1$+)epf)h@N%(gTm^O{^
zIRZVXN%c|@cTYv~eFc8lwL$ZF%)mWTgfC-2%eWty5A4d1n1e_?=SFBavCwCW1aXz;
zla2|hUIRCo*-+Ca7F%A61X3Q8Qc}NauSxQAs!H-p&%S~XKf0t)O2(Hi<7L`(5T#Yj
z)*e|bVCZK9?}Oc#(cK9S^Kw?YIU<_vembiY{VN#Z4b1xB@BN&`U!@GyHvhj@ab4N;
z@3}uc6^D+-$*^{n)OViq@=cR#7`0S3&FY(&KmYu@JsHx0HuWVzlX#Y$ykFX0Y2q{J
z-61+5GAXguP=8Pj^@*SdUIG>cn9Ddg`9$<a8?duen49!c25<@slc_x^9}xd(K<+n!
zzO3p-zsXgV6K4H2mA%;6#l90D4yUA^US%#HLKl#`G0@)}gjRLsXLTSyl;8ao2G&TM
zkv91gI;)c7)`_E9p8-H}n>f0pWP*+jr}8=H(NBmU=lslN-imx279)t;S0Jx$=o0is
z<D<cFFdU3}pm%&c>bcmdC^`zMN|*9S{*&!|qozPr&D`9w!n`>WGT`Uy>r3Oq6yhMJ
z=z2~Oo0GtG$7{~Pz^<R~MmbepmEK?HK;<gu;jq~A5Mu^bBjYO$F~=~F-fwAN2Wf=>
z-=PpO_Wdqe-8AQBVD))!KpXj<s)>W=JUGl1qX_!=uf1gXDR|H|v$|S!(NK72YHLcv
z{N?r4&Be!eXEzroAI=Og^8EcHC5!w@%0tE{G(EQ7>sS{7`H!;ErCc%@q%0&px_}E*
zK<4!P{rRsSZX`}8AI`2WPfoXhQ(~gZERAJy^7b{;`sUAs@w}YW)A{S$vriXi*JoEZ
zS7)F8b$)tw^Yh26YkLrR?L7}RHFMTNzWn&9F=Rpc7UY(4`YgQLoR}`@h$5A2Ik$t-
zAI$}>?tV0EW^S|2dz35?pQE^t8w6;^!ipP69ddN;4+FvUP<QEONJeK-fh!4yxk|ev
z`S>xoKD~4uEAp_EzASwt9WT%A8g_U28IW~ajK2zU<pfkWET4gTn_KCbzTq*|ZJHH0
zCBLgQs}@}Q5FikFkHh%0&RCr1Yb86!#w8EJmU$&ciqY6r(V8WYODB^@4*LE|*yaxS
zvPx5o_ZwjhfKN$e3y3~AdH>#CjC|AdQ9lVkAjaSfCB~8;VGvB9cY96VlNtLMo>59N
zBgY*H;)TlUTgo$(E3?Tn7D>X_;}WAov5C+PK8C^aSUo;2+nki+DfHTP=4zC6mm}nS
zZ|S{$<F4v^_)-k&0b@?&47<2>g3%<J_7^ZJ8#r6C-6`9hMAJeAN+Otq{}6Kdnw%yq
zt&Xqc)6Ez%RKO8EE5dN$E7)E3YR`ePsIV{+13RZqR7(EJ*GcBl9;2&2a|W_*%i64U
zuOVmWU&f|c`)b3<u@fgiZEnriwjBnYEwb(pD=fPDad*NiPJ(;5Oh_=Im`L6iKqg}y
zIZe5_T0QVm2GV&^&;=||pr`Zd%a`yT#T<Ju4I>StXp!pRiRX!FzOY|?=07L>6rX#F
zBKDsoiK|?rYjTUi20+v18AOBI8gDqu&tR4HGq6IL(2x6bT*XNuY3PxxefpD28!1+A
zdc6RrQygM$v`l_k`$Ealo0;D>t8D)I5WR8|AZlM$8b6lyS$>`<bgg7<;qJsOWapX#
zo4SCqCYV_%mEY8W#$l3vJtu#A=6QP=p=0n4Q#psrk5mO%cOp}isOzDV!dn#~OH!v<
z|4nqN9QTs)9E60UV|g<fNNdFm{DCL|3j{-^?(oBSF+mhy25<<7$6){{iYQ`9I>+NA
zhh2I>Y4o7Y=pW=G|Ka{{XneyQEi6T}59GU7=OvA$1*++;uK65X6L5=A1Q>@LfeGUG
z2!#osXJ8k^(TqYrbvtpKxoUNm7QM)5tCMI74Be(w<tZmJxBgR2LC&q;TH~qGcgpb<
zwUe)Iy(am3y^Jg!N{z~dP^{w|TN6HK=r1K&MXlzrniFWX|7Vf_dmZo3TL16S(ZONf
z|8sP7Fy8C@Keti7jsJHOyP4BBT&s!?;}fbPRlO|w&>0Bo9q~csDlZ#Rohxanw_a^e
z$<{Y2VzSFT3L`UOqg|ooR>L+1R)@T3;xpUINp>S1vn8G`&78zA(cvF=Wq0z~Z0a+s
zpBSEB9)k-K3i+jEz-jV(!LPOq@6`5NZuM=rLfP_LW=am}3~8HZ9(tu<XvF`aI(e-s
z2I~0#=+O569}SN>|NpI&Z_EGPCwr9xs7?mxMh;Q1f<0n&aZzKWF!<vtuML{9+&ZRP
z&_fHL>#<+0tF`sht~_jM#Qzss2YDF&zc(D&?>|SQ?)~R>$|KePSI~;>=VY2_aX1@z
zgd)NQ9$D<#QbYr4d!T5FU)l<MO~Ze_tP(FfMP+!ykHpHH)l0_^<eo~jX8(CHS=ZT9
z5twbpv9{=3`w?GCVOK>6GF^uHyWdRtN#eff6HVkebI7xmGbvroyt#9i1288cp?a{{
z9gMa@n!UDODT*Y4<1lk0HhyaI@N<1?Q3Lo?#H8?H1$@-WFe8+HLMEL`)|E2-ZyJ#M
zfXw=vhyYR-|Ko62i2t!S9(MZQHj3k(X&z4|0UDssg0T<$We6A8D`;l!TKe)!o#4|z
z9xnB)QMeC7a8&n~z_>`Sf>w)pq{*I1YCi^FB{vm6z9)kBw!nuYnUzIz=|>wIscioz
z30z@>ReIhB-2aaFALG4IxBs_MEFTuV>?fD!>4rCBe8~F|aYS^~*Z-8hM2QJc(7(zr
zo*Wr>baKG_Bi@tCbIlmo;AhA{PXil-%I!uR;%;BdQ_bCI_a~z#0dQ4>V9ZHxM?Ld1
zSyNT#nrWFRl%5^4iv*RWE<jW{Ol7wY$u`SsJOjW-%%eC`J`LA%l%5<_9<O}oUmV#d
zTdaTC{?}1u*WUYoYq0<K4-5Cd`$q@e{@+Hi_P<{C)07-@Y{1+k6`Mnc7p~bH1^>BX
z-wEBjkNdj5qR_nQ1G6-$Wj?ojdNeXl)!E)VHe$V`8z9@6D{ZhxUh4M$COklD_W%CK
z_Wu|UhkKp=zm?K>|F`$ZFyCtyz$SDRuBfo*O{9fwn{$Pz9b<w_xuvsd(}o7odU)-E
zk+lL><&%-{#Dc@Zob$-=Q+PcraYG1+j|va3%JIUXe99x!vSp8J%}!14i2eP&&2;PP
zw03C>H}JeSPSGnQ|12x>9IQo*r!Ix7kxf9L|5oRXmhxBc75nFg=#+qS;Z~C}tb#Oy
zfOwFj_eNjI%CIB`M`fjkgQ<kEsYy?gedm8$VY(AQtD%&n1IULBSJr#ir-letfc=sW
zeC?DKNf3CKR`|fuVkH@1ikOW^gQq16;t7+{$@)O&he28-;OH3iM*kQOjQ{WDrG{eI
z|M<s0{_&WsU0tzDnf@;XDh@H<L<rz&{eLtXjYqcrzkhVt>Hpg(786RA-FB?7WAeJ<
z_LjO($j5{N>Lz0KrWih0xL)%D-9&vuo){U(#@G5~7?n@XqYKaLMsvgANS%)LT>#vt
z6aY6R?=_;|+EHoCH+1t&-D+buBK$4_Z5M&oriqOPp{)XJyyt(&IJB85r?@#<1foqx
zQW}f4IvQ=heMvxC00KNk-qH(DF$RrGMWW~qQT_?3JO7v>K?ngV1c-|$y5hy?G3ax)
zb+b|ki<^}`2pI~^P`Ku|eqZ@{y|E*eC7)%igpzO0pJgcC31oA3BhUHsSI4iKn9MvV
zh$m@K(t}1s5#uBph#qwi{4~qS(4JF=7_b7=Rc#1YJhD1nXf!O=E@1E+TwR}hy8iX@
z=IZp*`Q<ghQf2~mp9^Rl0usu-kUbb5fD7WI9FX)|gu_`ProEVPvcP{JUkF+$)fHGF
z@6$ij`}jL@i~JnOm<dptfL;Mc0G9YL1q{hY(|>2lwVrecQqeUs7iI|~2i0gOl!idG
z;)De3|9WN;g<=8usmU#;4n1cRPZP4y5k_5PV+VICCkSWUxRS_mwS+QmKq%#?urf{!
zsw0eT1g%xWRn=~`vd}zbk*-SRPwh6WI52K0UP{{G8X;3!gfA)Ye;dJ5WGsa9ce%JY
zW$|)061gbTYT5@cvLw0v=*?yPNcLT;s7DzEY&P&wM#{z5M=j{W9c;o1gHy5-HW_=O
zE8o7<+J86j1iZ%oV>H@3vfuw5bot-5Qyl)^1vc22U)I-rz^C06On39IyPa0(6;0F)
z&D#}BdF5x`8|<x<22Zk-@qZEtEs@aOn>h+1MA?8xt2zMI@c+Hh!MNc6KkVLrZ>5O6
z>Z2(RGk%yX{lE)I>}QX>U&z0~@f*;ap%78*<sN`%Zyj;YX;@o6RpU3H2k%+d&d!+w
z|A;B7ZZ2w600{5|PN1w_4acZxfD3(ly!NMORZ}JnjPLLaF?mWbCeQdHrZ9c5kZ(GO
zSyCx`FfJoA?-+S5Qd9Q-^KUG(l3I}T8YyTypx0)xOk}r#E4*h8JR1|o*3lJ+G(otA
z7`KkMfsYG)llV>C99v-bhi9J<k7=lHzd+KJGQ>ZV_cFCR#YvME(&P?NihYz;P498a
z2U=(&SEk6wY*o-^eFIRkeM=h_7(fPs!<lGWg0lFUt#7Xfz5?{S`fr-v#<;{ft{6Rs
zvmH>Ftp2|-^?#-9D2fQfoX}-5MI{wkJe}gtYDATUV*dMEOS-POO0E8<gWypTto#V1
z#{cW!@X*%(Mx$|e{@+S*od46!UU&Y_xTQMPC-vwAdL<`)`3c5+PAL9Eo;M4x$Fv{)
zClXYI`AoWYIYFgpJ*0<Njmrp)1Ef4>Bm5I3aira1d%b7YwNhUuB7X+J9ikKc%M5Y(
z-vBf9k9)|yc_JtC88AW5$4snK;#__D>0J+GQq^>YD%J#60{_As#^C~naEAO#;{S)h
z0?~nvCk<YP$f2~jS|m|jlF<5J0S@`${tg&|9iR>L&jBaOG!CWVK3D=D1&AZ?pB|y;
ztC;Zr_Cux;w=)9x9C83DQaKxOI1>OSNZnCB2O0}7S?YJQawZkXXKrhS_0PNsC>@~k
zKDi)1x`sI9tXP8~E<Wo!kSh*(%#5&4bI9Js>JG*si<9U&Kb@ZIS(6jgh?GL2B8VHb
z<e;Gk8)6eQ%apxBmzpT9Q+FSEZO-LKW3a^mHO5tgXNUv+?bk5%Yf~yVAYqacH0yJh
zNf6I+{K1&=$e!uKr1+S5LPuR{?pIvNG{#bZJ#$H|F>2|&Ky0qrb+WmyM8m6P=*=k!
zHLp!xS9wW1_P%xsHMd6gPmcrv@}$#XZm6XUssWA4T^=DiC3FGazXj))$=e=*-;_}B
z_NPnPR!f_7wsTW#pdGd9+M6TqR@4>X5d|IzLovoX%$MoQGieQGjtx@&JhCEyLNaMg
z`P!9|&4wnG&k^7hhAdEXN~QpU(~C>RFSU;r1OIbPB+&m6Z82vV#pPx{PmFEE)VkBw
zlvWG7ZS5`6h}EJyRG1Kjih*?%4@lpv7GbMT+7%}v0rs$73H3z}=^p#2SSiKlIZ$~Q
zq)_cka}ean7qq~n!gnhFHKk+$E_HiFB+}3F?_3cG`+My=7>q*mR8>X!J}G`HJ&}>s
zxixD|cR<^z%UDSL3_94&bMR|6oa)I`jR)4a^n|q^M}AML-vr8BdY<NSyv|s_4AKdl
zA&{+$n0^*}^Q;?t8?8O(6?n09kD=zctvqQCCCE*@)%>fWx+Z$dRJG)4EVmp={S+#Q
zJ$iY7aVe!Mj=D-#u0ef4DhZMgcVwyDUd^8;vnWD{IzK@F4pEL7TA(~RPiB!oJ!`b;
zvN^><VbCzb=rc#5iZxWGeJNkd<VR`3#PZl!ieFRKwbB05Nl9v^u{@L64G8on`b9C0
zB0>T-FxTB$IvmatK3G;wb56ZpRlsVh<SC-8mO&f!RT8tWyQ;zSO#-f~Ysm*^btLs0
zt;AH<O!iduSGnU#s??yKywMg&i{*FM%DA=jv(U%`ihP;Fsd7L~rbqIo(l3?kfPFfX
z+sBRO7=|H<Lr)S>B@PksiyNRlPjqZ3XD5|=t7=Ep()KEchRUIppr3YPaJr4mms3b7
zcKsauNT_Y&12hgp9L@j^!OtgPL3}iL_WarNBpg~rJwVa#F{bL}8i<*E5cf&r`JQ;U
z^2GTbK_5|Ymgun0)68j$IN&%6kO7);F%~v>_FO)*izu2RN|6ul;Zi{NiL^w`F_X^!
zME3d~L55haW5@vV#kq?U{aM<w0>s#}=kgf{38i8=MfZpTGWiX8JoVPsG^17<^k5KZ
zAiaTOkqDu_cIz$`Ie~0mE8n!p`O+e6PywGp=&&L-8lc`PW~8sxHbA>hHHGGmGWuh3
zoRJo1LEIprZg74%aEj;hqpADUTR^=u9$|3^x@tC4=}+np9xzH`u0PE=kBmQOH1do;
zC1s<~Lo*5!oh|*%b>M8i7%Pv+Jjo>kGk?oQl&hHz%=|T-i)I$4O3SHZCClv(A5O1M
zF3+#@TS(W6OTMEU4nFtG=0+Q7@InUOXk(mdfn2#F9@%<#Q&W0Nlg##JQbqG!k*Hl(
zBEyVUd#-6XotwS?YjgiQ!J#j<YTIkzTL14t{EzYeUKjskE9Ft&|GrfO_k^#3Nq|0~
zsi>YXi;6jT20-x&ylliQRvO{)vp#S-&o^+H&x}}Wy3BVT-%qvF@_!$)`Gi2~vz2o}
z)bRiDc;C+dFg_f0{C_K@?9Mz}cJpW={TNj!nBzAfd6gZIN%AbaoO*VDkSWnq*A$iU
z`$Yu#{FQ=vs*)y1(7KbP%M^@!=Xv}FP&7lIKcOgq9y$pE(0loR20!fXyd3<n^I!iZ
zJ9^Pmz(McDm+_xHuto|BtNX8j(>V0N;hugfd!^hVd;Ok^cfP2a+qU_^UO4iDSxKLo
z#Go?dX43#Tnouf7BeBX}2Q{lKCn<4pt#2W}gWjm8BaWg)#2dHU*|A^a7Tz$alS(B#
zQ=uqUZ1L!;aW88>0BeBeIxoJGEmPbqfBq?VquvQw7zedCzXDGFovB;*?g81iDE0Cm
zMFCkZ(CX=*Yvljl;c&cXzyCVw^1p1Sl*#{!#F|OGM;#L~rH@9(w6)_uKK!xH$_by7
zmFr5;rgAxn>-HR6Aq0HlF+f6j!b3C{e9UpPfI}d|0!Fv9-P_k}R|jQF{yUfv33y5<
zSP+VUk2u7EbXuV(3a|(B5w#5$P4!hxS#8wHs(CD*$>#utET$;C*3kxd5(0+9S)d(3
zZ(p<I7KFV5lckPuL`e{c|LR7PbQbWl;n?|RG#vh$m?RG}Bs(NiKthxZUfM!Jd2b`#
z166D<AACaEq``Cq&4Fsn=ZM~8h5!tcUKe;a=U|37U_AD2fgj7Tb=*khW8rk5Q6h_p
zzNk^C^SMG%2Fm34Bne@Y#AQ@oXdq+K($Oltw#u%?lBFZ+{)h?L9Lk%tRPB*@nao^D
z#f8tMPa5gmOGOXxT%b`E)4umfEsXM{N`kVmTrg5<R!OL60Y6{GbcWm{X?2x@Fi4ta
z`b~b;kAWZs`ALQ7&*4}I<6q8-T+vq9nsHXYY#`{W)6bd&!N-_i5<eG+DcyF`yIxcR
z_j442^vthmo24z%tKURrNUQdxlP!xEIUcW`u7MYWYdx63TgcF*JfamqNL@pR^I~&2
zJ~(9Y!WH<h5cVcV&V|uCQcdS_Rl6#>Q%>h%I~uhG<F^x0xS+}#3&()+pqNLYpiCp1
zNyVt$)VbjxyLNQdYBpabGMkIdwny693Hh#qua=JT8%6!>*Q|MY+)w*;@W8c0sv><_
z4^`cfJ_|86`!=fmD%{Ms!6|XlSuW^lU$e5lkLjCTzKAr3+toiWV3e!vqe(n_^Wx>{
z`TO%<Kis@Kd;9B8I}J!#hVnY0vno<9kLKoNB)KS>$x{CE`s(K5<GZt)i<1v$X7oOR
z&ySQW@}UT2Bwu~;VHV5!mj5UlUCNB!VrNOu+6%Zq1!VLjNt{kToLya>oNfW9MCxXT
z6kFnK<%YXtGEU$BdUbvF>BHI8&o`$ZFMd4#$)1s8uzLsTZh$8#EoQy#R#Al2l_bvk
z`A&24{(_c{X}?9wV<5@i`jF!t3W!yM$kdoH$ORX4%6&7uMNZC(4;U^!kpO`m*H};f
z<Lc(*^z`iN>gJcT|9x}*u71GkeUE#zxk15u=9-MEE-Qv@VtjRW`swW2fU+H|tGaE7
z`Ma|pPkw!Wee>z;r}K{&+d;du&kCH&_07tlA1(@efByF5?a9sQ`;WiAdpKG%uyM{q
zBP^OMVi_Ps9FJj01x(gj=iApz-?;xwn3FaC^6T5PPZwv`XJUtZ`q%mC+0D-%uL@I<
z*M#z5Ej6P8^5w@*jUitWYC~>7*SY9Bb@f<0Ns}0#zjM<6|M%;svzx15->P`f=N~T|
zl%G@X>L52A14khYc@<XIXBQ_I*Uj*8L2HUh;w>gUL(0+lbawUe*H5QsH$Q#)`0Hf@
zoJ!$VNO#rM>HG6D=g8ODumUINPA%!uiPGlzNF%hYZd;waU2*1DI&+tsa~uW@)0mJX
zWXsQM*2oxsdX6jP(JVDzG{Db@1r2h6yJg_$ReLG~E-z*TEvXvdI}{?uE-9Jh@;uBr
zkA6bD-hfs*A~mLbCd24%KV26ikke><G#CzsgHaFkj*myZhL$ZkQh6BJog*0V`5*aD
zD(BvKZ$G~wyg3r9{`2*<$vfneG8nu=0bJ_19LL~rXih4kSQ-)3w~_gc;{_ryPe1OZ
z-zb7yy=7FJZPd1jTd^Vqin|wgcPXyL-QAsF#S0XdV#OUw(c%<$io3hJgxr(oeZQGm
zGyn1@YXu_L-p47I=tXI(XDqYzQ^5=ZJo{JvXvX$D&A$gUR}<+MzAr(G4V7$2_91ES
z2j<OM1}zJ9o-GJj)@|zVG6y;pNxuZTgebW?^HkPFqFG2VepK*{L}I|J(%DkWs5x29
z#)_xIuqm(={^Ccb<Rq9!u^&n6f<TfP`*C1^kDWVHQs6g_S_DUaQIZ9Im1TXjA9^@!
zT)hFS%2hi4i)*ChhRxqUG97q9<o{$l6-;$;7TR|;oqe4rWJtsjz~(CnUE2mf_V-xz
zQtqZWg=I?i>H>2u5%EwIsrb3zmiJ!Ay0X{Po9vpnQjW96e^#dDjsN^Gu5?*6QcY>#
zROXdVYp5sn=J|M_l)J0+L(?gJlHS|ytE9~6kJtzSho6o5l|Kya@iKN!wSp9LJ*BKS
zor}fVdWH1y221<@(3+~iz4>E1GJTCJ+|MX+otYiT8Yr>iOplerG|jbS$)ZjcBKjP&
zs6mN3<Kddur5mj6`^r+cOTe+qnY4+Zp#3iq5t-9aKtpYo2kAsQ_mLkZgg~5EcbMX6
zBCT67Ij@lyc2>|YdX~cj=X=O_y6$&Vmogg5A0Ih3_MDlj+|QD9*gEe1cuGz6+?B93
zNN!eJC5U5<(%SsRBc4dzb>#?8>4ImYb8~N(sL=5FjA`#Onln=UVeD7uomPy;Ot?d<
z&}6J4-630;`^=|_Q4T4%yjaY`%A~;r;<XJ96$Z|v>)wRkas)OpRCdefYDLudr}SW1
zd0XV!m^g!ANgfoEkrtehTOAS(59Td-Kcn3rh-wtHF6@cDps>8BJnqHVwI0tkAJe@Q
z#J`d`C!s*C{+;%SJF(taHMF?vhr&_S5!%YBDl%=cr5PCgSGa4qrkDRa`(NQV%#*T*
zhr+*ps)S`1%bED$(6w^DTb||e`K%TCfuDr*voM_9V^*jbHmzx>>97`FJiD<HwzeN5
z>@`0+jLdr(^sk0hr=s7h`IJu`?h4*$#jwdq!?z*Rzw=BJJ_zux>OL5>WKlGn4hz)e
zdX8x%<=;SmUX=fca?o!SE2O@!6cN8P8&1KdSiGz=d}o&5HotjLFvmu4Aec%>*>!Hu
z&o-OQ5r*U)!o=KTn6EjZ7q^m$kotHC)zHb0?QVFx@m94H#<h_T?C(<QF2dbz?)`}<
z7c-Sm1_Wz#hx}k_g&;atY1Il+2>Q#WAHSF~9R^b$5H?|6T2in|W+<anKYTF(%*S#|
zIrvHpc=+^hcpNe_nwkx3*i~dx!I8oV?iIhfS&==LgkLZtG11KD?GzFBCsCh!6*(Bf
z<xq=f4jFpL4th0^SR_O<sbh^{Bc)VP8Sva=zb6dGW)0TEtjT?+APyRhPg0X?JjAXm
zmSrm%*ht~O3Pt{!8Xj{m9!ZKBc2{5_v@MLB1n(Jjgd@J0(Tm};AJ}gSvq9}!_S2Sf
zKNNY6c?z*ZMv2q{f7YF449=Dac_WrKfA(EZVQ^gGZ*e!n$diHbw;${@i*yQWL2>Ef
z2V-_g4*rTqaq4b!kJwFzt?pj$Mlpu*NXY7YS$_@Xx_-hJQes3k4pAQ_O~a5khHXHT
ze;zf76+ohqe&WS^>#_SV<#pMs)A{)B{+5lK^C)s_iV}~jxTAKWO0ua`Wco9$HWv7~
zEa2N13_;D7LyfB*UyH5YS;>6_{=Wrg759A7prkgb(um6SBvR-%QIagr91ErI127zs
z4W}@Jt|2C_<evR1u;U@!%LcULP>7-|BofJ^M5u-KRdLtA9|)cYVOj>uea^`dJxAGJ
zMG(Q&7l@-re<LeWW0zY0S4ARDX{Rvml_}oqZfYx<om}l`ghXLs=j;YlL3r!m;zF8R
zU*F~W<aE2=^5xdycmbcG7w56**>3`Je;+xD8fXp_&Zg8(#bLazHy`94UV&?~3?M+L
z<fNgP6qpFqfA~}q(-KQ}#vnnaCru;$5?cz3VEQ#S<-Kf%UP0)XdCI4qo&$3*O(N01
zZ5w9(VX+*Yr&ZO8uhZ`6|4=cb=s&RUW@xBk;ka(qeR{Ni1_Wcsy(;2>W-;O6TL7y0
zT$S%a`K{9v=-*TR{c&C_&u_m=DzhQ@X7o<pdtB1B1f72rJGPBlDM8;N%wopl(wm15
z4Ar|r=awBmj5+G8g(iHPW6>^b$`?V9(2+jm71d5L)gFi{6Il;nJ)bvUexDnD)Ww4f
zi7fdJHsQHy`NVSra`83I2W0y%z%9A6BcOqB;;4@Rb0ut*3`ZTBiE-ut%a1nh@OJp@
zI)d52Zv_V+nVRC~gePW3daQc<v*S~$S05{f5*<KOt1TU|ToxcEJ11Sa21UL0s{pIA
zi~;(VS+`X?A^cJ&RdEaM+uspPd{Y<v_8T8L!n%hTzBxG~R;iJN31&Og*(fKrhlzlY
zyTV4cMbSEivAm@-ZQ<BDJ3sXq-ZQoILNb!ANRiZh06x*RmPf#M?i{K+&0heq5^^iZ
zYWR0qnl6sAvql$A!arKQ)dahRkqBs@Hyby!|J!@CksZ(c`_3nne<06&Ywns2;#S_L
zj@Mu7DsLl?>^<@|Yh-hyDL+-^eNfVDDj?<c>x%;V+%?b%F9d8JZPhmdP9=`B_1}+U
ztvL9Nw)uD-5!jr2u8DiFU9NUkw&q1V$B<lM0Sd|v8~8+);*oYNyCvpR)!XFCRJDcg
zt62mmy;z&IEg!$pS;-tPsBtd5>kq3lgY_>mt6nfToL~CMy$`&r=@5YdHi;9@Zh<4$
zxo41LNua^ore$Y#pX>h!VLyG_CX#rP@G+5D*&TDzT(*WsTl5gSvZXQ-X@>U&Y$s%I
zf0jvrR6nCMkxZ}bFbG77sGSt2Qq{#??JLLqr-0pyzo3?jzN<{h_xtddQtl2D$;n4|
zcCsrsCnZTu1Zz13l{9|l%s0)eSl$_t#JU0}K0lk}iceC-o-jXl7*Di1Bv~-PCUtJ=
z-*=~Br;rO5%Nx<L<1FyJcdsS`alNj$Rbz<~0L2VQ(B(&=V2B4C;&9g;{wA^t5&C%P
z^RlTED+PSc=qgy#i+Ph-T_?|b3sWoJP~F9rzeE_pPl?MTLW`5WJBu=!Zo%t83P!ay
z2Ww!k|17UV+Twh&E((YcO(={7(|c~sh4;Ao&1vtQ62`ME4rK)nZDz0m`_Ngc%A$~*
zoGWpSvYq9eE)4?vpmRR3-;i}eq$K33sL=a6cDpg~uoCr}*nErPz)v`fP*uGqKS=Rs
zqY&OrBjN$c{=Yn4qJ+`zFDD@VEAFOC4g7&Z6XQmxQZTqa%D8Mra>KvahTixcMp+7f
zq#(o{_lM%mtI+2ZBAz}@!gon-N0eD+zuc3BCClq}&C_voDN@qYC-r}|M~*qSPp=d$
ziZ_SA#k0SRt24BsF%R^{5z)u($&rtUNB@)|V~y+E!<*uO&kW6^G@(`K2#0;39NI>w
zdDXb;i=Qv&<s`F+PQv1cjqfi(Ac!JC-Xep2yU6=XGCtB-4u6UAAmI|}i?x+xW>RB^
z#)sM$Dv261VMUXGI{W=|U`P-`xOil}+P_NO4{x9Th2FVe#y0^o21o1Z%1##KXT^1#
z;&wOkLw&=lu%QqHB=$S(0d;Blp7^>HJv>TjH-4_Cf@^iP4*w~qpb!Y@PZBPf5t--#
zS$+3)3-ZFN1Quooyetn5R0SWo^OOCTJPW@C7l~1-6f6~K1USP|#7X61WGEaX3K^bp
z6BtF^<N>_n$zDC_bQjLJhd4;;sdsFu^t;wq{(bYnG)y^7V#-F;_GS`b`3z4*$sX<r
zXM^HPgB|6pBq?4RGO!^mRsa4M5>@tf6M3hA8hqY0x}@XygR4>TR<ao4M&}?l=au%@
zQR#2<RbfrnpOB2e53?uWmK~v__Semsjiq1!<T|$xY%1D$K^oc4e`TjT{P9vVd`s0m
zjey``22?%A=h&>@NVxRr3FpwB_I>oc*x3xII0Qtc-{Jh?3GAtQhJHmso528|u(0sa
z6TlnmHOF=n92eBjU`|vPOmDYaIXWY>s~zN$(6Oq_?<9(1;1Vd{^O}9X-(>iVV%79R
zO&&+zcEiE)PPKW%%^fRsvgkIMkvKrl80f>(Qj*e6@)Vi@-D<sI*pxrK{P}J4ug!@w
z>e54ZZ{nbm-2nA^&Qo_BqMj3KQ8Gtt7Yk-4EfB7;2Q52xx5acaeIC=yPPIYA`@5G*
zm&I&^dI^Wn-&IQQcESaJJu>3TN%>rINSFcM8l|;Ws-cEWL^Q=NnZIEd{`Ez?R}W}x
z5$fIkbaPPrxG9S$Z=(~ky+MKqdrZ__lb$_Xl|7LC_JmiOJmEn1>vI1vEoCXEN+}vo
z0`#of0~bNXo}H6ol&yvbb0=Vd#;fynIFal(wb{eBE|2^lcC=XT+Dtf~(+>{=s|ky)
zK6PsdqCT8f<-{dkPC9>rF4X&`X_iPxOqsu_+3JO}vQ&B=Y?jq%U2&_84<_4&ao9rb
zt&c|G(N8p!zDaof4pz&)Xsq|JBRTMI#+{wvUu%l+?YE>U&=Z{EMHTt{Z;MB99`<C`
zzgh82FZ{Eah$5((>f0~Npb{L8{M_20y2;`oTDw<X$x{4QEz8TQ@lD;h#bEdj9o#g%
zBa1ykZ2EtjZ%IZPo@ku{aGiO}Hf{3wHGenrZ12lu99G}|CKzB~i|amEF!DK5wO-a{
zPzxFpXD--WbfEa2veX)7$2Ol2f^aRS)WBuB(k_9V4R9GuukN(Mkx9c!n7`cYK%G_x
zGx?~y&K1{VbuLq)Mn8=5jn)lwgZ`hLx;73?Hu&>_#N&8%1kW^^Sg<|pTk<s3oeIy9
zRyalllCx2h?40+>aEq>-JM{N35@UyZ7XI|Lgq*_)EXJM>RA&o+K7^R1zz~=IoMq|R
zNo|V3>nR~H{J1tM5P~sg%z;|pkSV5qR5;c#=gv%{?evjoV`2EDy>#SqmG+`Th5>H2
z6`3x2lNyiiZmj21bP>_lQ4pe5T=$Km>wa>*V7EawF<bV-H^U!kMh&#9xxdyGxSiIN
zrQFtNF}1BUW2E?U2!88?K9A93*65}#OvOJD1f<SwLH?Hl#`cPxymez@4fRWcH$Op!
zycL;&y0f?kU%4`ZjOsxd3flb39=R>pJYRyrE)KDX;AW4M54oQuZ%6D;t?Db;`dc1U
zmXhnl_wU^a?|I}nFq;x*ZaOhOd-oZ<8WYZE7L8TW>COXd?S6cT+MRZbZD@X4$O(}T
zM)q@Co=y_q)}kDsO;xqyC+!JswOsam#+jGv?rqs$>+iQmel==Q8+#QqaY>7!y_!?a
z3gKEX<L)+h5b~MNIhq-Qt(zxYY#qzRfVzB`=8Lz*?db%7S5)w12YPBd?tm|aTdUJ4
znsFkWY`-u|o#8eK{1zD!jsFJ6ElLVPwzDE1oxEXC8ovjF-e9JoEZA2o8t~*k*#JSu
zjE6TDKi;JIB1T=ig&eH1Gwbat&ZpAZLSu?KIdVtd<oWghl6HGtUX#%$ka_P>+&a?Y
zXBgu;0P7sQx&FGznnoq3qyquPe4Ppl>cpekv5G!{qkN3G`KODNzM+!-ddZ8?*9=b*
zI&ICsa`dPtD2ZF*o+hf=STi8?vvQJhp7%2Piw>THGdIPI_z&GL#{3+K(zR+GHu==C
zgkv-^Vi;Ee=##iEG|T!~xu2Bbb<7J=P)N)2C_g2(#U?q|3Y(O)VSiKsWly`Fo+c$6
zyswFHG6*bw?=tq(?TvF%7S|YwQoarJ7nxB4i^gSuOPRc;(g9<sq(|5;U(XO(2Bp3X
z23kK699ze+Qs9moo|a{R_g(-GPQ%*w{R(#urQn=#s`V$%5K2X%`5~MchtbkK@~?Xh
zFL&Dz22~8yah4G!w`u$dIYyWUr*lw_CQW7c>^k0`@||CHJdf8$UxQwrlj$1tY~JEt
zO|EMY&2L5H>-n`Q+5@=cBqA7yugXPm%Qu0qVDi`9Nywixs&aWGG5njQrn@&Hw6F5g
zL0IaONYf@;^_SlV!Xh*T@3bgvo*OBD^3-#`^D^uIeWESf!17QT99(bAsE>UewSJz#
z9a}kH2g4`dJ5pZBesGKRcdA{Bg8N8t4n8veq=dxw{@$e(SVV&}X#^f4ErftoUzfEJ
zpaxHBx{Dh#6sl-(NA!ZQ{fV)U2yovr@yNM6-Ti`T6|BnUD6D?-E3^ztA!2%xY8s|?
zhJCi_y-8mM=lpq^k=Qx6fh}Qf)c9c~^s9<_&|WWdh3?vYox}K^@FIl+Z?|d1SH!k_
zEq19<``T<VR%OjvkJ<V{Z&GEIbIa|YIE46Hd6&uq3^Rwg-KWr@WSm}o%M|tU{Wn*C
zT7DZ6nFx1!W!9aLU1`3jH8v>~EV7{V;{amn$0u|gqh))$I-m&)&d3HJza-at+1%Jx
z&j5m$_XFkuCOA1U9v;{5?V?;MsC~umaHTfDWK*FeiVfo#&`%VHo~;nbhD0ymG1m#K
zsmy>unjK<X311@|^1;R-*3$+L;x3^!qbBV(U;4Yk1T0z6?Sv}s9njoh{8^P;<1*dY
zB|;)lk{H!|JK-4h>%=EzZS<FPg0}Rj92dNKf+);14;=M5<D1?-ufr*rz-ZzjE`>i=
znLKjRYa9IWOh>Qw@A~JQcE25~IXt7(9cB7bx4>occG7%@>IBa{mbYJfm+6_S+j@RP
zVK*OwzN$Rvb6ej0oYZZ`eqp!-75L77UcVYY)+=tl=ycxIz-Zr`v|OP#V|iQ1?!Ru@
z$Bv63UyKnAD~DK--^|eDwZT2!Np!P`rMoDmWnpuqS`(%Qs>-}Piwyd(V~-&pv!u6O
zN@EaJAw~U~gsa>Vv%f}atJO9nIiIHbaI1XZ`j7Wz-FYQF#Q?9%@A?M31AYPTy+Ki~
zNnP!f=(-^Yynkk1wq(rS^B*DSh9p0=ohM{`_e5YiY1l>0)jof_AuyQKYuPv$m6`VA
z#SNxCChx#Qhle`gdr2eRCxOHNwF=MLweml^K8V3lmD1o<AzV-lgnjf*R!S7KPl5Y!
z+VUHB=;cjS5m^XE1K|SO2##E}EIQU$1jnCY$5D+p({LzrB-j$LWCD~gu)j)}@@OA3
zrHp6&kQYN&H!>!Jf9n%RQpD-ex}4t~K<_~?>N!jTa$#|hK8ve|T$m2`rm86){wOrn
zN2r9Mtt=FeiXoT&gSzcO^v1B*aDaRqE1o#S4#VF;O{RnclkUP=N{7njssPqC#qkKC
zT?tG$68S)!d1V-N{Dpsp%idXaz>qZ6QdH3gSy~m|=M4(r%a7(MJEXs>H!AfpZSAie
z-)E*F+Vkzy)1%E&44%3poX$M?qZeYJ;rG%pODglC(QfsOlV(%U=ix>=+#SRs|G^=s
zjm@b~CTlnD7}v4f2|T<E-0xo5!7D1t97`s+cIM%SFPzJlE-{CRj3rifMLBlABDFJV
zYimfW3C?|>sN~kN?tm#u`dn84JtU^1cBspKwrxI|f@0zC28sB57sKHbZ-ljAYk#6*
zeJPw^)nDLg<AJjmL)PUep-CTfWsIL>yL^DX3yLMw3^0`}^kJT4c#PQKr2WmF68g>r
zil4BSr3tzIibp?fF`=;oS?s|I44^i6*K#GfUX2+4PZ90YG?t5!qVL+;Lxk&0kTTuy
z=o(4>g>+_lkTvYCug^T$vXh`A7wuke%!nD&iUEgl8DgN0_7CP42VnQZ?)^oQaqfSO
zxQ;=uJX*Sh9<z_bRAHRtuK836lGk;7MVu3xoopYXHP6z9Zn+OsbSGqwKU$v4LP?FG
zLQdx~n#+oW{?Xb)$=Q@f5$=YMchJkl-OJm=$bMT5CrS8*aouze;f1Ux`aTlX<P=hm
zOYzEZTu{prFGY!l_}Q>U614*il_LMOyeoRGDjT12T;#_>=8WAYGFlys;?BvUAh9?z
zb%VcQY%vI%$2#-v^HNpXiF(8?;d&uu!v_8m32~)jwTa4-Wisc7$ILP3N}jUkQ4O<<
zUbE~aoxXNtD?UH)8(g%6KpAzO0rW*aj|zV`2{|gcFw{4%KhD(b(>n7cZBjp23s={2
zQATj7nB8?#JwPSHk7l{|KPD(&5m}9x-}%3LdQOd?yy3rTYJoe&$HRQm+p4ywy;ZLS
zwTdq|O3jRr^oC5mN{-Jt@K)ZG&?a}`;YjlM;Uular%%g`V_O9&+u`%X7o2HVbul{}
zE_PYUYURJ}F}3Eu<YeD!?lzvR3G>WubXHI)eu$n@A5X2nh`SxjIXJ2QoN_<=X#Yk;
z>y}#C%wGN@_u*4+f>+A8{M2=yMHritq?T~KmrxUrC@;0eAW_RV%!it~Nz;eHn1h|Y
z^Vh~46JwM0A4VO2z`nt5K_2%Iu&2XqdCbK_(-!k+ej6KUcFwmV;fQK}4@g9HD!*XS
zSM+zUa*#M-B-@pF^d$|8k7|Krr1i@^`A**JvaG|j^qsRK_5scApX(=nV2)u$qQ2w^
z5!br0I4YT71&P|Ziq5lrD#5Qh@U$NV4@S*lRDMEQD7Bu2JCzJaD_&fxQ$4K)Ghmfs
z1<^VE^||~0SFM|*OuuN><iYSXJG}d>&70fs&GfXoJ0yQf3g78`!uCt$bq0Dt-@z4W
zUj78DfnU0FDT0=J$OH-b#3$aMRL34$59&4WdzXHuxAR<@du<+nk9w@ibszfGLHbqg
zV^89!pPcRv0j1@Kio^os^X^q^<-9&xmF8wSV!Zo&*Ctyi`_tUS8}vHmFljdV+7G+`
z1n)AB#75zhVzziOrL<#Qa|~_eQo(dQe>%EvT9n?7x8Q>0=rm!NHZ^JCAF!KlHSjq*
z!&p|UpqKYfrmPiS)X8f8o2Xpk2IhTnGp17`ur>z^$tiqJ0*l1P{8%=Pws$jV+_f+b
zH&Z{fK?UbI3p~oS_ZXB$VR`yr$&O0wzw#Tj>Xx9p;*3^4XQxWE%ZyPKoS?d{yJWlz
zzx44q+V&2hKCf9N#uQp@KiKr&b<xgt4R`ml6h_@qKO3-j*0?&6jEiR5G_y}|4-F(?
z+ruf9zJp~&F?tZMLpENJ#nFN&{7~bUBB!ax>rt6Of2Jt?cd41LHe{CJrInT(Fby`{
zuT8_MK$t!9z%#|VHD#p!L`gpWUfHN(pSU(jGyYeUI9flPE4fVAMYO*RlrUs%NOQ<Q
znBQPf-Cb38dXUNDiQw23YBD4fqk|OQNW?Ld0`CxmOpuOO(ljx`VSN*~jCNQ)1!>^R
zghL@XI#jXY>2fFJ%?Dxf!{Qd-tV<9*3x2UKhI1W`L8!s|0z(vH8ViqbaTrl}r=6ix
zmKeW?R)yM46K13SqW#G+*On#2MNp?a*o|HbU2b1iasjqN>p*9$2d*Hv7E)Ok%a`sA
z^m<67cf@YU8V^T?x`|g=CeXsQ>zNOwaj6SN?Z_)GCj~aA$v_ix^3rge2F5aY5<qH1
zyk@jV<o8)7KXCHW(Xmg~)FfVs<Vlr8X4Ck#t%Gf^b<Mqb(Xu#_3By6(oH|kLF?;Sc
zo0c7+ZsDA)hEt(!E4D-N!y1D?b>?OxBc@IQEAG1>FFkzAvcd&k`uKbV!e4<08xfNC
z0XEd@KjAUzT+eMndcMay)SaTc{#6nj`W~y5NS&gAput%%!SSRzjk}q0@PfjP-K}l9
zhx;7zG9?zU)m>HEdKSfIMA&dM%MQ`K=};Pr@RsPY-w{hll=X%rc5cs@5daRvGL8uZ
z*%g6mae<}Fqt`ha>Dm*CI^AevWe{H^Ui^&lu(|Q5221@Fv6Pe*3vJ`SrJ?=t?|MIl
zd{N#iH;?1itPV6~JmiSkF7EyDKY4@Le-tLN3>ZHd$w8$A(^W!$b=vx5t6sZ4)VT;0
zbNyxW5M9u-F*%z{@YR<+6ZlQqGRxZV=}%-WnM9$<B8*N@r~Zp`)BZFXmUh*UrPpJL
zFtytRnZD*9I|g7;5zd4F@B?h8l7ZL$B6WJGWxh+;5PXPJHC9=%O&s1>avp29^O@!|
zy)Uu!1^7n9G600){d%M*1?iq`V`Jn2gFxMxKoF>I3}{ZfDNzO=TEiCbK@A6?Goo-0
z8B9e@HWQX&ZOP*;1lSY%pF8Clmu5e9t1~6oHhuaghU52B#iFU*H!QroD~!qM$MuW;
zo9gaira#UL>D{O3#0WZ*N3~(;3Kbs3lgN+WoI)d;tkyk9+kzY=7JjM)z=!_;Tu}5i
z0#cygaw%W+n@8MrT1X&wzi>B8!Zp}^0G6(YY~rZ4IA?&Ka5Bk)b)rs&*1L1El4nb{
zG^99DdfZ5pKi7OJFz^sOXMW8jUYFp4V=x6f_gsP4g<oLwgtO9P!I=B5LddX!`;>kp
z*G1Ln=Fz)nEFx?X?(ueHi2VziD;K8mPST?2na(qucaN<N{d;_Y%%Lr<7e)Ei&BuV8
zITc`$GTVR*-u@PJj(-V?{Lh~MZFU9nuMcK!I8>Vc^_NHW5^@v`K^hm|OZFsRRi@{S
zVlbC(7Jd0?3)#{N6W}vwLLOi@1Q5{t{V_dp1B4fe2my;5R|SoLONr+rV9*MH4$`v+
zbo_IIrdP+u&(<#w_lh=R_<vvsOTIUQvUYE$iVD~oM=t}^Q#^#HZ2r@CX&r`@7kC)H
z6V)CV%9^ykNNp@?HT&AQTqX)rs_M93{6dJi;1-P6tCNkYzvo0Zu-3-P8}{5$I(KKm
zWm)5xEauWMU0+Spg$fZ?cYVV}X)b#C5fO0`Gqs^|R8K*NcKRJ##vQc79_M8ap4)Tx
z?B}ithG<DwK{FzID}VN+ofk8et2-F8x;gOos1<}cW7)s23VKyvT;jEnB=Jh{2^vlE
z(GrsCK)$QTqTw{t;@EkGIr~C(VN(*1KCnk{N&Czfx!;r3J#c?H1+<5O!0C0srNVI?
z_$)?E&)DO?3R<xYefsfKV59caKieih!P1)6Nb1P*xa|l}J)vwVyrb=(*Qby^3ok%1
z)pGnxyzNIw)%Apd;E?$b^11O``ubRrs$9^F=fWJW*3hl8%|9Zv_g`O@KM~u?pWs(z
zZhN}FWu83lm~@3i?<A>8TyBD&T{$d8uH4_Ze7x^A4G9|0xa8Ji-`IS<U`=Me0lg)(
zX2C#(tAO2x2>?qDnH1QRb?Z=e9D2>?wBeh5@v80=aF|lf8Ck`hRha$iDg4rqf&UB=
z7bbL60>nPz-viL#kB;KRs;6e-=9BXDKU~7tGa<hj72`c?r<$UW$T?C(ULBo1KoHvf
zb_cwvt3y>1A25j6$^#4>yWIx5)+glhSsp&y8N}t&7YIf|YDQzhCTxeYPk?WSkJc7|
zoC{p)DB1vZ__#6iMYy;%f2D(0lsLAl#pGvQ-uHr~(*5V}i03ZDH?ZIZ3hoy3UY6IJ
zgZGinCQn7i5XEk#bjTCMm5Lx`@rlnWi8O72z>N&-=z7ATv%8z;&MO{AI(j$XM{<nF
z@NLuLA<sbJUuv3e%PVHydG{7nQAKELf`#DDG~S#1<SRbT<<94CN-tsS=)QBq?>h7$
ziL$S+&2KK3wrkJ-<Dfr)I_PsM&$_>lh_eJ^70>9$*8~n&1uBH|I7YMHO)PF@e@Vo>
z%+iX7Px7Iz1>HGeK!x$f&~8;}@S_0V4qBE`nkqffM|KZkfnP+ZG&T&}=8e3nmKE9Q
zWwq4`#&*1H3cAPgUn-I=t@N0^ARLG_HgjV()d;LNnkS;3$)ixU8o!;l=Azg0K47vA
zZ-9lvz0INA<xR`aSF=uU4$ePi{Jp0xkII;fij}sjzq!stNi$c)|Jf6rRiGRb@bq@`
zc)8vgy3Kdz@p5moxSD?<lAmS%E6vBy7>Z+?(cJC{ODk2uGIQttQebot(H5yy$gdN|
zJR?aA?^2t#V%4Z`|K6-@;Y6~pVSZNPaPG^HPtAf(yc4y3ZGdO<%BsC92d?lEYR<M^
zw3N_4DtXCAcszgp>^Sv^TGCl$dls0%H5FypIp?%r8i>Ztv<>jfC+GUv%qWh&EzX0e
z)$Rji?&_(?e+NI5^pyzNgt&C(?H{xCv>2<k96tu=&)|4p*YjP}DA4!_IApjeQcjL-
zbYq6j<(M1Pd2P6jeIlM8bW~-}umqiqX$w=IaA{aI&;N>ODmffnv0RY+)+uhN<n<{>
zoiP|I`<#lL^QT>40s@bZJxR0sY_5H4&hXciyJ;F+75^R`0mN_1E#1{k2s)A_iQ9?T
z$Q(5#?|fwGndco*MYU1$&i;y)px}AHHIaxMhN}2_a_&b%qNT<UhJExo6;B{dEYr+O
zpnDJ>ArLT?0Cf8JPIm$;ihkLT-Ki0P3SH-55Qj?w_zPkz?_~^qQh>*<_m^I$KrX|2
zQn7`xZQdC-qYu|Ft|WFzNFx7~Z|3oJ=;`yJYdc2?!(F<av7aRU5;QyDV(Ff13@4A{
z?DcE-f*tMO!{Ro$vbqN_xQ2A|_yJyD;sNe6Xi8Bdk00=Pf_xDUsse)x+p49I?hY8f
zpf3gbs0=$@5=uv0i((Q*Nn9yH-pg^J1>IHa-%f6!J)r2s#NPFo#pn|!De(dXmgnC_
z(ZKo11x8fSg22>_tu0g<mw1HuFz?6Q0v{fTNNpDcVW&~=5UvCYpRh)LAhp!#P1@Yy
zqGk)liOx_<bRHGDCGperp#ahfBqel(qDPFcpJa59AT&0Aa9n+&RpM3cWftJG0(ryg
z6{cg}eXZKm%Xa9-+8GA1lYI1-PMv2l98A|{*|<rAK6*&i{_TQRO*GfIpfE>oqLT{X
zlDzQ$;L(J)KL-tfLCCuoZ$mnY^Z@Y)&=R{L#3Sw){MJhIJp(`G2^~f%%AUuHB@gNu
znM}yP59PuY|MLXwKZcy^90cI{F<*fecnRcd-Y(0r0hf-=0boh-x#|{BJ|tSk%eTw2
z`fE10s%3ed-dStD9N_xTEW@n0`u7&#fyc6f7(8EM42Urt02gN<14h+k;GN=GiK>jr
zTF5RRV&q9Ltdwv9g4lVP>U>||e45DA>%lG`tVd)Yv+%p`Af{k!(y#nU0N|cm=JH>d
z1Cy})LRHmr=;2!iW&hu1a2MQa<y_sf6e`wIqh$ygiEk=7JY#-}-N#|=Cp5aKSBAUa
z4qtk-CjRa>R?o6>f+dl=3uuS6U%LLv89+9fuBtvYy#QULfCVUUsS{XN^s~G+S=>95
zY4NxcVLvH*U)H=kr&|AeAE<%rKG7Hgu+Sc%gBsK`u&L;Ga&6M$kLTJY|N1EbPL-<O
ziQbggWaS3X2{rMmXadggpMa<O0H7i5rgf*=IW6apNdbu93~VReeE#&@!shf0s_Ln0
z|IclGRc{I`6MH@6*Q9p;eCy_I)<n}oB)O44lE5^ELJqF@?`V2+mOc2eF_vP2wwkrn
zp^hARc)nSG7d)_bHZ$YjYp1vdl(EiQhm?OjW}s8XJi3k@DtkZEf}3dMcQq>skxN}O
zBY&<5g0a5@p<RkSCSpPj12w70NdTKvp8*qW1xuZ>BddO;tSm~}1?L(LYGhruB}5Hv
z`6st+y`s6k)@fbH&rJ)Z?^yot#tAWP3KaT{)qA+lA9Z319^N*7T48<Rtim-(_=N_z
zoWiS(0Yk6Nz@=^XE?~e|a{=Vj*#KS6Q+z`!^BvWFtKZU@IegZG5ijzZ&b-!waINqm
zn-7?__z)2P8C0ZH%z4c(8-aA!{Yjc=0P(O@)q{%m70*msOhVsmScT4mx&HSF<>>&y
z28cX9q5T!=u$YA08f~CDswmN9Sey?;%(&BXe1F1kCcxDjQ&E~rjRcEXNB`=Q>toDg
zHT}K(lvwor4dUYB3w_r&6i1!_u6jmP3W~4gStywxim(PGTcl1amqWdI*2@Z-ZY=gn
zvlIQ@4DQ!xKfl#!;*pU3);&z6S<exZUmM!ZGz1U!@bqFOE)^-&@BMcWe9|u$8$)hr
z<i!a3IlW2lkJA+)b;DMV)(K(q(}w+l`Q8=VK)~x)@FrAVumP48pEZ&JP1c|T&bZdY
z$Ijz%U$ruO=1peuAS8J9ap9W4Um^V5VhO(z|0nQe8BA7|?*oEa^gy7JS06r%HbbJI
zbvr5xLfeL=kg3pkLSrZKM=`||CJaM`Gb2G5GM)7Mo8aR^6tz)v<OR(Ghsu5U<NA1Y
zf4V*Mw8ise#@EaI(>7M@U3KwU(dX%Z8@-X6^W6;+Z2i(#BczP{CQwIx##TwpUcy|k
zk7C#Q&;7{+fin|`*8r*vId%^Gc*uv=y1nBwvXS?vi0@z6@~KH9)lgu_mD0t_!Xvow
z+<Av(n_uDiv0%5MekqYc(E!@5_5LJyl@Pf;Y`>d)B&0f+7%D0l52{xj8W>AUGmd#W
zN0L!AMNyicPx+<^(gOhqlEnpo(MMuMZ>-R~P3Y3*o|pC+TxQ&1IG23UBrT^u*JZr_
zZd}b*P)1f~nIFN80|ZA(icx*BUS<rXo5MK1PK9Llpb+9<%;NXI*KESgP7c;U!VeJx
zNQQ-DVs8NO?Naso_g-K{vy8s5QK9;Q??cHas1e4rm|0gk64u80nnhFBv|1Rdh(={Y
z-knzeg)m{t=*0_D`ET8P;|Rt7RTOYSIdFwL-8?Bbg#sy3JWS+M6-kW(Ro9Rb&H~&g
zSTsa}9gp#zh`#BZZn%`p&w~GG!iY>skV9cgkBlykVe8|Tr(!NGLWR-8_L*J9<hD;%
zJrv8qn&)F+-}oSu@PJm!<4@NpCDAg{vUw>f*~)XwQ2hLkMOqn$s-&SZw_vE|QLM~-
z8{CEbs>w3fx-KN|11~(&=BpgThN?cbk`H3at8-B;F{700s)0EbV1utHzy83w*rR^+
z&&E7qA=J$5u4dpiJcI5f|5@`-Mt9}h5omX&J_!g~8UU@TRIs<(H<()z8}<VFLuQjb
zqC4<@VeMLM@rUD*l!3#Zxrn*^GoqTgTr;?pfsn+Z06C!C3rwJ>>g>pf#9D(C`Mp56
z#pan&veS()gaDt^UYRL3n{>>o^QHa@CMv@4W+CIq$G~h<3$nK<nZZG9?*O*5kLN3O
zQ^QLb)i8EUdFObDkhHwqG}GDc-BtH1PcUc7M>l&I6mBFO0VXFEJOku%fkU0q_RDTo
zS~FVI)?fN&Jpokq14a11B!fkmj#oxzYf|BW{Gk+u5bvPj16;U@?wcAHos&t>ZjoCr
z1O%N)HWV8sLH75^@BT7AEKwA}rI?J}j^ZK9i|Uhs86Z4Qj1;)jDcv9JY#*ckD?B>h
z4>b>GqZ&S}!z<UsamRB<Rqt1+!@*%EFmEL7hQ*thK2&8uD~M7FgSj(?<o9Cz5n@9Y
zI|DC*MiPwg@LZ<@uC2f}bsEE3>r9^moNND|01TMk*l^$<BLv+)=zKRhLz3-;p4SPc
z3yxgbjO1!mYAr5zXWuQ`LCs6ky|8*vORpr;mEEcZBa%uT&hF`)S9#Bo_Hd*0+>&*g
z_};zwM5o5b`>gs3QMBf47o#9sFx;q9X6t^X^i*2cMIgQ@yvAlUu`>k%)^yhHROZH&
zFmzd~3rPXl(44KckTs`{fRqV>NZ&x(Gi;yNpD(wjn*q!};BEt^gxmZB^oQ@0=7f==
zYH6zdlv?-&T}ZzxSpMW>1m0J0j1t{dp0!#2N+BU3K1NXuJuW=IIDtpypyzfeN22%%
z-496y+$S^T%pwvb68{n2li*XCKNA_`ju0QaKj+Y-Ee<W*j#;=$NH&CxV!d!bzY)Q}
zrB15qNm^H`unI2A3;Z9HzRyN7OSF@LBMZwf1$)C^=zU=$qm-!Yn05`I*yTTYWr2#G
z$QNF_XJ($tZ=r*y+ZE`zM2!wZ$NDj>fY+?pp+vQAE6TxT{ot_JzM+VYV%v89tgm-s
z{LR+g-9cZPrxOpAzMDHs9~HjZ&e}gnD|CeH@JTXsv8?UwP2|e|3sq9(vLjEao-!gv
z)Tq^4cHc2xKn6|E#tmTyJsCO~$2&-ANj%`d^u?CPloeI&5C~uw{QV4_7l(irjfDlk
zpz3?+)AZig{^cHOy!Ui$NREX+LsLi7!@elEa;B=k%Wsx#3GF{xSo2>HZ&Jn9B&{x9
z2Qkv1S6_^#G1qrColt($J|Ajm?i^(;AV><heH>i*gPF(JW{AJ~v10pm0*}1kNAGvc
z+7Kq|-G!-|S8W3wi=BCX#{mtERw7O`b#C%>(o|w^?Xt~%NoWNkVPj2r-6*qy5Vvje
zrxd0l(IX81g2l`85aZy#))aGfTYO<sdh=&rk(KoBWNh9^e>+_`(Hr^Lb=NQ?p=zXW
zGTgew*5OKjOjlE`l%e;h4t2ol&O4Lae1k+GVZiV255+V+3-~`_R3nP6{GWZkUTfmw
z`x&9nP36b>;)(tqEX{^t6%M9Od0ZZlzR`_)ONL{A7<+`eR-yN__1Q>2{}=hSoh0ix
ze%cJ67J^JceAkYlvnBH>h%Up21pc#B;HuZ`k4d5iqQXvcE$b!SzMJ!qL5XsYWqh}X
ztDg&bPDsg1!>79w#KJhF$Xp+&D;u8=S2I}B3FnY`Bn}mJ&2?i147oE&?wR(eIvpPS
zI#hN}>vt8A-RIdmP(88l(fnECZ1Z3Uu+gTS-r6Yxna71-_+Ke6F-nWZ>(F!y6N)~L
z{}T&*WBNSl`%*rWk3}H00MAC?c7H=a)s*<yWR0gDh%E4e$citbuACP`dLS+8lI-c@
z?~Y!|ZYnQo6V<51XYKo8$F&q_m-!qbi6!SDO~A0HK)auaVj&7znSET%D7`T`N*IGM
zEt?Rp0T;{H`45<nLeJ3N34MrI^;(Pl=gKN~d}CG1!{~P0r6x^_*i$GqXsj%>!r$}u
znlEEZm}3!9cAHB8>fB!(wtxWBAz(>Jc;ym0fQ@SI0F#NO!QguLpF&G%qcO1->!o|r
z=Mr`Dm^s1+ZH09K!wx7-LOUXiSud%In$O+Yd%7i^U~+O2Z%DTRW1<p7=&Y-g-2dFE
zo9m<BDks?6KU9issjKj@kOnBV3Z_4=DtY@SrYTl3s|6Y2w?Vfrft_0hVGTXJ=3meJ
zM?p2nvcN6&L#;1YzyvG&Li5pI&~Znr6C8)LH8#UszzgT4n|!MxL{;I5IO}W!EK3(8
zA<c{wQhNXtz0Kt10zSU2i`USpkWChRxObL{kgT2z;o~HV9^j)ABNjS}9YdKO{9x$y
zdXJ%!mbB}(!<Ol8q8|2x+PN2h@uRqY4dErSx~SAP1r_A=$Ep{iPmt3h2bdc7Y`^<E
zf#!GyXYGJZ9_3il;ddENg_wAaY)D>*9T+c)gl$@AKebjYfMyRn$}SaTig3PI#16BK
z_@iwg5j@MR6arp;K;ktu8k9(47w7VdTMoo7NxQ*Tw2{O_mvs$;ALlTCW`lW3m40vu
za=n2BUGNbi>_L)ugh&dA1TDzWe_P7?daMxqS9W$N0d-RHS$q0~^{>->Dfy@~RsKlQ
zAw#AW>c^4N3lgJdI~Ybzf<+0Y#wAi03R9BV>rCOI5j`>X=z(ikr^w|XQX!TgPhxEC
zSBp|cdPj)S({!YekWhhu6@sfSCP_9W!S#~j*5k%-wG}c*37=v$OBbWSQqCq0cOU%(
z51%Z~ASSR7x+It4YyHQY7<c({>|-Y!x<%q%WdQqnmB^uPta&<3w&$YS=1Ya~eW~$r
zCE^_&CBji{r3KMgrQpuXaf}}RS0CQAicWuj2n4){#aCvNUkeia(<<=hd%gRt`XOel
zM2RyXQ^uVuKnia|$RLv7&u?wjck+7}0$ApS9-Kdm$5A~d!gzBW$@6*6H73>Z&b4Zd
zN&i%a%-Vlo;L~W9sl->&knm>9sbF2*{L$_K8)7B$t2-y#`}#FkNA|bb?5q<>cttw}
zi&;WJt7<MLulMqvb4`a))8~Ot4v2@88E>%ZO%Z`(-)NX~C}aC89{KCXQpys(tsN7%
z`TAn6Ty1Q8TfyBgT3uGd$R`lmAUqhF-Ls1{B9r7>d8$flYARy2_+5znaq?RD>XQo?
zq5qp<%M|m&GyIo_IQSZl`PF^1y$YxH=Fik-`pA0~r+OvL0&Uw6nK0i_(Io!8g@iv`
zT_grqBny9L>X)1_2^t6qqBn8<bNDFIsD>3n%1MKIo~~QJ$~1(i;5<&;{zdT^Yyp>9
zhSPkp%X4<i56sb0tAWQE{J|o9UuC%aUm4bi9!>V=k>Lqn`&e#HP*vqaM$^F$szJ*A
zn9f^^C+fcvN)D*K1zPYtG6jsXv`-{DTkz0QtXK@4C~*xAtg3+{0Rmik$^2X;fuCYK
z*o^`=xxAan?OPSyQ9xB1-6QCwn;AK@@)4-t1Te5LvD#m|ol;#c0SSetOG}NrH+ct6
zDCpr&k{r5Q%M`zuzyM(&mapj+xw5wQwl>xZ4Q2a=eACCHR>Ut7E&+>qU=tnb1?{=z
zR<fJa;Of%QD~npezPsg4*K`&BKlmp`@QS(+_pFMabFt09zKtCfW8SEQK=!64!WtLS
zjd=+eq&(I27m@;(^<%*A+?(j9?tXzO^J@_7gR$vwrvTaqc;3xiT=!KWr1xeWY>lqS
zz0A*YBohpG>K-3n4F-+*@L(M~QH~By=C~#=A{s_!BLGdDYJB*P1c3aU;6@DN&*SDQ
zV`4PG*NEqbCy_VcS&Vx`+pTv9|9=-@aF+F+JEY%UL!`sd4lkN$M?VDqS&b|%aZB>m
z?f+l=Ggtw|KdYQF@qg!}1_}1bO7@nZRT#S|*>Csabot--D}E}rscLpFB>prB$k=dk
z6<exn7p<qGN&rV?N6%4D%wM9r5l0Q;{9*+1x2A`-9cek#ssQpO$Y#-7=O@TN9mOGF
zlW7zZ7Xyn!@rKP{rj3vL0OdZ$I;vQ4^xc$+jk`8MNpU;1i~q)JT2BTv{~#Wzyu&X+
z1s2EP=Wl)!z(VbRfzUI8H1PpT2&$jlXg!0J$$myG^J}&{N1eAS-ScE@snStO-MUpf
z4PLfBhNm+@#N>L-YkDr*=Qe<g)yMAL{{BzEqfTr%pnCvX)!_D(@R#K;Aa(_p_PC1h
zn??_P-)ecQL5R-~sorH`g0<yaivEd`CM2HG-XBYu&E|$!O@vl=#Uc%<c#@dIwjIqg
zZuXCU#otQ03<-6&5*GQ6YmhBy)MgNbMR`5Hx(d#UL1s}lIqwaXd*(<wk>V797g#mv
z-E$@Xn)gtMmRXtQE0wO@E)zMnw?*(9p-piWC!h%o%I(=~hj!2;ph5p&PiVLT`uVK|
z98^pmvz?*;R0!dS^`M3+_ii;MW|xRf5YzWD;1_h(g#rdp?o~eX6DZ+v@P8JOlr4aj
z3|1ud$Co!ETln1WgRE2B*{6KP;yaa3#~Ne6;tsfS?gl7y0?5C~8G-9+QhCnB5@#-M
zVPK2KWO`o4p=a_dX+MY)eUs^bURHNI^wqpc2|)l`P+cS7SR$<P2Eg{gSNm}eclLlz
z4vOgCH@8|W8!%{t#eVK#z7Cr_Vzw>-hqktdAfcs8@PEhZ7Ua=N9&N&Drhd12zvK09
z{H|*$|BA}j%_)-`CJhTp0g}|@qT!np`en_tr2h}{X;-Kl7C3!v*EVcYHfgb4hTmj{
zhYXgy2TX1;ThjsZ4>w{^tORYo`jrmZjQ^+0boB{4>qDKqvxVf=pAH@)2?RX4Ruve2
z;<-jZvQhBh(tf%D62-#$1dQ^*HbKM&z(DRB=<~k8El`T|!(O0ayT8xJFRm^9hpn%g
zE3Yjz{YNq!LkvNI21RHk+hPZN?L2V)B({5f1)b?P6_>Z(E>FDkkxjQrZ=HLa4Y<xe
zRJU8qCbo0$01g|lizmRqqe(!~1r*R)y}kgYb>2quf1fDF<u*5Kj?v6%#hSd5OTPRu
zZrxj*8_AG7SNZ#!krr%18tS7h+J_iV#tAvx*tWGC0)z#R?x2&!0(kR{lUXv_c-=2U
zx~=nz)1EFqCj}}gg#+CruP+*jQb%=K)fAtKPd36>T?q9@$##U-*MO~iSNe0k#%K+>
zY|S=U(Vp@L4GEpK0(rID4vF3*G?<u*wP}TPg>#x!HtFGEzo`>(4D*#&e~|=DK=1mr
zAh-wK`w%0RWz*1p{ZI&sg%CgxKk)wN;F=WlJXmXzuR-Ntr`vzIpvgkn>Jx`YL+Y5Z
zc<JgjCfcqQJ?p<NZ_!#r6P8@+11ee9B~$^Xc<RtDp%k%npHvqMFFLUU>vFir+Ji`S
z5q-o0$5tJh@3S+Szr+I*cKQP8Cy5_o9}_;mA2pSsoA`3{M2HlWKoI>GzX-RfR=cE_
zQs&2}Q-e`^9Zgw=OVyoYyqVyTJ_ua!Cu9ny?liB>qAPgt8QhL$bicnLr`n}7{5$5y
zKK|Kig(1_XKj>DiY$<x-{|hZf9Nr6?{)s`7_d`uJ`0a?c_kq=kBBl*lk+2#qdYx)O
zVOF+BO_l`xBg#z(DZGk>mg1uJcog#4dzqjq#U{vM5d*~-qCV}3u1@7WbmhC+>PY~E
z1fi~F=aT9=Aj=;&o+@2NH!wp(_1nW;=6vZ%>lNxt)Am*s(@HN<$~Zor4D5sH*DV!$
z25BO+q#;!8@=p|x2bUOYV-0nAO86QN|6{qd$uNIm8?r=m%7Hcw7vC6Opr;7$kt~mC
zmkFuiAdp)GD}W8dTL0gcVW_8r0pYk!XJ~BV7i_60<PYY3Fl<p5pWMcOwFQDfMCv5&
zSLR8@2t*xU(TyZUkvl7Ky<Frp$aDIydnw}xY9qdz#6I6tE;3U=Vwm9!QUXm&*0oE-
zycwML7w=`Qf})?qCC5=G&?BMM_)ZP#m1%094?V`M$VhG(;{OuK%HJD5qa(B_YYiai
zbA(xs7hGpo)pQ-W(^r?NC+ZHzF&>OT5ysuJ{QA%h`GVq*ZjbqAI~Wlh_h>0;4E9=@
z_2Z#-R12#{Z2=4XrNlu$!i3za!@rE0`x$w}y3Z52oxHhwG}Ic)-l_P=>iS$*gVb?|
z=x<>0S1Yb}$MMVBC2%eno7h;Q*?${<-PH$8Uyh-9{i7#TD72A5fG!DbSV$9wbn%s;
z5|VRX#i>T;#g5cj^VKp<+X5?Lxaxf|a$y#(LH>G#;%1_ZVWODtEizJ-sw0}rCC~Ai
zV|OnThj!PHgO=ur7!rH)uI~j<u1FPMVW3Iro|-3e(Tvz0X4gcR9B6j67a>$gI>THL
zK|~_KgZrLj{Jl&_glT1R2xpJ$5hW^CR3kz$EM^!C=cnB#O^71O1W8A=LlE?8Tlt-3
zLrhd9R7Ce3Xpz()44ti_?E>WiJiM`UF>%hs4Ey7=z!U0bAp%<{9X$*OCOxdR2ZtBs
zO=>NrRs>=Pej~fgqdNj2$GdE@@8iFiB2$SGi1+Mwu|3ekeSTiLgJq?9#TAai$q{sw
z7Edq;!x1qp5(p`vp}^4jm%z%Q1BE7Br6jozDC6(Zp8`?0QmM0H{b?73xflAwntK}C
z^dVcAp|1ja&>p)GqPX`x=-5+nj04-_l0}a4O59=QyX;ht?WJ)j>MSUUD9JabD1?$>
zW~LCIfWCoN#9F+G9hg~DR1`!S^z;y!2ubn)c9e9#K)k14jEh`;B4yDN3R~pi-xW06
z?RITNDm|0e(cJ_jDO^lxJJU3NcCsV3v#9-yc~p$xCkrF*F>ZHv>5)(QCK0SqXTB^y
zT%Tw=%MqfqAPFh3ZXfcV%BN9hLD*uHfhH^WdU3?_!mObp8D1lOg;nx>LZCM4bLHD5
z$Ah!Oky%~C3blp)kFP#{0wH~W6iJ5!C3rQwDzD{lYnR|g6o-Csc#dkM(Ek+Z<QR<|
z4`EgLHe^cR=F%cftYLl!Eg!%Lw~SPv=5i(@AgkAq9!0O1cyHgP!Na&Y_Ita1?&7Db
zGy#7q@-9|1N8t#apUD5OO4k;GU|2eOY!TM?N7uWjel|8A;n6i~+)SF|`w9q#h`HFR
z1&_0;((lARZQZDM)m6vGDVW*XgU=d5k0#=obx2<#x~)CIgc;-KU`ol+o~s$eMgLFu
zfQAY-i?xobflozYnExxk+(e1?jjcN2B)0E%$>u&r08%NNwd$_(0;gP|-WRi|qZ}Wo
z^-5o;_BZ2<<M&rnckZYX^)!1ag^HRA_A%B{5gJh@Di?@;`@x44lm82;KvutJ=>tS<
z>znc8CNNOa#Yh6?6e?cgzF@9PmG?qYFh>hZYDsS`!+9XD9!ObH{Mteuxnxm9$#2Nx
zC}$^lE=X2XoFfp(^W+TtfhYkB1VaY+95WEci;2{_0S*E2I1B(q5k(Az$}V~gd?HDo
zq6N7_c|G1oQy2&Q1M$%@814^EWy_&1BpKXn#kSy1(d>OI_?jS)mo+)(!(Q<yURbl-
z%4wIr!sm4D@)xuv5R$9c3JCcs4)-4AZTL10edCs?Fq(|yU?twA*ST5$=A~`|y5Rk&
z@rfBqS0Qm4>Z#@JfnK_w#PruLcMfovlhw`EtPIvITDm5z&6K!QvNCg%JD!q>?W*+e
zeDqOD|K^*HjnjYf{$X|c&t5rHO?FFJVkpD)$#f2@dvR;9T9UZb*Tcu*qtKOyE7krV
zX4D+)t(pY7_WfTW{`Y7!?B0KDrL5`y(c*gIIrt9*Vuk<&3`LMaj*=rQm{PLHX{6wO
zj=gzesY0J4!jKQpXDO0{V42VMX8Z2e`08q^e(GK)$z82>m_5Hd1{Wkm&j3(wKu(k2
z3$7t$=d$#+E78TXnM%yGEia0S*FzlA8RF{J$+(^Bq|CP|)%-sqzK<D=BSFKH*q^Nw
z0=)M9-=UrVe>@s?{(oC355oV6|1PDPw~A`)2O}O?L?lF^>$ylN6x-b}lE&1`;qbE9
zr1Lyn#q%&7W42C%1^oPL2=5>c<SnE`F#ns94vuj+!Qt@40%rVD3Tj0k$4<PIlxqIJ
zp5C978vZ}t8}8Zf|MvIyI{v?nvcCWK8k+bD+_!Pw;}UjU$A8OSEN$EQwboO0gPyUE
zL*}SMOX=$+&51;<JpQeZHujmM%JgZyJFPzl6&lzE=<4PUQ>*=W)gct~r>au7!*mYQ
z%7)*eLFX^g@1S=<e59+?tw%|Sx1>s_AtgN}f7dUz-SSJ97JSpCk^G11dVf_lpzi!P
z8Wr+C4ZHX++bJ75|GE7@Jc^)V(<Sj%%tj7fVFmA%RZeqw3J9%pX)zRuH4c8QG?kTf
zm0S<?V_B`MjuC$^r4j#MXeISw`2V<=|8+Dx9CrMF8)ZxPKdYUFY{{YN5QnpYM<^m}
z;E~0yEl)I%wr9_lD5i}KcZHW#@@A)azN&d)SK4=wd+OJkbLZt<!#<y;09;{kYfHrB
zK)dpD?38M*iV$RKNcDHWnTCTxKO%`&X<wf|&5J!8azyW7u*xn-+7^PwDBp3jn^o6F
ze4n5IhqH8TjGvm=)Hg;ZYB-;Y2o*lGM(bOtQDyQ!#=AG+42PcwJX*u_D@%?1-{0G_
z@;{Ca_xHN|FIy>s?tC=GVP-6f@j$J-N5ZM}vr`r+@I?}>dbO(E+g=Y}kN)}0Z9$9i
zU`k2IQRpW&Egan)+CGFic>j5P{NKkJQ1fNFgm5EId>|km4CaLKe=2@J2nV|`ivFn?
znvXuK{~gTvB2d37_tcvO{CqPZ{_=+5KM)xG^v`Ds3*xCni@SQ5+Q#~MdBYIDnIq^U
z3VtSxgBMxH&PxAp{}X~i|NIiXplCrjx`Dn=bw5BlFrR+>bd~-IeLrb>;(3U%{wWDL
zB|-lr2*~~a&)&Otw{au;qW|ktU^@F;OSvRP$$HqD$($`qilY--){*4o%*x7<!ETVm
zsM+WMXh}@s``Pb86@W%R_|U_OlQH+&8H>cDPyh;rLe;OjZy{5rBGK!kiw-$`cW(as
z{-Q&^JK8_&ki(-lM;AvO^6vEF_}$5Q^!KG3ekb{eXXNW;YP_Yl-Te_G8@rn?`u+Yg
zRgS=Gr~4iJs378)WxAWPY^2AXk<8<+(o`1;|2@HgoaM=P4MTiH=ZdksOH+Q$I)!4g
z3n=EDn8st)jj>+Gk)WqJEB}x*Q$r@ZEQ>|Lvr*@^OXHa3y1PUX$y6>f#kxvMMkn}N
zK)@|zmhRrL0glqf+Loi_L$dl`5V5E9rA><ZjhoE1U@_vsrwf^p&Hh%|z{g-+t;53d
zU-(7c3bHz&ioKU9`S_9Myw*|Rw%wA%HK-h|M{9LgT*+=E*Npt%-+m*jTJp(xF&y$+
zQ+9Ssrj^z8-q&mYMgD7p3?!phe{Yb~a9eiUZ>)8Gd5!l3veDc4drO&|Ds|~NJ+_NS
zWNk&qJYh?0ohE^NNEWfHeE^0yVn(sIzP_=!+w1rGy^XyW{g?d~E;Rhv7q_y$keMIL
zb#w38SH<9R$WzVarO0Ad;codGdG-&}02xa*{3cqD*8lme`qhHvYAXDFWzJBRUH5<5
zMgJ8^L@`Ji`LJFda~}v-B~CH`7gQ=~IlTmQJn~<K<nW($64Vd>{r9$I@fCSvL-oya
z8?Yw7*D+}R*BWCfY@y3kjEEQxt0N4g{DBp>7t@>(&2II2p3?d*^CGZMo{6hxbvgKP
z<%>!3E}uF2zx6AXB7L9($fEb3?d=Bs^Un4c|Bom6gwMWBqtFcVUBP=w(=4H>$k<(g
z{_F1%1$S>mu7n)WICwX*D9pGL&qP{vFoD9f&|@L_uONYXS1-WHV4mwq!RL7K75vk=
z@GbU*kVVSW-b$CyoWGW$$elMf(>Fq1@oZ!VxKcwd@I}BS5;0e<nH<<3M@+;2n!6VK
z<A&;Z-0UZcnhkrGJyh1A>27IN^4{WLb+Uho#QrN63I4;*{5|QSIcK+;WoFvdOcun2
z(qiJigj+3#S-W4S9tyD8Q}lJTRGXjwNwl2&AMngvdp=S8&&F=!{eSaI{Lj;T{%rF9
z6|Tg;_%R?-cE*OLxRXh9M!7;r^O$T7RuzMPvslCN(&~S)gx5vEAMA4R`HRH=sLwq4
z|0u~{7R&$sPCftc#_r}9{r_n`Pb2>ym|~^iU3igr#Auzz74V*F|8COihFg1C2_Rp*
zIDKmIIA{Mq4*36K{QsTp-Oc*`-|m0O|MVoEC)@vxlmKmc1LiAhpXc76A2I=iFN~L%
zS*i^Ue9o}$?HII7%7KDEG~d7?mHUpF2A($2fEoTL%QE0jxW`B|&`{kTIm<x7A3Mds
zB7l9nJ(k}{%WtN|1AQ`FeIr%xg{UtkT$3J&th9~H#z69x!;)JHe$p`G(Xc05?~&vo
zz>`L%H&G`Wtp3B22RK9x=MhuB|KAayKlG}Z3Dds>NPnZ98BqN-1bm+YLF+ttm#e|a
zzv#c%SY~^93ffSDYZ$@vMSm5Nx9v@M7F4<!$?H0Jne|_^&zaSqnj@TzYCo^>MXfHw
zw^mf+R!rjs?CURJUpty{xBZ?5r&!Q;9oHBN!6DU4)~)k&uU1DD1FTWrm>S*cN#0Gk
zoY9k><ab|#vv7y+b*?=OaCi~Da}tWoNhk84b>J9p2!EguvrRlyhE<xGA;Kzx#0}x-
zhoh5=^UL$2vmcJmE>GW`T?9<JHr?!z=tci!KU$y{E`yQiI{o&|yC2Ul_fL;6_YV)x
zS~?6p!S}Ydo=1%)F5aA9Uc9?JJ9@MKugjy8{a0^}4qF<krZfsGV@*5mll`|x&Du*u
zC&L#fHB8H9HwXKd2S;ZYm){=0IXZ84R0kI~sw<OP)sk;j5iDDJd2@Vpa#8klhmKlc
zPiMCO{n5Yf*?foz+2+A@zxDB=KPPF`Tp8kaP1~_MUqCFGD{OX`m2<dluRQue{j&cc
zf~$vn8^!lK{_jun43(^wkf@=O)f!!}H14TcJeq3paA8|2B_VL~3}s=)1`bNkNOACh
zjraNM8jjpQK-HLMyn9+a|AK!3^Pg{&nYjz@hkRV{KN!XzX8aGp@Nb3duYl2SRTBTq
zdL*0kYj`#55;n>8^pMLv^4rH+z3ScSzS4LpSv>OyZay;15|i_)0`j-%4(08f$*E~&
zf6eRzW^vyk^+0XPzT_RKg6y~6P-cZ`{70l6n8%TY$HB7Vxy@*^1U~-#I%`qd?%UUA
z=lwM2{hwze$&`Ai_s?SdkL{hUdi?M1&KLjBC;2?B|7ZD&TU>QqU>9Q50t*}jV0CN2
zAPxWc5)|YZJ9=c-f+v0QpCg(a8}IV)-vWlviU<-kKL`9{X=jRMJuwy!U}-#u86&t~
zH!a>0GZk0YYg~OPwO=oKXPr^ILCxH*wObB4ZSiQCTW$V|u`w#)b#``hW1-4Ra+jDt
zLuhAWZDge?VpNHmdW+h{Z@-nop*1l%*1Z4}(NoEW{I>F=J;duuk9|jO>O!;J3Vdfm
zHdOAQ9zKtL&L=;9=A8eJ1OC56{Kr<m5&yB(|Kk7qB%eR({C{YUfc7THV<rgr;&b?y
zO$t!(&s82j^=FR!e;n}tCFK9^Mg#w8cl!(e)02Fj*#G;kX#(yogJ<1n+@cPJ@t^EU
z(>jC)-)a7kBV`ume=y3s0{#OH!3%kd!=ig-cdt4Dc7EW1_uI07_%&kN_Q5Pb`}tt_
zb1Od5)nc*ye<1k#GV$MAHT;jw{`1W*_`gr`d0PE{cKr9Jz=(f@XyvxUq|NpGPi7xm
zFoXvmCSR26Kg*{f|5eT<TL<vM$3lQwB>y)z>iHl0n;T!^KcD3DTND4C7JAGw%@NbB
zHz{;M(;lpghCrWJmS;-SG`&|HSbsG!H4iGJ``B1f!Lf30db5h@z9N9<wfTs4B5SMv
zikvxEK)a=h+0#S|Leo^-5a<{YOU;+R6iiNyW=-}_k1g_U1s{q0M52iNTmeQh-{m4v
zQ6~cYC-=YW08NRd5i!Y>95HRa`f^bG!JlR2|3eU<7RmqZjk^B7vAwnPMgBj<=PxAx
zyWQ?5!HfEf90et&)NHh<#~tc2*j4vIrFsO?+Ec$Q({P#h<u7s1nJ@nz2LWn<{D0ox
z+-~5%ZhXoA{v@9#l>c?7t)&p40?qXCw(TD$h27v#JRwlj?`Sj!<=f$An{t;4m*g7~
zt;-_AZRx`OQZc$r*)>be&qrrx@6OyWHcJLg63LV@KO+P2`&uc;1^f+(Ui4pV_@6|4
z#q?!P^_YCKER%uubEpYWBu!X{WWuw{`?YPV&TCuCLg~u^xG1}}1D>tpFZO?WvD8te
zVj?D#XUo$AwGOdT8+-*EaV)t^Sjt95qLOdOPu@?+OviA@_SV<$(cQ<7>nN^qKSUkd
z?9cGO7N|W>ixJP1Ur8q-Vf$J$rG+HX)eCi*E2^U~%L&xDG)u06+wQK471r1<XTW!q
z*(f}0{P%47mS%LsB#9<$BII;&-;G9o6!Iz+G^q?^nK7s<o?l)S1C}y<dCeprS}rd?
z;Wdrois#>Bdq0HDwXz@>14esZBB+li5p&-#dFf>2H(_w0xpReExexgqe9$la?Dp{1
z=C<F%DZdVOg89q+A{kAl!6q?(MwZM!zb^CTbNA0&{V$<xA~JPfzd!exum5dqY;X4)
z`rq>}{(n#M`2+Po2l{7`0b#A3w>so~LM5>Jw6{znHq^20$?xGx<o$KhJ3rUmvBNpT
ze`Mbi@aCva`MoH`1N)wl5lbiWY@v2O<lv(%U($k{*FsG>HIKr<xih^i1m0LEeR_OY
zfl@HvonRbK<@+R44#&WntiI(^=^wcse}`3qTg@B{x<{}YJ&=*PNY3vC@b^$4gC|10
z;~Ccn4dlDh1<U*%tf8erqn6>YY5RB<l+=7MsXH}417eDhSWG6g9$(TW>jR#xt8wky
zZe07~_gW+ga6eDUYVTW~GSz#{G>IU2msQYiDA(PgkX@v6K-Jj7e0qG1t&+ed9$`5v
zZPLP@jqDe)s;4=7H@wGs2d1x)NNLHlQPeUc_uQa}8P*U;&4BAiU1DM1pJb5*9n4&2
zEkGNDP&rb2<fq7@$3~rs0R+EXFHKI-&$R~cDbMDh!py~mnJHYVAdWKz+YT4hT+uk}
z+P(@Qf9f2n6`g_i)9eT>OG|asQnY0ocF|C_REt<t&7^%uQ?;<eIXzudiM`?Zu&%`w
z%fjwzD4k{dZ~t|9^6v1c4lzd@n%TEfOqv07L(bB~zEidShIC;rDhMw;K7E|k+zNO#
z1M+Giw$aRm+#FR<Y$o*C3?wm+C1xtte*vfBt<CL?$`3=z(?YU~v1Dp2(qxZpR(^++
zSu{OlDV?6PSY(OXBOBY5GC7kRR2lqrr(gNiX1Mh~Kd&%z7E;=x5rU~|xgoX=VeSaF
zAFkUy6(-g46g>b!X&K69Vj<m=+*ZJ)7TWHJM`$5UDo3&D??mV`v!pI4&-C|f8Y15q
z9`#Cyc9hAP&|S2bR>@<-A&d1MIT7dam?ec5?=^I%g~wAX_*1(Dq^-Ti(XvE)wK_{3
zMR0X9d$PKrmN}O&+T)N*SbfuX@&KGSmefdF(U@8hk%D}K75wnVk%CmuJ_re6w>igE
z8Hl@nqZlm`&a&9kZe8a71Sa*l_TNW}09oY!)$i}t{eO3MzP$fG$>&e#|25N(;4ZNu
zpN|jGALoqlClF6xKA-qAL;j;?(0v>Sum$qJzrEYY|F^sQ<^AtTK7S7XFR!S6k-3lj
znX&&pw;qoEutfgPt-Al`&h{7o&!_o3;r?F@!C057Xt8Ne++tjtEkk^nhpT=6QIcZD
z{>KaKBL#piy8rF&_Ure*t>>Fx_Wx6SKGXZ3^)k6z0MH*A0oqRSXAt+}LO=ty)B`_}
zcCZZ->RfDn94Hvi$Qirl?1t>09ycOEYa>CXwuOhn<B^1hR6QUR=h1w-WVEU!dRDmV
zS7az8X5@r_D5~w)fXd~=S=$3wACpK3lf6Hc4~n*3TK+#E0CbW3-)hEx?rwk4|DNRY
zSCapqLGb5idkQQQ{aJat_+!I27xD2+{N^Kl7Rdjnu>Wm6-+5lw|NCG3|DWdb=dk~I
zne?Z(|GCjw0T)JqT3yk_hTSFlYjy-@w5})lddS7~T=HwG**eX6&lLWI@sRCdtn23M
z)>zi#lW*U-A7XlW#io~l|9IzMJ;z?!yJFLe8iZuofjz!V`~FQIjv6^7-;kf~-KlN2
z=h`Ye|GDEk5^_W{d!9Z@Z<PjHyNtzTBC<<3M<2k`a(Je>lWHia>&^2SgMWGQNg`oI
z&Lq`BE*A`YNHsmzLNXGmU(#g)NX-`ms+e1crXJTUNX!eKHW`Zz#h2*n+_K!^KjvP|
zdW{wu;jRyk*;SPljRI;>2ydebA%z*YxwBv5rTvoT{PLQnJaLP*;Tr41FfOgv$R%8d
zFH^3}Hv1{Muh{<haqkhI?<+3Q<qTB+JvWv);p%Fc8M$Ip)fScxi^BZa`?nI=+{K{z
zkTYBe_z<>CzvX#%=Z#)gog3gyo-VriMZe5-{3W{iF+cP5|A!(!;%AZl=Xrmp{{G+J
z{G$Iq$>+~#|0!)fpP7ySPk%cp@ghaa$ZAQIibc+nHKGL>Faqg0v><t*#w2D^BMt^5
zcswbvf)j5%Sjvj+OE)a;Io0tv>Yx?7Ln3pme8G-<q|ajc{}ALy{49|Fn>$+#|KI0d
z@;^S!=ZWn<rP%)bZ1aD9>0KK6m$BWur-0dS0Dp4pehCQr87{bPE|UM?MfV8kql?-5
zCttr$q2SCv{~sp>*h2rWhX3d8_VX|J|4;Jy9NvFiQn06e{kb>tQ(OM6|3Cz&Ha0v0
z64Yam6e1Rd2ubt9oLkVJ8u`iYK@2<`KnFf6nG19s$sB=T@@n$2Fe6!6MhY!rk?xU;
zgVP2wRRH{Sr{L42<o^Q$Ko`mXe$)S}zxyTs*OPqytoFYr2>|`e-x$A`(Eigu3*^71
znhlHeVGywM<^RUUZZrSm)))Q%X+EC~{_DA2YV#0aKeLO#fA|I9X&_+zoIixr2ZF##
zmZv<XYL9H(5fau@Z*_>1w$(fzFLn;Zt8by?{o`<G?p!Vl^7;sPtcw&d=w?hMJC!14
zN}ZH)A@DSL2w(o{n5|X-jx<?KS#}=|RZ(BpNPjUPY)I!rJ6v*{O$1bT3Ac`f6>!?8
zgQoq|z_cx}v~8fYHAvbzAnigpT0=%F2yFm_*lj<{E9>x{c(ZP0%m$pjAKYx%ZbRzT
z&}JWX%~U%61j{CDf5ysb0n-DV*_Ck3R6*>zO;FYKz|s9t4ysm|&Q_4l1rVM6_QASu
zN(W14wX3dTZ<llX%*vP3swt1mM66u^2e>3s?F^J!yPfXA-^98|n}y*t_X?h3NVO@v
zkmg#US=h9#;Ehd*(L^K+dz}^Rutfhe!B<;>NoN7CdP{By5;z}pbur}XJiyi2aI3Sy
zR_BeV3AEZeq=g`>GayzUYT%!VI6Vh%dKTLB3<>ZETI1)025U+B#Bi_=A*~hqbtb;-
zQdqDJ`f6ybbA@j!a_UUoWf>vW2AZ1J0JcM^)kII7jh*@lL_IR=Af<eA;S7WLZq=5|
zq;VL8mp~eud)Zr&guK6>vJ#S8HX8!>o-vyID7j|uvX}+xUyFJm*)IiCRRnp3jo(+9
z3h7h)*YJvp-yWnCuc(jGL(t{}?D`G+uMO{c6yPuWnQ#By+}YTy=l|N?+}!$N|9y(j
zZ@;a7P28N5gyoXORI`ML90f9!jATNS0pr<-6pAI}>-CQxS5~0rJ6kHK$TM=i(c9Pt
zo3dmRab147gLS>tb%l`CgpWwXvRF=`t%yWdY-+BV5sAu6)4qC3^R@Q!UIARX24*ub
zTXE?sJkv}LY1~@F?mtlU!g{^m>{vRU#!lIH$G7>B+%U;nxVQye98*OGjAadW_Q<zF
zl7wl>Q$_NWQN@U4Lxh|$YM$C#Ur$7=0z7k;twZH?jGZ*|w_fBUNfWmI)tIG|uATd+
zCQ2&PhAgsZGv<FMOpjTiA~SwCOIjFZ&TMfGxAT(Ct!)^kb1|o(YOk#5k1@lw#*Yw9
z_9tSrTZKt3c&5)G<wYA)>#Hv;|5*;nkfPa%NZ7Ga+_;`D9#*psxuLTK&*wO7ZzDJ>
zGIMRSQe}iKE@nZ!elMs!gBhRkvevPY5EF=}ZIu<ZWv%0+XG_l*Z2xl^=%TZ6tL<#u
zuAGgI7rMwYmezP-zr4?sZ$E?++xI^*+!jE$?+H`pu%<b;iOET%QzP4AYW~AoW&d58
zxME9)l%S=aZ>OhI)r)D*5CNQ=Tk48U?{}j7G4tTqfyd<cFVxXB%k+0NOT;ykjf14M
z(4S}3RY!Y}<#;5%&lAYY-Zt7sp+CWBSE@SvxEKslW{nsXnG!mAV5wfg+u?c3pOvOr
zLQ|1>8^Kz|b)uz~WGS82jmMtR-ywbPkKqo^B~x?jf1_pL?(*$7+@(gh%)r{|Fgx9D
z`pS@IkH6YDND3yk`T?vebNInCQr1Ijn*H(2P~rfBF5a9IM~P=)F2yxZ%oXiU#0-T*
z`?;wZr<`Rv4CqycCOu|kK;tXJ?p!3x%*EmbF`Ih})(x^^*3wye(bP7L^)Mh4k#Q{m
z!{y-YP}Q!hWHnr5E!U2gpKQx-vEgzLRhn`rHuKtSE3;JNEV~x1m!z2mmTI;#w{u#b
zRc=-%_2seJJD@oo@RVzAPV&=Z>p`Y^-%(|5|8B~9v5-utUMwc-*BjAV!^<IDZL=u>
zpdmB+N4H$*x=V~*jn>te*h=MsoJ9_-rye<-aTtua9v1^BTT<rHjat7Oq++l>p*&k>
zw{()HtgTcxmdSc6O_z4q_D2N<KeNacyE~V{4cD;0&)k8t<o1juWQ5n8pJ<^)d780b
zW|lD{5((;=c%zWf!b8p1Hnl7Y(6LellV@x=OIR6EZOV^WMzGg!f=<gtqsLT}LNN)p
zb3Wuv$u_tDMWSvNqa{mdtb1k=_Qs4ROsXEj7cWsTVcE2%M7_(>DKUqaXgLFBbk$k9
zub5_Jz&wkRX!bZ)1CLI2tC`Gb`lFCnsh~-75rry#q1gWE@i`o|Ypo@!mw=h8Zb6m1
zEy4wjEwv_X$n9IE#*eZv??KaDj$~X7-GaNW<2&oLD}=0OtmSvB&RG8!O-Cex*AE@7
z&8#z&BGWS}Rpw2y5xYHOc}ioppQa@G@7~w{6)i_aWM4H;B^&Zv5?z}w6q{T#c_1b^
zm5fCH==Was`q46q^}N0i%H`QVzqy9?o;By@?jvgB(I*>HOJ|G6)FLkeQNgp3WJ(=~
zOiPibfy(bnjHqTebh>|f+`8$Fe0fDvn#D}^(p|@PbG^J4)7nBAQ}sQYy1FDvcTdq2
z9{4HO<bW*_9<-KK$4I&v&1<9)faYUA6!XiGp@O{GC2s^xh$ECV)oIrcGSp}UT99Yv
zkbf2}a^+rd^vve55!xX$n<XnTmC>7k+0ojas-B31oeHU=wY7%6xil5-V7ZWVIOMT)
zp>uL}X^Lhv^G3upjn>whavV$s#7($uMwv4g2KOxF%QG|W&)jgIk&MCX2x;%sO|%^X
zRt7?z^_JR8bGFGMK8IEA!q~<27IE^mZvoh&J|TZXwZ!a2gg$OanS05hT0qMx_|n?f
zHec_m7%<q{R-8{*rq=+?65s6XB@c{2t91d@R@v|sOV?!jKfl@NZEQtk)w^fl-;NS%
z+k*0%!~Jf$w$?IBcA>A&5Nn3qqmq|Smdzcpm22!aPkGFBTFxx^1me7g(r&p`zf9!R
zEDf(#ca|08{Pg(jh=dP64cXn^65P=48s~LqJBr;=?)F)?pLo>~iXFL^$`r(4!zuv=
z*=ETK3j;x5*RU&laCQhju?-gTp(E23CD<-k-mbQ~1f{^7wGQFBIR{NzzJZl>7hbx&
zG7#<(GO~Hez>t_Is$It}#<f<sB0Pf*_RMVx{W=Jn<a#>8hTgWRcWRq@XThcpnybf|
zg!HeG=bLvKz@$*xx~7nckjz|GGSfyprjo|m+#4;nd?6Wm)<)Yiv+3dSO-RD1OgWlm
zG@Il?Qpt^IxZ*j{W3C9`+Y+kDR1}hkn~X?60dD0S$VAYb-%=fqN%VhLf1=%A``wp6
z|J1er_<HSsy6*ygy2_NhawHa+;z}EJAQd-El9(z+Xqt~{R!o>Q_bAUG5D3q@&pPlA
zsIN4&FJERnV1=gHjQW2Vf19TNmaDhj6?Unbqb*}()$I3rL7uFU{+(EDcTb_1cR#!~
zZ6d?UcFEtqA^im}Ho--@>o3x+ufekn6%~<)=XZGka_cX#pQZw3J@`#Vu}mya7L`my
zF-X~s<eGIQqsi4ZAerB@HuhVS%B#8LnI2ZSUSmigu&k8k8HvSYz%%OtQHh^xrRJOe
zp?c&(5T-O8q+E>&bx>sFEmPwTNx;Q6omyi<0dj?roJu-juw}HcUajy0`lS%d5~9aa
z6r*wLjA4t>B8IKazKG8`>guQ5WAU-&BwO}HZm|LGud{5A>=?<78zfOh4jyNZv~Hhh
z-8|Yr?z3<}FqX<>V6d#){AP)A*k}`adw@9^SYjJdYh-hKd-f49r{4C)M!;I+(uCf2
zV^_56vo62^S{h6?x8dB|-q>h80sKJGEHj{r9UoRk3OWP~cT^)A-|VmooL#Hw+!9-x
zFSlOq>~6l?UTX{{Ea`_pGjq%6k#n4Umf-oONS}0r*6IWMqy3q`eD3zK{{Ou(ODBAk
z3CSM6j|KQ&{q3zf{{QA~{|o-}lYG7+r&Jq>4|)x*0CF>C85tBj1&5NH##eO2RBz=g
za$(eTdmbpF#w<<AC=~;Q!Qk1bLnKS7=GP1YoPzIZmaKe5GB(1qVl{{N0A{Zke_QJj
z|9Y4sNhD{Iq&#E2mEPg`B_!@y`HCDs)*<r4!MRb^)Jku}^*a1_Tnz9ZIF6Ox;8(d0
z|8-xCN9*Q4?oV}{t(PqhXna-V1mfCPzV4};eC6xjfL^V9-P05EZz1_;<?H`%<ty?7
zm0T2x93LL3m0m8zzgetT%*jmGvA7ifUg=${SR`!yGnR^W|GzmtI665$`ZRqkj{m9e
z|BdaPFY!N5@*#^p`#FurjJ)A7%TztrQ{`jba>!<{-y#2tW(Ac~vf1x%&8#%mI^SDg
zzqz^TQRt>8<Y+y`uGBi@7P>e(dwWjyPY%h!yOYD?i{p1E=j7XWXXO3)QHPuzou0ir
ze1BlR?m(%-<MWHN<5%y^H_*UFj~p@xz6GBlmsTmVBZ`O`(=;U$M$y&HD1&GhiA9!R
zE%1{o6f@E-mm(=3+m}l@X38d9X~_o#$Tsj99rBDNWH2S?m>W!y4Szd)36C{KmL?)D
zCM?r+x`b>H7K?l;`Dm<(xXJK6&jvy`q;2TW#m~0XfY*Gk$VgK3_|xUg1_ZDXP05js
z%cv1iWM+UsJtH)RRvZ;sLTH-WW`rIyOCWcS1lDTbfuJ&P!Z$>B%xKKFMV6Q=DhT8N
zx<!f<&k1M;J47#AxSSU<7s@_?0ayKmyE%$%D-jGukyXBiRmBaH?$&RJ;2HkAW6r~v
z77FhFwiWydI3Ni+OTcr27!p;)V@p`a9H21#!4#>d(00g~8*WyUkYttfHJlzb=DBHU
z$cK7r&c4_*y}I51A8XK^Ihm31uAxGMYp0n5KtWQjMZQJ`EMr3+bDCCL59lnX{9mGo
z;6cv(OGazqtiweh;nzGVDENnk>%%s{Zkdd^0&RiG30L5shwBVC0ZdC{shvYuZe+IC
zq`uN}@R5@&!C%2sm0p=HCL%%qRMSbvV-3Y=0jwAlXckWSgqz;AAW97Njagn82TaVV
z-0^!48gik!P@v=XKUjcJVF9(EB>f#g%Qs1<*%ZH%Ocg2YkD(M3GGXzUW;~{DgJ?-J
zWlB=Fpx~R-{y8L+AbX&>PIZ7je7`cxSWI$mHk81$mN?82%a{c3^~!)l=@pCY+B#L5
zc5v@bSi&hhDF?&;QOK)?P`DBD3Md9SWL8?a1$gF$;Wq%X&JJrr6GrGY<tbzp!u=n}
zrH+xNW&xrD{$NU|mkUn1WkU0qdGTiPcfdSh#ERDDYyl2AYHbs%@X`y;lcpj%QDa3@
zazD>mmhf9LV5zuSE4gsU09M3kxrQMss;>akM>`Mf=xs~L14p>If+xf%#}Gas`L$X7
zQcO@*nXX{E%wD(|^LQKx1D1e`CrycD*Bqv@69No&2utZeNcWeJZkog0<OAk&$rQ^p
zaG#Q!u}EQ45TgQfXCA7~c~c%cIW??o{|>3M&vMVKW`~`01K$H<B%4s~_b1D#gq33W
z0>hXv$<nF0C|m*K20Vjxg3l**(tW6{IV3v48R?nYAj)uuiD5bG@EmW?_|_S(?*YGM
zgZ?}N?S^w_si(s<R+$r6!->^IJURyQ25Jd8llV@sDYTLLBBN>Q#I`C16RxfBaC!%<
zE}$I9vs(c=0y*ALE8Hx@aX0t02o)70m7#mH-Un<<(;*SV*~-gur#*@Mm|Rv!Jny|&
z7DEDfCsJfQ?m(I`n!-A|k)|G4G$%!7xlhb42${}GMj1Y7Rc;pGzv|3AioEO!`w&?`
z6PZw+n#w6xT6MxB%d0|asx+IZP=s@(3TBRw7|uvr0;k`cd@gj->RKVwJAoLftb%~s
zhHnX1aiQRphaM*&FRdE+BS^gRXkxdH3DvQ>^%#px<vcD#q0%XtP<drUpDeW_r*bjH
zN0|%0GIIosZC!~*SVbp76H3Cp+KZZ7xTatGVY?l;P~{03XyoIh)@c|W7Bi6KgK4Fo
zauX`{OTjXonr>qubAiXTQFw#xhk|IcM_wDX%5;0+hwn5ia&9wP+qK$ynF+R8D3uwF
z$0T47F(PCzMJ*2Wf`5sEP^01HOcykD%kM_WG`ZnM*T_WHg_&3U8vg9YV=71H;v}Xt
z)zj`!GS(qnN_H(`Bgh-4xxN3H4&7~wb&NU)E(i@tSBmqz7^FN-r)Ht%DV=u8Z*nH_
zs8#TdRV>1LTd3xHSq#c@qsNxx9Apbl(DPt|PN@;Pe}UOqWw$ZQwb@{R32s#+u86`5
z(HhBdtikL}=oRabF}-G><vD`j9xaA807kJi?b!eFNiL+uiScs4D#}(X1To`AW>|o8
z<a(ufo|@~X$kHit*~l(STAWfoQMPO_xWN<~3AyX#X2xQs6nZM~Y$$m)ayJ^r-Pspz
z{8hC^FoI9m3t;&`hG#vO^$Ko4c*C`)trk|vs}g6sxG_`V&bl5s9-8_0cOj*@Hf!2X
zisshtN=MZE3_{Lc+*iv3%j?!sDAfgqnPC9#E|d5-&j=+cy-@|%W~eC};UPe^C%)7P
zYEp5YfP*su30L;2UA7aKlQVV0a`Q0(O;wK>s$$iZ=u{?m8MQmbT{Ox)W{*6lRpIGi
zwy2psw^pcf3LC}^;^On%<qGbJ35tTP9yw#7WvB;TPauHNO18Qbibc+yZc~v*bF@5|
z5~DV<gcp+zt|Oz-a6K0OM6O<&@d%$G$vWj#2pCc>tqEf|%R`Z-;s(!mC%g7m{Jm-o
zM_MRNMuuKP9^N-3i+RqO5n7?@D`a3MYz&mb`B1+}{2h)_*XJPU6Ad?|DsApj+-9bY
zsWeMSiV4rmI>FncssMpe?U%G^(_Gz0zzl}%RC|tto+Z<iXC0?E2UmEw9c0tS;6ju)
z*I~IJI%bEJr(?&i?v4?Q2{U?ACr~C}iRyB@*|DJsqJ^HiNUdsaC_P;pKwKg~q0N~z
z!vtR#*l|*q2N$s#e0`u*rX_1eX!-fK7e6!A(aF1u<AbA!0LG)?x7l{K52JDi{e-(K
z5CJVarNLR4ub?S+^`wBDNim4tEjrf9R)@$Evfm0dkPJ8w7(!<mzJ~CCtsHLUD=apu
zNy?})*QwA-Z>yBM6?~x8o+Fbw8cSZ69IC7;HJ66Jhr+zF$ijVHH9!$QEai+jGDqbJ
z*lb_OPLs>j>3V^c%iaxIxHPQo6i^_pnZ(J`V=j}f8RXQ@O(x{TT$qhw!KmyJaI1p2
zqslV0TnXkIln1;@dm|rBgUhSYP^#qEy#*3$TCvUhV}mA%`8PU81}idX#gT3~w9HQE
zAomqdDoY3MQ#3Q3vMebkPHnBM7$;cp{^zE%F4KU)&WJ(N_RZwoi$D*MMScAtV`jZu
zw6dtYRe;*+eE;G1s*$Cf3e$)kM@X`eB;iJDt!TL|8hmNmYk4xlW`egOF>IlxQ*N6f
zTo$J@t|Fmz&Tl1X&vYGF^GX65uT_;(*lXRfn4l_c)=|YQ<8Lapn?Pkkw&Aj4Ujp#1
zT55r+N8V>CQwk<6jKVN21`j0OzA>$9k%2KQFk{U$U6q=?>9KCeK~--MTA%N7HM43K
zkQpo(Yywr+#JxUZ{S%>0CI5N@=gUCgrOa&G5nS)gF#@EiB4<*ugyBPw*#^Os*p5)U
zKm(~}<&|h887};(-63!zW4A00L_7#y&k)H*RN}i*{qAAk0(N@j!YLrChkhYWk4^+g
zPK_#e@FHXwZy(f9eR0nibi!1i(Wp)d$bo+fN$eWN!fw$ziaVv%$zD@!NCvJ6$*2<G
zvxrk#C@m&bPJtSpk%XyO@`0TSf9c>O-n7rU-Q?!Yo(3&P0CH-#M-I7ys}qx^)Q?me
zzD)fl@T3l=c!7nRx4B}KVgP0lE-$4OtW!>y-TSH}72F0HjmPyXYFL_URh`^5BH+a@
z+CL}9=Mj0ee|~)KnET`L#dq)CUyvX7&(8KwE{>1R$-A@gS^nL(WdGz}<on~3!wz8_
zUx06O8<*-Xryy67z)V{1Ah45CC#R<523Z9cBH0wNVn{BIFWww=$jQ5t?(xaDXU8Y6
zkKP`gTy)6WqqBqW_D?SMUmd?WzW5g`p>K~bPL9seePG|Vak_tYaeVOp&HfoVeSdcP
z?)(T(TYN1{S!(WTDi@jJ@allTPH-!%E*F~TQsj~w^&AE~Bn8+?Vf~d7H?WtYwNa^J
z0(TWBuDJrqu0+iJH5rAveP;!0Z1~XHyv*X-d(k6rJWEZbHyn{vraf|OPF}*U&Du3|
zU>lhrDHuETm<c%zOfBvuOADz(lR?HtDIc*cW@{b)+TE#`a=qne;d)<1MM05-rF;Mi
z9S}E?LMi`l;kwj>##+Jac>Df9=~+2Ggd_tuWhsY_twjK)mQLuXYQs0Rol8LJ8~~UE
zrIC$iF?eO$rv#(GpiP(4)HUiPw2z)4RN|YtImP{1t%_9FFS@|Z!poQfzu}pk%s{S&
z7K7EfZ{m(BGwf90f*lEw-0(EC9bOToMV`|U>wr#B7{YBr1N4GOhecK@H*g5Hc!I=Y
zGBJxc<Og=l)LIADA;g>23~{y%Z%n7jHHSyip>^L-%7z+w=LXw6?tqs)vLBl>!EnJz
zUeoh_c~A$N;>WR3-K*QR{#ZEoxy@;z@mL77f`X;9^4JbGS3=2<fjsFzI7zN)7Bd_~
zj%H9R{id+)*d*iH???Z7n>yNw7^Kz;1$xW65j#fnRW2gT>=%2#;;Qo8!+PX9abs>m
zc$M@F1AYb#m*WGEmMjfkL%hyypGClkYri&vv=pO2FK9aDD@rNROG{C(46IGq+?n_g
z<+IuFxZi;{L(iLp4Oy08jj>3R7SlPE6Ocqsx%ONvw{sz7`C4Wz$5bf>uJG1~+G*O2
z2UDwTlmmibwvwk_nZF5EW1u#AT5tg$ogA8TwapC<e&0VmJvuo&{y%$W3c*^C=jqhC
zFNCgp<~Jba#=j*ILN1o9(6Me5RcnG%s|8P)1ORz^o9mP}`5|X%q6o|4R45es14$vj
z0f~P57?qcll*aC~^8tVu>w>qw;3nN8tA`?c=KTeNJ?a|&+Zut}I$TrLSQKf3p(~aS
zdpih@?ci<J>=iZ5G`;l?p>U~30(#^}Mrf)8kqk>)JE@c6P!`vXQW!i4*Dg>qb9WfK
zr_})~T~^?Q)KQ`!ei1^9SVD5hB1Kj0<<mO93?aZ$asM7~Ip^M8y?LfIa!?tM`L&aj
z<zwP+)9G~jk?f-<16<y~OBjmT#gPPerRuWjgpQzO)fDi)mTP}EO}KlA3!sFP4p?T@
zcML1aQw}20uOzS91h;)L04o`-nCjdDrrIs@MXsjS|GB%_>qC`gH1k<HhxIjE39XYA
zemU~EsuY-|c|TC?b_zGJ?VPa+32t$Fh^3Tfqk@hY8HsBqv${v0wUU&2x@wNAxAGbL
zyMOsqKi2>M>}db+?NM)%e2PBi`u}fjZ0~H<^M7pix4z_mev;2uHvi?y%HMwSnVC0w
z8@s)JH<zrp@$;&KsN|DTPmSR;?{Tp{pvj1>+d5ra1?zMxHt+wb^fYDP3{$GR>X(8_
zwnqN;(|(@cr@yk=9lKmvv7jGZ5s|aZ`Biz>;Gs8+I0q+iJjkg;*BneRmW@_2rf=+P
zb;e@NubuOIDrhnQ+$FejF?|C!7Cblb5DsE$;hwt^{#xcJwf3%<ncGpXimJjCp_;s*
zQzpst^(}M!SbNTjmei|}mP$7kmmaNzi=v9$FmpRrwy|B?lx8tl1XiGqy=@N3L?ldB
zhhqwhSfqY9<hzTD(+(M(ogP51-_zk0?X9frlZ@SvH#{qD$rY0sONnOjI1{NDO-W24
z3V^*j{npG5bq~x%mUzPjvY@wetjqATWSY?lj|tC=T5bzMD}$+K;4sHCZ|e>ErkY%1
z0M|;0qyurvek^;Ah2;2Mr!s7tovY&(NzAb3iqQlnd5YFn$MH^mDz3S|vZi9h<DMV+
zn2*NkbcGFvJm$_WGfdenAAmLSZ$H_UFl1E2{rlR?Cc7y&jifg=60T58TH7SR%34Wp
z{|9hm55woUb%4=Rw!o!px|e68wUw2xz9OfRfj*?TW@=^SYw~?DF#Oa^?U4`v{Dy4w
zHaB|xZvVr|*W^2vPVn33z5WNN|C(vI0G(@UE>SBh7jo*CHa^>yEmof>cxKg%jcqdF
zSpoUTR(>aMdB(4b0VBVYbCwRfZ>^K#_b(Lro$OEOuOcHy-=CA;$!j4-DI>4HKO&}H
zEQQ(mWZ(R_^7~$QukrsYzmuQ-_LJ-4E-W5Xsnz;~D$S&0>%_LxQ`e)lvau!zJRnoB
z^$~JQA+y%6UZ}3k2G+HJBkOAfD6Ed$bMT=AU%gN;_m4_zIVBGzkKU-qXJxra9!lN_
zTI$BBD3Zsgv$B34%*kI1`N+$1W#yghpml}(Qt<eS*h1xH&Y|X1f^7CyRz7_Au<~DI
z%+d*wEEn*ci-dTrZ1ZD4oGb3Su%#>Vj&!@3%MJgH*@j(okcRG7_J^8DQtAh`C6;vH
zt{Ov>NS+Fd1!JYJeM-00#^z!!R?x4}zl#4<6ME!z0S_<cE`N7!uk}EXTK9?rkuW2M
z|IvaWUK#v9E8_P%mgXxf7h^^SOlfjM!F)Vo+Hf%^91K?Qx6*}~IYhisS1^}MIgfQc
zW-IPII!|eQ1zu7aOUrR7^L06}wI2D=Ouw}z1Ri~gQ1Cbeo{ds5U>!86f<BN=gwlkj
zH*~6q5)&q}Fl0yzpd5LF;1}j>_?}J4@8n{do73UYt~T?p(gySU%I{tC!T-Adsr(E6
zTKS#4d3Aic|F&lh0&iYn-o@X^K!}w5PCfv-+XwPHsg=+yO%-|bs%xr)IT-vt5V?hs
z<5PuBuvRHUxUKR!9zuDdHK|7=8}7|XB4U@0RXWzwL6_%rvi?=6oq{8$q28RJ7w^gM
zMolt<=$io?RB(^r*iEPS(1YrbsbU6l%_N}X5L#%_O_&BS6!Wuv4@N+&L@<>-)7FO$
z8XcSYbj|t59B7#LSdTD0?qhhX>i5X8tBcFSlroaV>M0r1|84(in(dI_kN+;q`0uZ8
zQ;66}NO~Jzju}n$IEW7F0atwf-rrp)-S6bXZ&5Ci{Y>+H`)joKTjVT6hj2GIkH;)2
zQl5>D0b#&?eFSgqTx8MSPrpSe9kA3T-8F3hM#3BOtulWanM(6K+OzrNqmLgukrp{9
z%iptUv<E<(c*>heH$yejE&BNL$B$+T9f1L#x^!gD0vsJYot0}>%L10}u@#_TU&M`#
zMScF%p#F)_XN)G(3(7N%dkxd>n--%?BrI5#P@|g(4M<AUsJYIrn77`UJCJrEf8GtV
zl+KyZ;Gs9QQV5b5_sEZ9bE!k%9ctGe2u|+&%03|MLl-)5z&~BHdR0tQCVN%3egGNd
z;lcKOIda3()L~_m6dOI&+)7yN!|$BaoerSn%yu`;kRrG2yi$Xyh_f<TO^aALLhl8m
zuD<%$yMvSC5CgPFPK0L81KS*65Cmy~_)=>^HFZ5wkzryCDTKiiZre0>ygj(^?Hi?_
zf-}1M0Tl&H<cBplCK*laC{jM41BwdI5(B~F2c|eVstyO+!_Y<c{R?%1X?`0`?b{;c
z>V<+uK#CkL3y_+e{~CZ&;p%y&d;;TM*a_G%D_i|z(7ua`9e_I+8hl}!h`gJ!YnE2F
zm~BOoRljSTiPY!V4a=_~Avr&zn!#gzWhZ4kHKbg?O9k(m`+pa#uQoxeONs!ASu0XG
zh+tAyjqtAPZMqja%An`a1f#6X#auaWDZ2spVUYW$$4GZOYHd@t*lDkpcQy`pGagYn
zpd&_Nk){|{60U3x5opjshvW#z%(9`77Sk7YrPAiVgH*&<KF6~QBSl=`8p-5Up)HV~
zi`T9Z>6@{}a!B7|zk)uk*P=7nBvyABI`QC3+kzk#nA<m1az^p7Ig74oS{10<lfH^j
zNZX$cHBE-O5L7auIblY@@>07M?$;WzF8G9rLf87l9^G$4bZh{dS2l9X!r~vo_PaPZ
zwZ@S-Jpz=RS2?yew?XSTHQ!o!j{69sd$3Y{O2#xx)R<l|RhrpG5K;gWVkQFvzRX&j
zNeMz7(`3T4bD;W^>T#6?WomYplYJe^_sn0w9Ry^yqXx($Bpm#p;kSgPYy^Uq=G+dB
zD+upo@W8T=LQ~}~6q@q*-@DN1jFT-S_Q<{stTJ*?*ehH`BAEUA&cQw}9MR**U1)3>
zfeQuK7Lw&wx5!%e!*ja@kzHkBqFw0)?JqtSoABPN1E%R>(p{!_ob`77^<zmqPO&dm
zJqYgD*W9_RbQhMqQy*Zds43$KA2Fq)y-1De=Jw9s_C|k)#ykCu&D~A<;>FI3tz@vV
zmC)htaC>X;l5TAepKlCzcL#%w9s07rGf1}Ci{0Jr9maMCFL&dp6Pd$P@`OcuS&^ol
zC@<0!k^iH;=y-S{^eIMqN1aHrTqv%EG{23;u{0{9%K31}aJk{}9(5v3N6}ui(R<n3
zi8@iC*rBD|oQ(}8*`eNvJ#eE~#C=!jPAwa;?yf2e+OHI?E-1LMR<5m8P1{^z*JF{z
zEZ1sX`AbxnU31uB>r^Q|%DTBox~8A?ugrgyC+tpR%0+T+ZSw~r1NV@Yk-7Jh*cPb?
zA{0G1@?0dUN9t{kMVct{n-f;9MHl<PoPRlh&-uq6udVeKvP@HT1&qUs6tKs)v+g?V
z+99lerI_yOG3(ZU=?;bLQd9kotSlvNlY`}eTq#s675RTkjp%OOsYji*^11D=FnJ{j
zcjYOVp7vvi@vX^Nydk2b>O^2;*o#8x){p|uZ=bsM?ncZN&%ZAQEM@u!CQIj~=6wSD
zbcoVqUu&j}D7eDf<T|K6PycPBLW|U8;3dC<5@dS*>9>dthb%Tn&WW&=9u{>V*YqA*
zJgU=N+B-gW7FX^{k=9#4L;bz0Tey&Jp3;mh)k+WU@Af^pZV)Llf3;>w)QP~x6759*
z>ug%bb`B&rTu%3sL}cn+mQKylYE{E%FM@=TD*E_yeeHyNuO1+;rvA>#wRJy4YaqDD
zg%z!ToIOmnV(HK-j^ZZNTJ2@s#xBA21rW4AsWbls$`)_qxyKe5hPpIMx+RJ0ORvU-
zw`r#>LUFs)!SV{XAjCkRSB&7Sd-vI8R8+1odCJnXnn~r^=)}FUv?;kruYZUkG(|fe
zR0b)G&={s;K7==9=eb$ht2!3SrsF_p%+0a9#rW2j-}PoyA1|R{#+%RkFP?7>lIMf|
zfNj5|JMq>oOLn$4Uv3Rw#%y<kz1$c)-`st<z58;rKiGM>`I7cyN?$zRe!j8Qe~5;e
zn2Q_em?<AfDyQp%LQMzaHc&91@ANiiXqaY*!6}7GrWn@L^Tef?UY2uNFx$aJ$=bJ|
zY}7XK;4+EEX7JEhwm+L=a^dyH4&#CM8`s+s7aZ5&J#IL*mzegh*wj8(1-z7scDMR3
zcLF{h?1Q-+lD+N!cphf!^xisW=leZ!bU<P`&9xXwnvbW>c&<F8``u|&g&TiGPXIOO
z1oZ>=CTMAmIuWP>u#DfIn@u1`G_&T}Xb)3bg_^{{z6Z*=BY_Fk^jr%`N34fAI^Lq~
zIAG`*qsfnwYxXXSadqxvHjjxZYAvLdSv9Q^h0Q*Mq9x_|BloKKuQd*Ayym!?%rBpE
zz_tnZR@$&?pNGFcHX%#d3|`Xy;N|Av`ODqi=i3|GY;&9Kyr5e<@m4>1K6v?jWAHNG
zc(KzT#9Le2boXV<23y<oMSnY{gBOFXN4FUu?RPL5SVrB=YT!7OaeYww90scH&&>`h
z2gseJ+X4%P?c|Oo3fuNlHVWIrpTJ0ANA-wS3On}yL^FkD=9AeeY=4hssBjsZ{=+R5
zo~xKJ_uj7ujq}A>EAC0iOsR&>9G|*--B1>-ufp*up6|AKDCZ)59+7}M+l=h#))dS4
zwHmpc^X&$k<|#JY!te)N^O2_gB!NJ!Hub1-wXo$18$)TeZ2#m&j)&j};U@j?<UGVw
zf?IM{Oa|sGx2>$Q-l#|ZVVMsOlK<@e!{5^W*;Ci?YVYf{y?>b6U9A028w0u4X^;R`
z2O~t&YX+_`j^@FXq(XoLe36IFFvq9pD(Q%J61Ydmk%i^PtW$erqu(?Cx3Tx4|6-#<
z!Ufd}@0*5bD6^3NS{6zliV5Xebr+#VW?Oalu5Z6RB2a@QSjEQNn|(E8nB<1UOxlo3
z)_P|AQm}%Zqe5;Uz&HAvTc(Rw1$d6CKqt5Ul#b7Z!uMB;CtH6L2PB68=?!3WQ!=4>
zt0hE&>r8T-xD*Zl0A)a$zxy$13m8GzZO&zrM(|P?(=18hT(cyKLjYJf5eYjJaCpsr
zEDa4`fVL`<gX6<9BC(?L47d^U%Bp^f@L~0D$eRG+qi{UF+4O#iij5|v%UtOCG|#Q6
z?lyG~*Q~j2S*`wGWc5SCiLCCQHK18?!xKHmNP(KB91R9C+Jn(_BHM!f`(rRX--xxr
zfj67THJ_NJadB`8s>b`n(;(8xf<cHI?_kvR4n`WYtK)(Q9F|T+Vtrwc4ll^+5hRXP
znjEs6N{D>9-~jG!^Ql0PaaC$FNE+Vt6i24fz(CW^mEK?=TV2g!&9BX3e)Z}M#u<xj
zWPPC>D7P6N5Z>DG;<eLcF3*ONDlLl`#=Ht4=eZ5Tk?8egdVTfk3_Sz}qr5h+X23-j
zvuN+PDD(h6KK0X`<F;|r-8%oJv*xSUr>?7>YrI!&dCnNAPg!Y^wy^=9M8%#16}RW(
zQ`PLz5<Rc0TH9daH+KiDXB%8REoQ(j118TDPuvs2-wB%xm|5Wv-G(fBOLLr(*Qc&@
z#XAsGar{Dr-ZFzxZnOQLrZlVDEvhrpi4=<^)5;s$&Fnh8%NDVUR}kwEp>r@i5V!y`
z#k5W4smL{#;A>?_2N5cr2J0l!HK%s$uU?;?GG<Opv~`e!vqLMyYa?0AVYFMCUfoWD
z_p0{R>LZ__e9mEly?s?%;YdVjp+@B8aPF;kqa|n8hH=mWNUr55?ICS#d^o^gT$?2o
zZY9}Ymh1@dCMp_D$N=X~3Z?96j!jez^vHqmwM+ph)`(vNs69<w8e||UANI_N{+8x%
z>20Y(Y;SIDzIf5}_ny#OJ}D+nB^5*GtOx)!)`77XHZ9(otHDw(reZ=hkI4k?5@JYR
zoqmh3y}$wV6#w9x{17DmN0;wfd9JW2mJq7R2Sbk(LVrLvI+4`_B_O;3;gvxEH2mpv
zfr#COGJDKAwT2XR2-nY)(VQ@*0@MdAjd1FgoIySus*qG0J8R=dSQ1iuEz)9QpUnU$
z*ObIBz1yT~cn;;h53_y@2g+HBwY?JJx|=0Y4=&tA53(Z(2`MJc%BPUI#VOCW$!uC#
zQJXuP8(Uj<SyArln~AJz&u;Iz=kjGh&`dazi}(>1vMI1+j|tV(aI^7Xan1DDbPGRN
z9fKqc<AvPNVj%&M9GW1jrVhj%UvcgJx0`NuNIK|>ES;{E-P$b8HtX~8>Dv;_yk!Ot
z?OH9%lSx@&_27r2?q+|p-+i&Yy;XLCo9p7>|FrDdeS{TaHcd3ir5H&%Q5HN;$G1+8
zHM~vPh{jW*V=@-vN}0`9zGh)`w<>vRuN$>D0CXfUN9LfAN`ue6v))VRgpXf*>_mwa
zxhd<9U@*WNt;w8wKQNi_Shp2`!0_e|PMv~-&Jx(bF1AwFPbj<1g>~?^KTSl&war)Z
zT`_>A1n=cdpME3FY)2EC*IfKLN*T!^4m^eSCV&ED<F$B3iaZt*Q&_T;QN<b@?j=6F
zu5zbX$leb@Xr2#JfUwat#mr-{p^$hB4wMWqSRjwX1ENYuuk3nmbX#-tPMA`3<P#QR
zaD~eZq(z;XJR=+C^b{FN^q^nJvuMtBNGgz#KIY%}l}TZvliYm>%L95mX!saQfLOk%
zx%OC?(O_O}0v(<(3DO!;iGu?LrpFO_9MS@~rM@RENZ*}0DjZQ|Y0TuU3<6bVv(^Tw
z1RTx5&}Ue+9CHzDyJc#)BJ`R`Ix^?=gwf0gi9yQrvfvGqmG*JUa|n_l+m;w*4_ky1
z#CTGSpn;5wmL4n2cl0=%?vfSD&2}&)pZ|1A(RMwmX<Me0ZLiTnMMN%c%7*k@WBFN)
zf>>SL7!+%?VKlQhaD<$RVwRRtu49LKYO{k%TL&BktX~pbl)N3oT#!KfQ<}zCWYrM0
zhLGQ;1w?$e>&k(Aq*Dj&X{Kfs$XGKg8N(t0u*5^2aE-eng$&skbUtPX@l{E%W$!Dv
zz@|CC&@nyaskSJtJ`A_&FJ-ut4&3qX-xFGGB4E^UVU5gIahC#fRQcL2zB%lpepA@l
z-hRHbjEHtdf|{NMexS|>VYYeD+l1za2o`hBe`RNeQRH_rOa;|DTOh!C{r={5wRZ?>
zR{U3|q?$9yOp$52Ox0M%p-<RE$mw0<v)LdYuA3&;18UVT1(UQr>d`Ln4B<zO0#+6;
z?G%V9<6A^+VShA|%qw@n{SXt!w1nm2o1z#J8dQZ;tXBWXM2Rt|dgKQqm~3bwUKcZw
zu?|VaO~<FFu~XWsllN^(N7aXrh^A>&-;?HAYLx0B6xWiEMyy5%X0TU`WdVGnG@_MH
z7_oSPP9<;9F(U#`weUwza~{(a+jR!#R^H$eieb{qzJoQIQT@ORha2k2{zd(Ekug3R
zKT`A1*1-Hx>q8{0zNzg?mhVC>eN{8J&uaU4KGb{I*m?fqPPaj`H~eJ-j~t^Dtmcre
z8h=>pk^fflm`yPM?H>6F^jEaGGx@Xs)zc=K!*qCS#KRn8S1wsMFoQbCDnkRlby*)?
zp2ZThZ7WzvVU!v`ayFWiWRN{7rJ7~&wB(Yx>(?R#)l{ty)%qYGwya<@k{~-A_iOeK
z*R;;1xSh^FGEH?eo-PW=i_^1r|L0%$G6eKWW>GzjR+DRFi7Zk(_Z~jW5bt2gaF)s;
zUZ*sBg=bp*wYMZB$SPsuZOIRB_D={;o?%yme2Dm4_I&J-pZY($Q`4MmM&6fI!XyuP
zjD||nK`P>_Qz-`XM7CjT43Wv!&m@;(;7*sSQb06^0A{c@(iHoNnbaee)h+xb8pX#>
z6!=D<QCMXEOAPS0f8#$sb|QAGCH(<RKVWcD(cVu#SH8C2fM1zusO~vO2Rnm}mzyux
z%XoXZwYfFi8T5zS8}ZJI{?7K`<uG}%%{GTGlILuDxVbSLBpdX3JlNc2JHx@t=bIZ3
z@tpgmpi>BMupl?c7Vk87-S2I-Izq!!hsW6fPz~=6fWy@~J;zG{KmvWsGp@$w>b~)!
z->*G{gioCI0`Cq-ypUI)0gs1djQ4b%DzInvCQOe-@{OINj*TrxA%My7mCavac2$6l
zc7QePS?Fwc)-!=6M6ywlQi&-LS0!6>1_s2R4<D%^nU}kLOlVfnG@VwK+dOaUD$s~q
zo?+ctt~%{2a|!<)WMbEKW+PIFVTaMJ9cw}&8mqk_HUcns*YI^vzBjA6JG4}5#IMAq
zy@zT8&)rL-YjK_v%n63Klm)=(Dj@j;A7v983WHDL2+>6W3-J@V#dw<A_giqfzv%bv
zgN-RgC?IwD+~)`r%`{8Mzr_GX<aR^C@O$WPBt_A98Fkk7hK<gM8|yD<<)yhPoe5#&
zAH>@`$ph_PZ$@>|fc;69f>Ey-eSih-`l?YrXkh)#;E?Xkf7NJKsK07hlH5o?gU5{)
znw!rX4YEJ&D@SAE=6RMLXIvBSU`-BiRqPj9;6yI)H?0k=1@@u74BJ<ssf$<-^H+fg
ztOBcwA;SHhXK^`!XxPWjkF3Ugp7K_+Oylhb`CO^yUZZ<6+x5n*T0kb)yrR9$ekV%N
zth~|hKp>-v_WB<?zQjhqEV5k|+35E%4DpR=Qw#%>n7_oL7_J<}2Tc;)+jYuhj~r1*
zn*poAStm>fVDp1DUdf_hQzY!6{M{o5ZkwY#rrHU-FjqrKX%GKr4-7-9P?(X@ttBkT
z0~njq4vV%VcU6Ldp=H*4{6aY3cE5)<M(hawdG}7R+U#C7`u*9<K$-tGBYH5?fu8!O
zZBx!0>H<H#mU&Y>;;Iu^=Vro3X!ffXw@(7-Fy=*rtK1{Qc&HXO0j38qMRa2^VO{(u
zxG|CeRa|w<=1ei$1uh&ajS36a<YAGfFgR<@u$)R6&0gihb3Mzwz!ZS%4BRyRs}g40
z^A3ZRa1ih37do#TQZ^CUInzBte%wDhIX-#4N8T&z#1>P@{#H`71Ucps>|F>SLd~(w
zRajxg9t4suBo%CwJ)YEFGu~(Xmx7VwL*KV8N#2@W49Nnaghj5zEWKdYF=v-^=CfIr
zamQvDbh%;H<mUEvkG#tuy;zW`&Y{h{Woq1k3>O1N`h*WFzqm*~Bb9oUaWs8D+<PbJ
zfq~D5AJ2Ru&|=++!UU|eVbaIir9U=@b4!Y7r6s78d*o|h*hT^v2?r3L&o|5DSnBUV
z!2ug_^cZ7V;y^OZrCySlDsxihW11BcCV5;o;aZ?m-_yc6IAaM_<I;l^C75R<dd`&D
zO5td*_Ik&;<3r5u;qryTvhG)=YQog`v4D_*CYQpWD~oq&&VBG|GNTNN=(Q&GuI`LG
zVjEy)F4>UDyCG(pW^5A|OisX;ad{BUw!z*3Q?nD@Fg_Y<t1Yx4Y__pv4zrk!69~S;
ztK_~M&AmrbIRcb+SOXv0=gu@~TKv$m#Afw-lwHs3mSxvm3cMR$Q^~EX-eZw4PjNoC
z`n__%e6}RyIMQ*_2xoVxoR;K$%7-kT#wly*yZp^MBzUb4daed9&FSMo<GcUR=0=`H
zVAwpB{F<k1#Ew)<QyYbC9VTO%WA-r)cVFxM@>8_`=1pXm{-VgW*{h=-KRRz181wrU
zUW}^e*&$aJ(av+xz0*P`5Hrjbgbkw?Jq58QB$ZQl6CBX^s&uz8diFErAx7LgmCr@V
z)m4X_pC1w-%kTgjmAq=`S%WNbXZvr->RT|@ui=@2e>kX4=V;3(xfItdL3+`X(j05x
zbYOuC!A4G<F92Rnf+TU_lR(E_4`Q@!+1zw!+{a?}e(4T=Hw$w&>N1jP#yR5T)x!1{
zNT3-jsZA~|>}qNAUu&N&#=u2g-Mg2$9UxxyX$3;_<%<`fv0faUVwjhA3T*AgLSFBm
z9?$D&ndtdJf8*tg%}q-C$;+J=gRNw1b9Z}4`w870?C!=dS$~@*yE}t;d+_o(WrG(l
zhdaA5+uq!LkvxxM_Ly$~t%tmS5eO3u%?PJI2vn&3)8k5D{X9lpU4x*3Zx>qezW?Fe
z6gGNwFZ_eVG#=aIAV_57-OZEoUS#oB{RP8&KbWhOJscI}5?z|=Wwv@q>{1)N(Zhnx
z9(Hi&E#ByC+3g<oy6h$oJDaf|H(K{&*x7QsFzo7nN=s#tEup)FJ(`n=XG|&guvzc+
zpy6v;@6tB`Z=Fjo$$84tnX{UDTN8l!;}Q25!~XOtR7hPzotjPL{Z>FJ`IlkD#7LZ2
zEfi&7zZVFuU-n>Y8=>?rXW3i(r^}kUM7KuyyG!37@gAq!NyD%>po+&flwOy<PzlqN
zr=_-TTlu?vmza`g>{hc(@oV-Bp{^jgs}FYP3Bwd=W3B+3Y2un#n${|a_RE($&zo)-
z9vCek(j%<^va=%2`)PiccRAz2$qCo_gXbtDqA~my4<JAMCKdPNLZj2oIi1$`#QnOo
zu8wcfq3mwfBAUQ;?7Y&%44v@Klq`PeabB9%8O}O2RiMgpDJJIPRwxJ`bQekQPzjGv
zEy<0_dOn7-^}9hT2AJrMA(%j0sctNjbxS1AM!i@_CY0&t(hkA?sCrX6N#_~CX7LJb
z9&J8_8*QNeDwZ^7e#5MWGUmSB<8NmS%w`Z}(SkSO_N4U1?Bh&%t}eBj9))5#pVqTK
zn8pXpXXCiMNB5yHd;lpe0{Vf(JncezeEL82vU?ngmjE96q~iZ+XZbNU%%`5$JJC2B
zv99(CAyl*%r93Nc(ZvY-xa{P&xNv=9^t$%Jz#Gp!U$NSmS-Q5(>hO>&S%6XXRgsKX
zoBx#8NAM?d+N`xazdV}Bx}j}7@eSFijpYfQ(A)P}sp6E5Zm?r2PV4JAlQGM*h3W;a
zfD3|s6`s(9ks@sDZj|tBKcJ(zeR;MFF)j{@0VtC9LACy9;OV89hM<pd;PzS9XLKTi
zDfv(>vq!QbHKfcN)*YQF@4MjULNP`|^;(J|kM?%9x1VozB3WenZC{;;47~`gm!bLY
zy<*aqdcgC_q7g_gfc%sy0E(#U3f^(XmBUn%q3g_D4~~1<j@rAqgB3|Kh=fzMops{F
zKzspNEb2C4c`BwQ2-K_|A84z(D{DX3C%&a#_tc#+9Otviwde8TX!W#-%W%F7(|l$$
zt;Gt8Eb!ET1PIP0UV^*I{`cp5zM}!tw3ZhEz`?qv&8};+>$=(_m>z+AO^y~dbE9gF
zK#&pJBav&(H1qoVqrD)dd~bBc02aPd6Qh=*V_$FajNmzW&XnRJ+b{h&0y**BK4f#S
zQTt{`VxXNC?vzzn-6OACUr4*@Y~<a7&1QC{0{lR6V`fIhl4<w+?wpp++%pIV&xjyz
zgUGy#li%wOCyb)|UYI7`>32P{Z(AdhRny$jV0pm9ah5nVAe&N<fM=d$YMRB!4OLh`
z4jTmmyg09MCk*65C($dG^05#Jj({sNrg;u2*g6pTWsZL9c2weC45sLPR$aM0a_S=5
z9fl(55;uor)xLJGq5s#6`Geh8PK^x?m|$i@nvo61;~q4=4>_76g8w^vQJAtP?3&4l
z!2irH`ChSMkz&xEe-u*IpE>w62(M$^m;6f^MTp&$kH$KkhRq~wB&m^d;WK<vfEOu@
zdI*xdvPgUs=YsuZ1Eeo7R@~xdwZXUg<G8&_5CZMJl7rWG2)|y2ASYDrKu~*?$08^V
zP~T=^#s~4)q*0-VLFqNg@1n!2ZCiKuc4_qHl^+t%&|fgP3nHQ}S1#Rf1+H$@+c*Ou
zv(ek!`hVB%$^?kJpUVNCD7;#&oewjMe=1(wb-b9^{tR<{&kpUJRb}?<TP^JP6rFID
z4+%BW-QpGeLE|^K?CSgR^UdeGFU^SG<@S{tUlmXpw}=lG&CtFsH+Ng<^gN+g=CF{g
zz8K0w?ZnYw#H=~59jF5zLPD)B2L2jRPc5Kg7+geEkexd&q(oE;3R#Ej`9!WVbD9r|
z5n26eb8F}2<{Ih_u5XNZL_ApUnDzbXSs4;s22xT#AsDOXobmlQFrg6QqEs9tY*bLq
zi=u<>v=+oeNIv2jrXIJzq-B_pWel`K<%nsY-djk?R4%f_eB&u`AxDxS1c+U8mK>{1
zbckdlDwC999t`KtrXg3e(m;)k&m#ktifrW5GGjwlN3ITQndR5S5O<_|p$|nKD&x&J
zb{MZEjoB%a9In+6)>p25@MM}_c-c$aJZe&fd4KCcsZ8o<FY+nT(CRjzitTI>mc_!T
z2B$}FU6Ag4Qm}_GP8e{jBqGUPF;s8Bcl;SGw0P!}7Q3_N@)LuIn{aUvLZr1s`iD;9
zHBbHtWY9nN8l_VhyB2V550s<*Gz|h9P;6FL9JKBHk5p}URzHO@n#6>WRo-L0j%~>L
zO-A@vRAHVo8C5?eb{ZynKl#Rz#D{Hx&0R9#HYR(I;N!@IB^=r}tn_gZM%?D045AQl
z$aDVoTccyu%q{GXYbF(4Lvk`fN@HQqxva*9mJZ=1_G<M5vn81ah=9jZCcCa@$2$eC
zpGI$ntmlZB*U}VXTbqj!Y};A_^!W_0eg^Dr3@58F^;B8@t(h6H!+=F~6dpIYrkGz<
z6?Zn};y(P!seTfcGZelel=!ag=349i!~TZI_iMdcg9{hpEKbxKt~J}fE?wXVEJCgv
zteLs{K-#_=7s}eQl@9hn|G=AV7>?xjYEGqg>j>n?V!<L>B%_70K31w=@{A2JcHjI0
zus>W+53M~f+S};A-0sxFsuA!Y+Ka|4oz#P-OWf9rH|JH5f)ZZA+|pZs5L`wBGr%RW
z4y=Y@789YmiY2f4WUi6XBRI5ir7gt_liFi?LpdZDCUrp<4kV&%Vrk0ivl0UPzXY(W
z*M0?87<FwclEeehWh9}~`6s;VdbWqqkBG|TlRS3HNe5w3PMulP0F@n*RhpS5W{Ehs
zrP<L;9+S+cw)esW^hiqz8b(o6GO698LAX?$QytB7DRK$th1CI!K6bN+G1jv5DYXsT
z#ivs@oPiKQs#}m;0W}8$`L%HDGZb?Pro75zzK3#P&tiDoRx4Br<H<(JgvDc;aW%oW
zr_h^d+R~wi%?95iH;0L^vcLvY3y>66JOb!jDcF67cAnwT78o#Tbgo#d#%b+fystTh
z-#+M6b=_k6P=?qo;<r5nKjoUKYHy!#?YKvc8DjyT?ZXT)%mXZ<<J_jlao;}1pxu7?
z#Dncs2GuZU9GPDsOAlyr!Q)Cm*NuNeg(JCKm&+3nuy6(q$EPk)&tsDDXF{WyF#?PZ
zJ<lbh$w3*x+!)WPFdW0uL_zT|;`v_hr$wGn&Ca#q^QazHD+NFVyoWLv{Cay{$PtV7
zHab!D6&-LeB6Ek2_M)>&Mbu4N3B&HqwbJ%qBNXjO_5E!1P28%OCMnvBu!4iYjN0>y
z1ouaW+*ZZSX>L0Fx#zXq`m{Jq4`09@>&$}a&QXVL(@9HmsM=^k1nVSIE;*D(3Tcfh
zQWoLQYOR(Ouq^tkP`M)kL^IG_jj%dCEfK<IlE2tVw@%`+tjCrsKpN-MEFMeY^7=05
zRMkq0VW`$u5jtw7HEZ{BS40o3A%>xLmQK6&C72~-l!^gOJqoRV4zxoDXT0_yzCAeK
zKRvdFkvU^}TcnzI-6ihabp%uHD%U!g(Axut7jaOoVVC7#d)wLHnoySEiVh%OX*eLO
z^dR<h308op?f~{9iwuynU27ees;LrOR%z5<eFM;zs*wl!0~}a$5dV{GZf~OvG+_v5
zSwZKtIGDgfcW1_HJNJ3XnszBz`KDn*@Ak$<bA1+ynQ3!MM>CB97zt;{zM8nk#xvd<
z@a&Z8aSew_<a#~M`1*inEjBm6S+Ohj;N+MLct+*a!a+l5a0$B9^F765%FWa?jC+k2
zAXgIF5xH3$0)b~vj!B*tBc9E82+l;t%>U9G)r~W5{y9uBryJ?w5zpi9HPd7Bx8eVU
z<_!ujzy{t%<35n!qNTz5f=TmA@HYEsfMhyHGVf<X6`?pjme?|OO~ZPMX<-)=qQRJ!
zsgB2J;;M9RS14B%a=eF{k;6k#WRU#DHScge>~jlX^8^?|&lL1fOSZsM2KP#r=nWj-
zxHftXL<G}vzFe~LkkLJ|uiPUYP2oJ~wAFD_#x3eiS;S69SteLhA{&0oQ;ctHS;u;k
zn|0i+3~A1a#us=GN(b}lGhhWTCIKj1NJ<L@OvkX3GNyaU5__r2{6$;J(e^#7y>XX=
zZt3%iP2KTqx-3Tsh_*EG0re~^1MFK?hR+fOv=mB<iD|1%Hl1Jb9IyajThD0G?gR^=
z<q&8V)iP_+IyRtLqXccYb{K!y`$U3}h4Jmh`)`FjI5|FWYjO5bh=}-aFW!5#K4aQJ
zasx@O4X6M34sVUv<=3pmxbT)<d4ZwLzr{_)q#ARZ%>gdj)g|<yxhBk&qC+IhDC9FS
zXI&<;u5Gu$FN8b!+Nyh(1A6trG9Dd#%&ibp{@IBrAz0C3(U8R?0eG8AS}l@@n=CLn
zW*jj8%=$Rwa@Kw|MV8(&cC#+nH~|*m{0(f4r7hERY=3F*3er2_2?!8`M%lsr90FOo
zUQ#hK0;@LeYbq<)hlmJf%eNueixISr!u#add@<rKEv{r{=Nj5_@5{1lO`R^+k*NeN
zxSD}I5F|ao_kneClIv-JJY9}uhLdRI{6Yb%IWMBUXrtesM4bqcJK*oP+-B~Z2O9%&
z$ealk*fiIDku|5x@7psr5!bU;M`Oy&cd#PVxX@<h_Da2;Lw?n%D4t1F(658F?hy?9
z>$GDqR0IPc<m;FvLtzq4BLjxXh$aA{Vs{i0WuNRkBnr)}qJYK(EyzfaB121h2`?Xu
zEQ7>cuMgV6|NC|D|FO97zF_H;jHn#YkvR&|)F%3}`izL<Li#E4*n0~yf&~P<rMK-g
zwSl=?z1mV1PkqNN1eS0xvnT=2Ky>3!-a3kJG_jcEg|0epm%W-*Go~OO8B|B<|Ez`2
z&#a<UJ<+UXzT$G1P7&Xa6gep}JoEf5!RM%i6>=fI{ojWtxTm?dw94d1%Jl`GFj3Ut
zRJR++FKj8ERTCkCa>#Bu<QjsgRd+wH#bMwXPt$sELYwvDf^wtorK!zo1~(9B01+Eq
zPPAUV>1D3?cWOHUOvRpck3x35vluO{?szjwa-)@|&Hw{HcFq0aicPDjwJZQkf+%|w
zlyP&brPB^#>iIjY)2FTJ$qBzzObh1Ra4^k>$k-b60H%5eGK0N?I>!}I*CV*<j79;O
z8Df?&$WCB%ia{#ktH#)RguI$MtSIyxf_80GPGvyC;~zU3R0r3#6?u`lhDF5838q`q
zKKIkP9iRh1sZ3BiX>AiUqvYZV3S5oDF&$@CtGN*pa%T;L=M!alO!J&k=@YF4Qrvpt
z&6u<fzT~(Y7)MAz;>~653)AV$g$Kf9={X9RTIKr!&r7?991DH+u<CIA(sRr80$jS#
zUdR=RO4jc=RR+H4*uTuV<*p|^@~x18-#6ao&4R*pGiGT{AYQ{s<UzsHr0aG}F^I)v
zLbIfilpJ?ha03UQ5!zKOr)cR%UR2m6i#B^mRX=Ma?=gC)6{WHOt=9s-mYpMTo9jxA
z2ZG9^E=8+(E*eRzI|vXN?L{L=hcu&?zNN_i1|}+_U`3cG*d|i;c?n-*#gGJ$ogoCR
zZ5%`mpMV`MDDHDafgWo5go6>8U3tq0zzuAZ>tmKqy78Dwt=6?<41o;n7q-w>MoEvU
z><)$OhO9E2V}oKD6EKwXs%=^Gn#qAs3(QYgi0dhWqbM6L5Vi<g*8<>qHx2)gk7a$r
zK2sfm8Q}Ki0QAAk8IR2hwpollHs31ije5jJaCZpHuEn%ds#$OYHH!TjS~rKOxFOb(
z10=wMaFqx);aXz|fQ#GexL?sJAxIqshTq(q)<XT|np3dm(3mwglBGK;GkhAtqqQC(
z`#A(ugyy;~(%p6ABwZ{|y5&f_?gj%>2zNT0<L>;5=kGJgXgs#Do-;8!u6UkX1H!3I
zunyOG4}}Y!6p(ETge_{2mG6u?1aiN0FMhLGq9(FY8BgbO&sr1y!P()wl(XoqW8+V&
zxY|Y$vrT5IEsg=7X->`^k4i&cdA(IVa<=sQqBZb$%Q&p{BvTMPZGT(;3jXNg*X7J)
z>Qsu`X)npt88h<i44yU=J7{=vN;Wjx#S<@WNfNtMz!F+8<?(mCOm+fYG)%?z>?b4V
zj--T|(Du*IdR4M;Umj-aKumIJgKB2^dYCBzu7Z0wxR+xkPpWm=sUWBuQUKN5rpnyj
z*d(tY>9akxjt)=G`<C(!`pW?ZV1ra_)?ASCQzpN&ki9{UvwkzG+N_@AQ=rR8R6vC`
zI~^_zP#t7Ln3K5HFHcf-;6*^-pxk<8G}jGxN5z|jsSm+O=Dy2Cq0A+#kr)o`6YMqz
zZ&btOREVo0$Eiez&mbo#P5Cve5jvr_hZbzPr1uc=qJ;6W{eFKwpCr@nO|y+2AQTAd
z&dP6BlEkwMoz|e%;gQQmn;VUwV+4p#&T8WxOpg#x2f7X1?^JNXJ4R7d<Vs6MCs5ow
zx#&WgEnqiEETqQ}S7W0}Npf-VrsE`n(b)it74N(k7jJ?W1pB^q9@>BKK-Ypmw$}-x
znO*7OopCHOySy(h-Y82{;D^{GyvDj*vI82A+d{WZ9YByo4mqt3&IJzlnp8kkTWP$}
zRO%vcbRll1)nF8upx5|*3i^%6f)^Z~IV^rJ1*{&2I9EOYHr~e@$Gh_`I(eA$Rml3*
zf+n0md~25P|IgmPceRaVd*k@|n^#dsnVy6>wy}+EF3+#eS_J6CPZPoc(mnIb$%3*}
zwl&BqjV^$@C(mpDuG+h*RJz#)Ogc#`vu1T-NxOF4_w}<qI?v<Uv}ci(_l<%enLUoC
z+;bv=l?EW!Cv$|3*jQYokqjAjV?sSH1l)6da#4I93o#?&V(6l*4M&JG5GP?cL49^d
zhG!;-XReEpP{-mE*PpO3HAU#XsE!Qr^Q&|lY^qpM9;FE<+HRvR=j;HeTo=8x)Urw=
zAKQ&QDK~;fgpM_nf$`p)yn_B+9-fi&i_1-uLbJ1g1XXT+JmjP!Wkl_pNyrml%J^&|
zu8cP{W_NVHTw;yn2V{a@$l`)nqF40!0_tB*)2h6%7d=LAS(G(E7F&m`P9fsM)Lmk2
z(Q@-!$2i~h1mFi)wLHruYB^c@D5+zQ%WBFjE2C3dMTfj{SP(LsLegsh72Dwiy<SkU
z=UNrnmpO`(r_hDa+%pqCq73;jt+goSdMJ5}a$6QtqD5MV1^_|p=VZiwVPT}y13zLh
z#sj!MxfV*04w$?KGZvKVmcjmDjlS89i06(%3e`PtB`uh9D2RVYBalm6v8p6Eb}OTn
zP@Oes6pd8ur<VSFSCo+%wVH9_Ns-KVpf)5yT@8Mm++-1ZsdJkm^x}{W&u)9Khi}9l
zTd?%STjcfd4eUh~`XSj!>xIfg5ng_C@qX*g`Fj&|LJI1>lfs6iJiIF_KAeYm)Fp?d
zvH&fq?Iw1b8ZpRN1Cy*40&|@ntkmhjLpnWpXr~8{?eySLovz5cuE2~|uM_z`IZL$(
zB>3}gbg44t{E1eIiWG~L%~MSrB0C)xi&K=3(-b^^qAK(7(2(R^pYYH@3TjFwLKGJJ
zz{uY-JAU$dcy{ovx~G{m>fsrYfvW^FEObhrjLgzg1|Dj(+AUf|ndy^mM`?{za1r3S
z2Kn;gvwA8-Ymjx0m_I+0f@yVUPr2WeA2h`mT9!3vo}-2AhzW)A2<E0-9W$U;S?EHt
ztS%a#`kpiaJ_b2OYzFN`Q$mfyWTke9j*<T|t<%{WQh@0xrAt9i$Jj~92xJ9IlCgB2
zw4e>P`FP4Brka5&3aUvc=z?MYcdqByG)#*-rizcU;LD?YN+U92z__{tu>_M4K7HQg
zfjMV?zq|lx>?i7ZLMmA>vS6lGuZin~#x7i9a}sec(S9(Ur*$7+p{S>7_|LeLc$nMe
zMwrha7y~n~&zNJ>m(!zrvZF;CxYRh<T7-NTu+RfU5k?$tCpte`THs>pdJ)R%O!_;d
zWl8~Vtx%#qwZv_q)$K|qTmS~g)(ZfpYhw4*u-f4qa~)UkOoh~s0tzM~WgjvK<O#Y#
z#O#**fjRGQS%}I(75(8^#B8EJ0KE>rD5DF=7Gr8xA!DV_4N$C<wmdK@n7(22VkE;2
zn@5GBTsI8;>}CLl5g3c9C1&*HtxM&vr*y`u+dr4qaw8Y4=>Aj|0G;+Fxx$eYyoEeA
zvPP8w10JQB?s%eLsaBA~9HGWl^Y*LQ>6t*y+*zqc<_=$kGexcA2BDCPW288uN~-wr
zna!ezVi1tohp2+1Sw+MRi|s9V1IFr1hSsFvZ*p>snNtCdDt4yOR629Hm^5@Uz)Q{2
zg;KgGVi{Nk$Fyz>TwetS#C3L@zEi!83_=jlm4vE1KbQYiYd>e|hw~lX|L(0!A~6`q
z;bvHOZpbDH4IQh%D`r~BXxIYS8A3swa)%9dI6#Va<~pIwF)GPA$OKRP>W1u%V1S%)
zr+dcHR&U2LJHC>qRwWl@ql%VOXYSJ(;IQzUBtTp`h-ZfpHG`j(>r*GD<B6X5KEjnM
zp9*MPpaX|!_Sa989RNs!O<zjE_zyf5gGC(_gIE@OB0g7l)}u#n`9<+C(nUmzbkiCO
z9`kBj<Pfh#=7Ky7uZpqMtFb^oeG&*=Gm4oX|IAnb7TBt&p*ZATWOk(FQ?5V)SWMcW
zj><D`0Sl0A8Bm**h%f~SI3vSI30M$l0)-sVifKmBMgf$2-$Lz@!zqJcq2*O?lx^r%
zNK3Nti7mg@rjuJYgc_3t;Tr!5LjEf8F5+(HV=(EfZ<P;AnmAy$$vvWSG-ZS*)IQc%
zz2d-a(YpxApM`Af-XAfKO_rs(9G?!w1vz%_p%(cht^O@3o-?q`9N&xkX?Rw8TF7_6
z60Zt=rjc}_2}O|E-Gj5Cq5S1{>+xY1@=^4tNI^yuSUR-F9*ttxCZ|$Z8)}*8)$!?Y
zQzG4E)ILGhy`+;ekVp7At!d1a{nVT5V6NlSVWcTd>~ce#6kakw=jGvUiBIF0+EYmx
zx0<+n+L2YV-$au|-Yu86vcabqP3Tzr7Q!4DFBmuw*1q-sgY06|!<h5mn1E+gBZ@_1
zn#Gu7|J7iO=2D<&kt6C);Pi(VQtw1eCtB{w4S|fa7QJ%m?40MtQ5?gu3|t-_ydxo(
zQL_r^>cEyI=Aa3&9OH0~1x~QkwJM~n(s0E(Rq+yc5xL3BEG^Ob$bjqwYl3WzVr#@5
z6FI<Q1l}@lhH6hq>;%1ww&;xh#{DL{L2s<$sd>jnQ_gSFL6ArQVuF8iy%^-rYyzSD
zS)36Ezh1xw8p^M5s$Sjvc)KYrQJCc9+A$`~il6cyp-W-Hr2#?(?#EnCF(~DkB_Aat
zpT)zY6*$CK$?zzuW(eO|osA)cv{0d+@tExwN_fy19i?h4LH(vaoJ-QdrnPv<pI+UV
z4xnMf5VlF$3+6nLs3#Q9DOp@ycR;L4;82s(o1;NgUQk5{u{7vL<W)8oV^iG^t=#ah
zwnA1}5cT*!Z2ZxNbbQ!7aA**-@Wh?D@h>hF*H}^7z^rEIynJ8VfAxha??7zemd~pS
z7YkY0tXiz3?^TNyBL#)=f62mG1eJ_oI*#vEWCi|+pa!W0#^+6yNMbcCRj9_=w@!IH
z^sR=4=c~2<5wV3oeHQ=w+%W4TKZfa#4=SsS@qMe;QT`+u%+-Vb0!%hBxauLSmK1q5
zNVUubw5AH)2KkjrcpL9;8tjZ{#D+&X|2@b#$Kv_RW>dV;be)$<{)2-+CgQ?DfjCmK
zbZp2bXexnR0G}~Obwp(ni~Csx!9g1t#4gVRpmlD5SAiZ1RpsfNOew~Tj6K(mOLBep
zNt-lDue;aV8|-xV`Z}Tj*m&7~Y4ly{8Pa`Tz!vOkcWvrdmsTn~o+&t(3{N(V#el~U
zT@VrQ)a%ADN)jOcRuG*L3NSSy7FU#k2%ubv(8NSpie+Gh49Qkax;_a)?j*J;b?5oZ
zS1xOJ5Vj(WRj|*i5l?(rmLBH;D2STb%@#;*c8n1q%`p$}gbr&aA7*h>bG^;5RT`it
z153*z^l(pnu?RinGo8|uOT1{nnaJ+4h+(OY1k6IH2Q0Ig`VRHD&&Ux(O<(9t7t9(<
zaa6?>sv^V7+Av3PrIM{UZfViST-jEG(xHLezo2Mw`j$S#Qr%hh+~{Slk>%y)Gu$qy
z0c#L_%Ofz=F0b^8^r!NDG}{*Gty(u0sTC{67D%m3B}1URtnAM2by->2d?{HZ;W{3Z
zC!w<W7f!?h+z$G3NF#;bUS6JIoT8Z>Cc~2C(b*zL1t6_L{Gx(nRH3P9K-i!incS{Y
zZhEgzo$+Y5*WYP7dwX<D2mLYI*`?ciJA2IO?(FvH?#}L@%l6v6-Tr8IdpxoSqdlkB
z>krzjyUudcrd(lEnci-<2F=b+SNv~p&};TbozeF0*dA}wLASfR*BOs{ZMrw^j5`jc
zd#uMs9cO2+Us03#IJYN^V$?Wno_ou5k(Jh%x?U2p%W24>DfgUwT$y}MV*LUi6GZ|`
zt5nhs7UA{k3UnHhZ_4Z&oey8#1fR6zk#_=8ka60Y*L-Xw&3Js0R$?`rEC=B9X_9N#
zA9E9xC-VW0D8&$aSk>ZjEECTRznZIJ%w=}K7EuWiDzU+h{FeqKSb0DZh&N^|e98^P
zK9_U=5(7MbC*~WJuWMU|VO^IXdBh>LSp%7DK-gh}+|dv#MzApCVS}je8-$O?x#7n!
z#jGjl;}8F6{xEC);E*3KTR*T*AAg8Hef+`u^zjG(6Z!bVWdDa3pU4ll+BYg`ND793
z)T48Vl}Tcqimmb}W-O)<tg0rZm18U@IN&mFH%e4Wg`88B=dCi*vV!84!)~{t*x^a$
zVoEW14A*F3k>^fHI2`3n&*=SCdgxtg$7y;->iE}J(z>{rZU0=JjAtxNS;@5x;>5eE
zccV;NxZp^gwpRfQ4fZmnp|LM1D^IIQr|ZNmQk9-kDJ~TPvjiVl|Er43;`&}R2oAy-
z56?m_mYC2nC7{{|AI=P)IaaQ8lA@F!5GlwmYQ2?fFUL(u(=d3sk5uM|5)-b?%(ZI_
zKJnc+U$#jywXk5A6xWwj469lNY1Q9~#Avjl3mM1SxAyi1J*#15%Q=b}SegN-ZY2Ow
zh*a92e7R7;Qi%ki`P0YWEu-jxwQv39_s(a*4QS=c;_%VBx)SHvRk~5G0`6RiEp-JJ
zg-=382q!E)ky(l2k+w6WZs<c(ls-!bO3tO3w;6FA3=pwY0+W8sOqSwGld;^5XH48I
zt=^qo+@+MI`e_{HFsZm*!rRp-s}d#Y6|GU#3Jpf<FPpuzlldCP4=s=#eLoelbIHX9
zb~3<KiB9l%njO<C>N{82WeW-fZiNi+>awAKbUozN$UnaJ?nBqmb5+^RY^$)C)ocuW
zy4_YAoNSq0t@u9kF?#*53cgS7f3~>g0=;XyQtir>w5%rn6vb;%Bh^JKvFGXy<wN;v
zTElW>7~YKcXA8Z!P2F@el{~gg*0|@rPhx=8DvOBVo(CF*owp9=z~nJu3OJb2z)03I
zXEIkyvt<^?Y{{LPE@SKT`10!D=-u$tYFHQlxR8Ix@>Ir`1(^#dU8kZ}iyYrVTrR+n
zPD1L(hCNNa)iBI!NTLaGjw~d1Aq@f+5+~$=EcRfwk5=t5+C9-EYeRGm&TSBKtk-ib
zI`n#YdUSPheE!Su@c0_=SEdZzf12hzgV_?$C`#GQkTkKeu2&f18^(fD7Qc3VNAA)e
zQR;XFSu$uT1K1`pMmqJ);43#~n<yjglc6lt#m9urMhp}Hi4Kq>fn`octS}GenP5!a
zimOL-?U3erSGJ;mW-KuIDVda1VbfDr%|)P!zm`fL=Lrf@0hd{e%wx9@U!uQ@77&lv
ziBSFC2PNW^1%?f4--_CnhMbN9`zl5a<>DB=t<+5NyToJz^HrDIx%!nSt|XyK2zT0j
za!<MuhM{|^zyz#)z#*B^TbCzc)mi$g(``o>*-ZY6Y`4ih*^V}=Sgtt5yDJ>x8NLnr
zD^}F%<N{sOuP|SSAZtZ|yVR0j0qg#|>7_n~;%o9+F2#Ds22zlA6-xX?(B82l55`x|
zK&p2aL#ms@m`757M9p~_ec_3V60vt87H_=(%A(V>sed(kct0MWCbP>hiDKrw<w10^
zgQo6dOiaz1n9>5-F@8a&;%33Rbn4u_SH3^yGy!H85{M9^1*~FIMjaNWJ6q<!p6n>M
z9`naMlqCeE-44QFp<e9@ybt{^$Gq!5j{Cz^(brWHul`0Tc@@9fkjNf^{s*|fX1Xo-
z4iS}0TMF{*ge(r{6`9QaoNA;&?`Y}+cOx>R81=7`m>C?j%pnG|DHMZafX@ELLf(+a
zXpBgs4g;`=oIoa-l_gY86)aP}&;Z0qDMOJAu9Uk@erhReT$YZMZv6BI)m7ZB7e^PW
zv~wJ~?3U?jE-8fXB1T&>gsUX?5+5jXDF>;iJ2&SglUQiZuSy+J!=UVRzL7g36Gl=N
zG%B}=i6g_*Tp_3e)UjFQk;S&N!U~51ZZm~eqjPgIG*m{ZDQBzm@$l`z>6_!`yW{=t
z_RgM_DeC~Vjn5UuC@Muc&4!0xo?L8QT%6#oXNIT89H}5Z36DHHTP5=RIDK0icVrG`
zmfWxEWM7U9nO@w5T2@h}vOt0MDi$asL9|G|p)t08c^8pa@Uao2u&MjBJQ5)%LKh+t
zWDG)~q6iFu`BXaA<~)H&VQ_rRwVr@63P!wPKtnoXM(q#Rx4pzMN^Y2td#SRRW$Wpo
z5qVK+g>Z=ckSz*_cvv6=QZ5gKfPz6Lg7890ZuZUUo=2IUuNq^4jF!Y$tQcKkelI_T
z>$^IgT5ph_cxbZ}^0t{toz}_9OdO5wIIXI!QkN<0SA9u?kbvR$5)I_wY$*5Vffp=F
zA~`rYJH?6yo|g(6h4LE`z64`H;2XHa)ZHz_o2_mG)2>0*>9jfp5J>z)$QTk5;F<<P
zeTlivy=!$^G_q;l@cEq^O_l2h+ma~)va*}&J6K2x-j+ExZkTPLRWU&6D+|WyH5O7P
z`c-sDg40u;a<ASTpEWysoz5l<s4--S)R(qX!3lU_SKtNFcLMdIn!Pugo+&k^b8y9d
zZ+<01$Mn|<i9ls_h)Wo=nIQ{71`THH;|0c7y#vf4aecLg(~=um`<l=;kiN7{$y1a@
z<c@hIgLq#Kdtt~fveJy1GzUQ2Y7h{8LETi!g6T$>;HA%=43316D64ERYDT2AV@!-1
z0i#SL6wx#b&uA`TBUmTgrk+)SsG0||1)JoxID2Idm7bv=e}syd*R7=rV#pwr#AaJY
zXrs)YYq~+S^+JtMQ;wS%-DpgR{42P4Q@Pcc4l&=Bna5`oIecS$oZ5;_bX$$uENkeY
zgy}FFaC)h2^H4!?Aif_0aY(LOY3EuuyU_dF&Q_*Xb%!f7r}v-$1=$E01U?i)`x55s
zC2W9~4KqnY`b?>JN9O=S=rbq~h(jXUFxzbah!`d{D~Nw%RLdr}Wc!ssv1nUrdd{by
zxa>aQ2AV7+D#{^R$O4#ET1J3;iG+0_<tPnPt8GuxD5I-KDD`_0hs0=XpAeFd9@!@l
zJW_a~!teLVjq5v22`ZZF+8PwYh84|y+laDTgOYf8a#5lvF5vr-dSd3DU)ID*x}m}p
zFwg$Hez?3TF{0Ih1CpM2DYNfp^hR7jA%oM{97BjHAI<f811P?^Z%ZuTvYzHZAxvtj
zXqm$MWNBsKk_}w2J(ZwUrVyEi?qS>`3V|>%a*slHGK~pfL&)7_Se;}=<VY4u5b|a?
zOTip?=uX6q3?+VFMn=g_$^OkMdGv2MpLi@=Xm8^B%uL(`a??zL_u~?~TLz^<AoE^n
zAhXm=jBsX^6al%W;Is%c5morEY|5QXFKp_u;h8OQGM6aV*o(LM@0gJ;uWE6*0Y1~V
z4AB~i#Ah1V4KY#Fo3bdB0gK`!b}FMN1Oo|s3K$JJQIGjH4WdLtVB0hdh1ewn%uJAo
zvi`4F{?X`2#!w^sA!+j{{>cs59hQ(;*=V7!s<HgINNyFtN5nHpZLfTcR5fIl6a_NS
zRB2OU`K>S->eX`N%`_Q}JhrZMFQm3gq8GloY4YHNJUG5(etZl_<@s>U1#xiQ83eY|
z2vZM*gf~^7PL9>EP*A*bnC~*j`h>e==Emf<(}ET=nC#$m=YAGgET8~-1&-+!ArhWT
zVN<#hp<Xbh8kkZQ?H)7cK-v+F%L1A*arawLLqFQu-rn2kw-${|MJ!Mk5d)g!oq;;6
z-EV;Z4w-P`ZiJFV(c)I*h-OTfONJKPKMHw3)Yniz%8g}<Vk731fl8pRD;l^$JRW=e
zZtMK`;OO1))(gQUk~Vo?8s+yESLQ46bJ5(VsNBn#zD&LbV%k6{D=b){|Mrdsrx{^P
zaO&}is%+7)<Z%fhmrw`JVVGPks|iE4)H@p8sDFCwjK))IzfchjS=^HI=5aw?+Wj&V
zrF2L=&-(nSAw@@B;7`hj1=t{L`W?N0P3@Z`h^+m-{^`Q~jlCOL`<-^fio`JhV*xhH
z6E})wS!CwV(|_gn>QlOj!K8Bj#$YJLc`BK@mI5Hk$<N>IyvhA0dyRu&TGC{SUGW83
zG6sBJrp=8fF`;PT5@H~TE)s_<S}@?cYPC7OrBZrssG$Q*Ew876O<(}b+P!uC9&rJQ
zp~Lgq=!4Ng@jVo5Q1yV(`?FdfK*Y%e0{j7sKn~4u`J@Wr;2#I?PGp+OD*ehXsgkp@
z*(8_Ze00YIAc|$4CJU85EY&+{5(AgQ#hn}5U?xRZ3RcR~5DO9W#%V=@Sk^>TVq_WD
z*@MWadLY+28@oON;~M(P2;SZbWo2xr>9>G59%=bRvMg~#b#Q-!b;*-BNMig=VywF{
znFuvZwprF1o|a|cZeQf!#6Ddh6KZGVkB0nXHzGP|8n?gaj+s5T6@ZZJBHBt6mThLI
z@AtYrjDtV$O-)kjb|8z(^E~F#=t5#Haf{L<Vo69XDR4ii;x_X8bLP=`gV4yVM~ooZ
z_=2mfI<lHHT=0TyrZXx$KX>!%(nBjHW<04hlOp#%V7`of)`WFKGP@HpNcQ#yeVspY
zkmqe3c_shkBNdSRRc4tqtk{bV)zuC#7zmV+?->>dfa{+@@{QH7*u5J;6(KODsNdp{
z9{Fg2k^2!`hk;z?>Q_WIu^QH_qD2XPLR)qiTk2THAxa{q+QcjTb4I{XD>1)Ijf9A5
zVB3-Csf@SWl9aYy;2Lk5DJW2Y606!wnGdyzvv9j~Bm{vhPh~r%_4QRUlRD^ET*E9k
zgoTa2ut)@))8a6jW*3a>6O%-VRFG}YSy%!sk{QkzlcL&yRCs`01G6O71?C}vm95_r
z=d`j|w#YGN;Oq;XS+*?x-XxA6?f)xb;r#!g8|mQS-~b;8?NR(Cw(-AEB~1LqwP*N?
zm>fd>!4sI?$TallSk`t*5NHlhhQLU(8L_xxTz<5EFJrAC*lNUf&=Bl21S<`}#%GI^
z4RRivWY8~~kl-EQ&74YA-v_U)h$x7RTm!|E|6zuk+^HbREoy3wd1tc2%iCJyYC>5w
zM>$(Q+Q>D0FC%#$k&o7@JQ4obgtX<u_r#pB#l)3-P?FBBAITM9z%4#_2|PM6ZRHl8
zDIsm;_P>Sfvg*#n9(IU@Eg@c&tOjw}4tj+7HW!D_+3`CKr70WB2|w}#6y)47hS+3b
zdp|@%)i))$EXrOri@C3g%$jKA7o`y7CR;*i0C4+79l^p<63)PB00I3a6qdv|isif;
z@@XMN>{vVntSJzd(v#lg7u;}e{1UUu$b|U}>vyiuvLOanG@knJ*4(}rsP(NYL2X^@
zNoW8|92E~y2C_oJ?DFJd+0t6hUUBp!FDO^W;ap?RXxmV3$sZo9)KI}SFV9YMPc3Le
zES6j9xsX|cPGNKLL}{6;;TXrpfEhzLcnLP=8@tVw&Po-)qdb*@r^5pYJ)K%4s?VV8
zr5G?4$}_ShU8P4{T=BV~mSH>|#8W9pyZn_n_=Suyj5z_R)12-z#==xM8^%Ut3S!UL
z)XP?WE8!2%|E#;Z*X{Ly9e9SQd1|SdjW#gO0HR+EVKr<2c}WTe`2YgChQaNiOnCcM
zMhD4W%1+@oaHIP^PkftUH7XurDX#QzamSc!FHTQGPBYpMnM3WoFDJh>g-9p#cbOxj
z{TiuhPW<h2!%9N$f5g=2FO!IcLx0S*Vg81WZzvE5T!7(}+P$f~Ay43g6IwUak1$Fq
zs)DdWmph?z7Lpxwc$9RkC0K7szOht8;ZRm71(`G;^x5*eef^8i;}lQV@at0>%$k^Y
zdJP{TzRI;2m}_VZ>hDPGMvQKOS&7pvhLukt@0R;a=h~{$w}yI%O@e-wYKq{m6Msa1
z@flH^tA7&Jqx4S`5u{`pp2F`~`pf(oYLGTnbY`h)sq;I_RLYD-DW^y)lmKU2@ltUf
z#rvA~M#^s^!=trqO^8Wac}a+u_tRCNo_w3D0Xt*P?m-eydFcLz+su3dammfx^FL_z
z1>Zkf8D1JC{8i4pI;0lakJ2OP!}*E4ZeG1PzT7mjO0q_q)h9x=uO2^m7@s(fs(tlp
z)iBAUdqG*Wbd<!)5`T`hCangb1l&QXWg*IrXyn>LmR0pKoktIz<mwL_JlTHr;K2>o
z!s~6dCHAxU;$;NUmp5$wkf8vDKzhG{#?;tgn}5K_m|ZR%7>`zBt$*dH<wYoPX%PgY
z!@Q)M>kJWV0?pL}#qj;jB3F(}y|mtR5qjCBo<?|0kzAD$fa0^XZRm0X7*oK6bS9+e
zjEMFMa4fCuc4Td~itH>8$1@$5qTkXCnT=xtw2+eCu99Mx8Q=x^bw$FfX0T;iC?>L1
z5q>DmGIA3htN`gYfe2-DNtdo@AeJ-K@9u49b#S01ebhQmcQM^nP=DLwL9gE)_Xj&{
zZ*O;Jusd$|y1RS5LAy(LXs<Wk>GTGj?QMIzXWLzS<n+h=-F};m$2J@HdUTDbzh-Al
z)ZfldtKAGj*6LK?_`Wqqp%l(HGb}iWZ+TQ^c7vaD(EutB)|Z~96p3}@`svYPma!~b
zGf48RfY#UR_WB6E3VxVO+XW&|!x5D>Y$!Cy9YUkXo#3W?5*i570q}Rh-_{FAY|&ii
z`|uQ?(#(q2K%;r`M{X1*a23B!oC#YPo-DI5&x&6?224b-wB=|*5_)SXe^~^S9K4LG
z8;W5@TLBAg=Eq`h^D&Nr8IcAs5{XG{B?esoz-Yecc95aGOL&k5l#qcvNtIb~WVvH7
zxJE2)kX(ON3W;*plF^)8XW!We@9uSJZytzJyV@FBj9EL5-h?~}to=d1zukq#@?_Io
z0$Y(NG!uk;+@fW{OCS;mLCMPA1MrDDBFspp#diU=v|KDe@~hIzURs0ppu2$C6>qJ@
z*tluQ;A&{xW%QQ;<Vw?;j&B<LQTVtJV)FTVDMoBomMuqer7_vk;bqlh@@!7_<<n7P
zyq3DumkrZ;eCx|vd7}6G;j{m&&hUq`6E0@tp$_aS287b<+B6R^mm+ZK7sA9(OO%*2
zvDDlwAJwerR|At?WPt9o0W5`9%CAj;pIV>>zozyLACFV;Do}CbaISM5QLe7miQN=;
zQo#@|QH56pJk2P?4+lKWv>7dw9ZVccag{hB53K!<*1^e%_33lN3KRbzBVNd#PPu>1
zd93oU;kOSF3oC_?R2Nz<ibNVgGhe9h4DP}0PItSfVfiFT!|=>1wyG%QLPx7wY^gR3
z^j*;wMvY(U_%x%O8lr4rE4e!7r;^x$_KFp()83?w!drZ-+sXT9ah)J&S3_YOXhMXC
z3t8b|{5lzrS$Gsu*I%$>epUSqSlE;h!7}?u5FsO=qLO&W5CBOrQqhfw6Uuz-TX5&P
zGl^-UEKzV-Vui_9;0&QqPd-Y)h+T2YcpkrN&bY%i)n@CI@3pjFC(M6G@6#z&2X-b~
z0{dZN-(q*<NJlclR3<u%nDkg`vzheGzY18WI942X+U+t1p8?fVo=~{<j}{%i#Sjhb
z!19Q28R-4FB8EICd9E|2T#|$i$XvC=ZJGN$4FQ)aa+fC;`NE|6ZBsThEjgRH5n5?n
zlunR6{R)vASeZWrSVVLLfV_Ca<^gqK6G;ys>WL~S03$HcvWpP8E_z9mc*^`()jEQj
zA6opBo*CIq(Lr5QFai$(B(z5wNkySKji81rnNdH1d&eD{G{l``5`y_DUu$wepBxQW
zIhv1(T`I8m%|yZ#IDcX^SY})w9SfFnCD&=?{`qQ7iPGI#5^I^;t&4iSrbWK4fX@PZ
zUuKb;op|CBUn$g+Js{LGjkH|e;Gzgm_OJ-g6`NhlR(@(&r{t;}1H2mUJ7>w~{+9#$
z&M}T2--{q*)H&pS6o)jAJ^KkA9b&rhZ4$xjVzuk{mmBe(hA-Y(h%cULIgc-Ha1!0P
z!3Y1w=Xd@gXluixsKgg|apMMRok;8nn3)7WCH6#oOWdqJ9dY}HA%tjVU6!ZY!t1bP
zKltvw3g<)`B#<@zv|9=HMw*zKfj3NLjeH_q5_2VYzJppL;V_C47M`;)8a2fe!1HtC
zxvKVO?RVOH{YJj}*o?(f?pXWQlzB6&Vd;YG`&OH@Nr(Jxt4IE3eJ*_XTsf30h_2bu
z0ZFXnvi)L1lT}f)tpfXCMk~wU_Pi3VrO7g`OUy&!HLNisBxUg)>cn{|7ieN9el)(R
zZaY6NW;*;Hq^rHr;rW@4-O3LQEOehZbRLzrRqd`nNMhbpIRLp(Yf!+YaRDYMXBN_*
zQF3?y7i@;dSi`-7#-KoOvZ{snDx)760GZ+z$JSBE(y~A%e_awXbO?$3<CrC5Xb^-v
z2wlOhyvRn(<9Frbg>#raeqc>r%X*zq4-;RCIU@O13}UhDd=nz0(&$J~#3ZpqT<UL`
zHzP)B23Fz8P;C-B<o^HVqx}jR)C6NY#CL(~l&C)^`9GQY^Ld;ZO7S(s;?X!;qCEd6
zc4rJ&Ot-*(fkk-QRJ+RT?O!FHLv`T4o+oucWM|4eD`3LZTY&Fob}?k>2|-?ARR@nn
z3Z>Ew3A+zm`CQzFn=SI*_vX0$-LdMA8xc!Rhz0A`cRdM;>_a3|5(0Ps<Rcx>i$ESu
ziwsd7k}<hhB8fGlDUacOsAv#)e2(i|4^vJsjtbL)(~v1vJ98Z$zyhVXJ$Az=7Uu@Q
z-h-uV%##qnyZw0DB0uqvL~}o;_YGotiymHHL<~>!pL`T;y->5(M9TS@T^d_7OQ7PE
z%FM~6K>&h<Ea#-ba#LiK2vF&~IdR;`=1E8=Oh}NXKr2xeZxxs<Ll0}fW9G-M1SnRi
z0}?0|t&Y0#u(XCOMOHOBy-b5$$33r<&+NguqT0Deg>zl1<`-8opP*iT`5eMODtB;w
zs^wFa%EYY*46Y2kP2BwVYmK-~+y{i)ChlgAnGr(KKO_V-af$qDg*eoF6AuhVHQK6-
zNG)&TQPe95uN3>q+Kf4Sot;5{yVvWC9p?1dj_r)vdxO!=hz;oW$Pshdr(MVCw0ApQ
z+T9s-#`b_Yd;QV+V?PtODLaq`fVNwm?PZ~##<&!tK8;cF+*_8`{#+hlqTZL);ZlLy
zY%vX<PM@_~o$h~CE!|uR(&cRAi{q`0kLqB6bA>stJ%QqIm&Hoe5%p41dTDr?<@NGX
z&*;mlhy;U^h5qu2iO##Ui?k#5A<TuvY{B8H;MK${Bndr8_;l}e<$`p#0l<qI0?2z6
zDwaCv>?!ppSndXb65O$_YL-1u-AqjpJnNvsc$AEqh^BiPQWxS!uD7l;UL=s$lPKmh
zu;erdyKj-}E$NqT&S<c8o$LC76{QkhQ@zx<Yd#F~gE$TWAn&2at@>=W^ETVa!w+2D
z+M*M;tdYmjuO_|9q072#Z@aV2Mmshg4|=0^d(d(A9NK2%kwcySo;|R8gU)zh)6P!6
zyEE9`>vczC=Fs-e-oPF_$D#Y+!&Z+->1nIS<LL*CBK7DKM)UHJBSv>`*%@O{2U*X>
zH1pD^Qay|^aW={VEMY-mf)p~1xVk9gLR>Rj#mknv`-I{JI4yt=)|A1D5)a^0HaZo2
zdLKWT)^Kr%Nj|FMdJ?xfPSDs{UTIWz`Fv_RnO45-EQrKiM+!vZ7J~4Q@K>7rP{G_6
z%6zD5{Tobsz^*(l=b>WJtSjWcpgLB>vu2BY=$H67l|&E?KpX@4Bj#ZNox019iRMh)
zC83-;4W!d<ce0V2#xEG8DSl8Dak9afxw%Tmpk%Jf<1`DmK{jx+za(%oaaV}iOdEfs
zMIdL{_%PIsmbX$K7}{TBV5rg9dZI!<3?Cj6Dwv3=?@*8X3$;Ov1qC0J0uw^O6>0HS
zM!b|4?tAlw##2|dW5m8<zQcSQs+$aBi5W0XJfXr+4GTm)p?S{9lt!vto#CnqQ&*Lz
zkdNj(A^(IrJJgS}n^~N5(uA+hMg8fmOTi!1FuNkwhXxsPxX<9VYsjcif=NgnhR7dx
zMPf#cOxts%7eW@oR}q`??rSy^H-Ekw^8xW*EQ}*m8A_J>uUJw@bj?77{s2Y(QbG+G
zkKv_IQO3Fn5kK0EGpZldZo>i|R4N}5HaGEOZL%!_ROOe~8iN5p4A&M3m}P7o#_RHc
zPi4bSd+-R;b(YyD+H})Fe2Q838w?ZzuAd=Fs33QIf%u@r%?AhJ1j)it^8-)lR$>U=
ziOI;Kv4xH$^OvOeTnSR@YdG0uT=A=GJ9Mra<of0|ih0Pc#Z_|c@MPq%yU>kUQ;dy%
zxK(^6zQ>cpg+gQyRF9Dex<P4Ii#D^}I0PG)5iFnWiL7mZ38@8~+)+1H@%l+5Uh>&p
z+6MP^N%8bYw4%vYSFoUrX@9#r=<e?Bbm{h}y*qGr2mM`VZ+krM_t{>rz1_D*UAp7!
zjQitmuhZ#o@3B$8W7~|eL1$-;78Hqh@({3sgIwil!-4{TJxe@KmP{<{h&0>>$4RiA
z7Dg01Jn>Wxnn@mINU6UcYJYS~K@pb78W-Yt#p}}0`{jr7I**NVq$Mw<m2JI+#Gtw?
zVSXIC@-Twb6!jvg8bXL$*asZ4g6^W=S0tB4=|$XaNX}@sB`yYW)PMXW>o5XMU1EC$
z22|zDRk%oNPp*TNwG>h=6d`?<D#}&NFLHxaFQF$DQ7&Tzis8K#*I;P`20X@V60ad1
z#biov#e8e<y33ObeBk<OP+Mf^+k6HBiySkdo5yjGS^-t*(<JoCc6%3}vM}T!5po6I
z)@hAgqOS?pmk@MS-TI?y=Pu^tdnlp1xQEe{hRivU9A!1y-S%!f7s;6xya)ZZWLR-8
zPIM_(C0=4fy6;t^FMm0Cohs^Q-~h`yL@aOQ26Sd*ZlGDA@S{?pM=YkT%#axm^S|33
zPn^~SYNobqKEs-Q!y;=~$N>tN>fg{;0Lbov<Xn}$rJ>ZyV@}3U(~6kZ3hFysJTy$u
zLC6C-5n>!*wyE`F)H)}+*tu!0C=RQ~sWXzV7DYaXVUd2vGOq%4mWgkP`WP#P7GoxH
zdK*NOg2=Q<Nd3g4p*jy6h~YbBGI0|EKaCNP>q)h&d^G#Sl0O+WUCb^)0_c9)xJ6#^
zkXXo+$_6ct$~RR~dO7=#tSqh1{}o$#P;qIsX3Gmpuh7~zUthYckELc(RH~TR)@oNP
zo1BJVDI&Yb)-LhN){25O?LiGaFcY&=ZFNObrc=!`+5|(pe#v++JX61Bw}R{-oTp_C
zNp02a7b>gbm*yycfVsZ9E5xQw3qeyNbT*H{c~tx?FCuFH?vhz(EgbiS1%QY<hC5z@
z*rZBvK1AZ=wPtg58wP$5HRZkP`V;lr){D##fJaZT&@@<B(&s1H$mR4Hy;|H_=^8Dy
zXIq93noRkfmPFzHQ*?;(+>3D*3YueHiTXw~;_EMrMRJIex>_gs<pvoa$~Gnr2hAH?
z?A8f5rCUoU5@6byZ?i390&m?gPN>&(gJ|o8>P}O3vKh#MSvZ*a?Yww}8Uma4SfECS
zR1oA^jk3IcA3DD);O{(n4HZtPmHS=%va*|Ll$x=2I<0O`hN-Q_-tg>EybaGDJN}gy
zvO1YjE<sZG@<Mv+SYXETx_IjPD!RWicZu0Mcy-wtbK~;`!9QtW&|mW*KUnKi5J;_9
z%6<hNo>P9veLoJVeKQQ8;9zu~c&yYHJj73kdXa?irVv7I+(4*PQbkbkLt^v<Wm%<D
zd>e2_4X(T>5#(8%jF7Ct05e6X;^2sqXP+DCiodQ;95)mLAWl-0#~r|GAwQp;%QNvE
z4;jB@VFT?YvW*nSUMcL=ZBT-VM2@+$%m6$%lL#gD6s4%c(;<mioCNav4&Kq|Uud6P
zgp8NVJQS10UZ4Hc#9D@K(45ieUrn4xq^tEsvEI>?evU%4iC890$tvap^Rr?paYAJl
zO+y7ls&!QG-$R?TqTL;@nP$Mbm%~*Yo)J|<7Ly@i$Z&2}D-$p8pj5mNOl+m>C@?t4
z+CpssdvwN~;n^AIrRV$bj0EsVrPxUY#P!K6@nRSHLWXAt?<BLu_GGU`3&XS9-a8uI
zT)4j(u{PZvwshMghr^?DGNaKAmK=s443B|+9CPCOj(h7m3H7Am1$3LUgLf-5d&V6>
z`~=Mlsg<GAZo&VycBKhGvjOjf)Ss-Ak3q5foo-t;Jb1qT532e<cG~Uz{jE;Br~5xx
zYyXuDbZ|C25ohh|B#h$R0%)tKoSEExBk>ZB0h~Cn8{w#i^Gj!hX?gMBY#6o3ffsRt
zdF?WxEao@NC!+*X(QO(~+l}X|u=zh{7v$e$>~V^9f?5S0|CKOs83YJ$##Jc5qj{BF
zhHMPB0va==@XDeJh*t+sjrWs4$;QU0<-2;@Tb|PgOFu%pPx{>{6_?97ULCM7imvAa
z523U~Cj-y5-PoIF3KOKeN-Py0NUG~dB{`=qae2R}Le{BtEw5=eLRyHJWQ4Yhi)~7M
zC(`nW!=e~&8~l<QD;l&3u(T?>W)xHVCawP;1l}C4%Q?9?J-BSiOmGi7M+HX>)lGOY
z*E7lGEbv@ak6U)lroIe=Q4$kG<zstBe~}|G?ck*fsF-nO9&|(5JsB)@$q5HIHYx-P
zJ7h5<GSIdm6xsCJHik?(e@i3;!Ihc7EJs`x?1!`iw0ae~+(`43!Fpn6ZfodDgln1F
zQ;0It@k$zZiic+EIEZHA`awQHA8txQV~<YsaviMT$blm+zs?8iTIYj$o!9I9dDr>P
zZay4eYPE)-W1wQGM}zF6oFHusf!6o3U?j5XR<W_N%~tXjlcjO)DBg`?ts2c5@n%qd
zPkx09S%uXZ?}K4Z%iu-s1}kwl_>$ZmLfn<mK0wIG%_7|2%BHF$6Kg;B;9r5l<~ILc
z)QV(`S0p%2Ws;nxONQvkq!84H;m|T6MjjnTmk!Q`Dr<z@+n9-##rjU$X&8-wy*`R*
zD4{b$9><=MdNY~}@siHv4w#X|k6n;)LeQ;7m=YivS1_cpD-KPb#I1_aZJ|7*#LRA6
z3UK(dA`?n=Mst(Oa{!TO^hvqLG3+&(A_8g{DNH2_$ObHgPb#@m6T4{gpD?fT^n0&c
zS<FRYkiN1}YW*un!}mLyyC{jIGiD_YD;mkteiCWvZAZ)Za#>r7A9%>@MkMpOqA5*Y
z6}4i_16vxuz)RnRiw*&^&}X8-nLN&Kk{~S)rVJ9UKjubB+HCVD@R5F6k)Q#x&2^UP
zA4SX84O|IuprGLdR9k&;h!&*}E>;0u@bb0E-gT>#t@4Pc$Fr3BO%WFuZGe$Urer*>
zi@e_?Bi0O(k>}b4){8}WswNaGT!@bu3yyT4u8veG+-pBG7Rbmr^)k^(VA6_zmyH;g
z2gVU)Gwxrg@UCowkSe}%g8{z1q#bM~88IBnBG}yj+k&u-EnFt~A(F9F057K~L15T<
zS}y)Aqh37y?X~MW2aXe#jQJGbP}dq%R5Ht&h@Rn8Ld=;_iXP-prhL>0N2Q@|UP`Od
zey82-4_<25rBJ9%fDcuz`Q^v`{ZAz?57L)g<n=s_cZ5iN<*>#X^SY<ZolKA1$mX{!
zT;UKp=@MUjGU6eE@c{aely_4LYJqUb#vzNQWdXU{vhc%u8RD9fdKqc%b)!N&@}SZm
zku)W=wd#>7fIMRuqP?<N_@qm6-xleupek07k@=IWaVBfAjH%76eT&7@b{;+Nq>I7v
zE3~v4&nr{YoMmSbn7mf?JK(vF^op48i1*%vG)~-@ClNU~KdWkT2V*s>m!K^0tW;BU
zkjm-Lz-7pK3zt)|Ot|NmIDLYks>cxP7ohe}20^1pH7G}5-v*Mpwuy>XhZH6q{8vWY
z^iJo3KWv++tORS{QhOIbqy!gY(5R=^jJJbjxF<Yx<LS)Ww?dxy&Q-`qu5UFg1yquu
z6ks69M_Jc0U191zF#^3{u5&E6OeS*yWU3WGIP;o}ev&Sun5R$EcBj;LAT(SkN`F5(
zBL@K_U5X_j9q|akzn^BKzH&I=-wA2v??-2w4W)v=5(HkK{UpYH5>n-elDfUnsS}N^
zX4n{<(7k2h%ZM-<dh@ilC5@+>4ba0`6gSy;EbiP_qE*=*IC4arnQn7&w?X`dOv05C
zog2$ww9LSob6lDUZ9Z3;s3|0ZpUZs72oMpyQ}K7rz@t7Z;lSG|L?b<NZGqo^CmV@T
z(p*b7kX=b;TV^og$!n5+acKniXC7drfpHpP42`ms%R&w^!@^;{LQPaF(TL*2QVq%l
zZG;_;n%+)RH@R6{toy|1M1y#YM)8%@4jLq+zQbpwL!!`Qs<)Op7k8@mtk^*qRtO@A
z)V`EX%n1eako;H;%aj^c9b*U<jX*;O)Q@?1M?)tK!olJ=sxv4W;l!Acr22K$6P0`u
zwaA$mGl-SKd=7`pVq%ewJ2fMiFzqlb<Oi2c4Ixb&pnYR7mk;72L-<8&Y6ADk5&o^D
z#nGJHA;x2IC6?}1sBTwG!cnE`@hNC>I^`IHa5DUd3{ORgh&JN4OwC)19QbLu9EeWG
zxC52v7%|z3POPXP-6B7^K5I^7xfgj7sl7<;smpFLBomXe%J-uh1)F;3lC+K^tCV$M
zA*$EOnJGQ+$;CX1*$jfH7ZmD75dgH~$pl7VOd|La=TH!v(TT@yOZ?;M6)Rt{xgS9Q
zd@MHIRNb<&z}j*VR>t+H_aoO~HkGmTvz1HJr3uL8l&a#1tg;+2RL<3BpdD-RzNk?Z
z-$`|CZfXUFO+Oc|EHy<Vz7w`*5b}V9GCA>113+jm3JGWkdxQGq!)z2X&!gmUDt-jR
zljA~lA3r8B4JS;2H2E}c&1i5D(>OYoX<(@!2qh)c0%+({4w^UMDIqf&7{NPeGYzSI
zBa|q~R}>4KcvNg_SXw!6J6}0Z$(~bwNBB5qe%dm4I1;EA14pNzs@v%e?gza$G-l%1
zd4T4W=8TimgUjAv>-6Aq&?6H?sYrc=^?3f%;cmCnZ_0ED2x;;oFZC<<++h$wuu^6a
z1mQr?$-`n}z@3uD#TW<=8Nn!pZj~X~NzBhe9>a+g#^=<Z=$wI(>pSup2=@3Z_5#fh
zheBznd~lKrzgFc@7ERG<^TNF3Nt!32jvLjp7B%oj3o(A`E;$??o#P#APdVNKC^lr#
zNFjF{FA^ykD*;$%y^IZ%iJXL*v0vz<Jg8``yl@DG93?KyS_6`6SV%|STp{8%Fp@xg
z0IpVLsxf&3XB%>+0w-F89HWB}u)1}h_Q^-9v)65P2D`0JtG(6jSq)-!+wIQ&{??#p
zeImKhELjL;fbIc!JoP|mSF9Uc!Toj>GB7wfS9rm?V@Nce;yJ~FDVwp7dh+@O^yygM
zv>AS~i?6KuLy8=a4lF1E0WM!zHYx&}mn?i}njNEDTZNTdt<<AY4V2|{k4Xz#W`!u}
zeMw6v`Ow>{V@3ws$aA`s4e5r?l5CMv@Maws`iL@>K9q`VF1v;0Es*arc+0_1V#q#E
z!xhtJUf9TZ`Ge)HNW9v9jGS*NIX1ysm%hd=BQnfVWzQ?huJ6VxBmGL|)OR@|>w){#
z#8*K3&GECDWoX2C9K|6Gesc3D_gnESP+#lUT2A4oX6()wf^=kvNz;i=>Clky9y5|k
z^*8A9jOh%n{=3kP<5a=LyG`^sYhl;@SZ%$+REzgr>bbumTU7*C0Oi!vumFlPOK?>H
zPEEN8yIDr?A++*jR)K}sb#_L*j@`3qufIEJcl*83w%yrd-FCOr?hU$Zyt~)i*&B@p
z+uI#yurp}eJvM0XIfH&@)ZMe!2nzw8_9SRVcIXDNhKI2GJ$r{ajE;834(mB|u*>>;
z)ONNzdvw(8(Q&uewYSF=$PwxKGB6|b5UmXoQBTE}#YWT}c?vXQIz$0?@{8!<pn1#4
zT`a_gqd{;G&Uknha&ewm`@gF+y$?PZF?{C8x<eWfPEpDo(hp#wm1{P~R0#)CV9I=i
zw&c_Ucb#Vjk+;gyG*aF|7R5ZsF%a-5zQBC}IHf_z(tiRk>N^NAi@<1;@e-@&dZFSr
zBd>x`7H{B@7_0~mm(4s=PlY;EXSAA<+>BIU-dZYj0ZLZ|iM4Na+U=Ruux4zAhe)U0
ze&@;sp&QWgOEOL7uW1a#${R9cvfIKWk*4Oena<x<wkr>-Voe>#+W%->{Nv*4-TR{t
zC&yO9Iz7I;IyibaJhd9|!2J8++w=GDFXcbZF3%4RkD>atP&8bRO$_&4#2|d~eV~$Z
zEf6up+26Kw@@o{>S8;wrRX{A76PVvq^7MZ2x>es*ty}f{QR}t>?CW<UO3gaHcf|tx
zT#W!`G_B5PH5y+8226KnAwE|%^j3Nnmeu7;6KqPwU<+=R*j19SSVt;__$U!az=iJ2
z5Fz03=i_^3Cum&w_&erwtD6?l!!(+R_@~RI1!Ri`fwiAb(C5z$OW~RQ4Ap4L;YF;^
z(tB7YvU4-4EbZ`mMD~0et4r?clg%t&4vnTGPD5uYdUf7o52I}DTa%EEsZXyoB}+d0
zg?fotB^?WM<-vGqgzUY+4~fA-*)U4_U@CWK;OsNLKwV2}tf+p8jfznwnLRRb<7qN#
z*?hJoNp4M<H){ggcC;0TjBU-R>u<>)<V!E4QMftgVbdI~%qaR%Sw1)V?oKbH%ic8H
z>h9t3cK(!vc*l=GZqteJ@Q)_`tb^s!G@fNKFNS4YvuX2Lz<sFYu6CsK;Tm+&b@k@3
z+-%#Q<?Xg&JT%(egoY!bL)hH&&{&hFFEo{daI#QMDe|pM^fa6#7|~Hec8Q9Xr@BB>
z%hG+zBPbENTvy9CF_m8;lxQjORn@>e>7q7RM)wgU^VAH8rIOY5)_AId`!k;_3rf|3
z>Xff2ZFpI_qSTvj84cqRqw%FXV?2rT?grJ2dYoxxsy@#5zDy;io;#u=3eZYNIrW%!
zoWU;Z?)L57UAo)ZYq#6mcCX(Z^quy&-yQ6Y#=CpFJ-X-Yw%hGNr?a=W+u82y4!Ue)
zw^`R}SoAK+Q|<RgtlwkZ{-DcxcAt%RMs&Qx_O=IOw&UzDd*lqpcGuqS4|Y4uc1DBU
zUEA61xAz7EXSYWM)!&kk<>|Kj<LyCrwAbCC&R&P@jA?H?Zui^0UT@^IclxY58g!ig
zsMBfh_IrDy-9ejfZ})fXQGc(yyC*IMsLSQr1&&9%tUs`Kw(ag-x4YZl-f4ID22Ovp
z)9DTdqY>+L7;AU!-rmlR-Eq2md-ir`o3{7t(N5Rtb=PPn(2_yJijwizy+_G%bu7vJ
zJ~8Y9dYuT7>0xK4gxLc-)Y3)1HnT&%FJIRBp!@R_>qAKwq5}1=tvbU(-k!TS!{Wxj
zrP>T;PabGxT4~uVG&QZH@~+TK5c08dSY}TOaGHq=H;0-4pQy^>X4v*Zbp;z*ZVpH4
zE0PN`xQc`JptFEg9o4s(@RN;2OUUyXi>EB93|~f<bpSwLdwYXz4X5}HV@km8vP_jy
zL9}3EimZn9Pd+-4>XntnD4Vf3bnSBnzq$TIJK)3oPpF}$NV2LUNTGZUNIlBPRzpy)
zm~5%fD#oXk?e@d;UFyL4zsQhSb!PG{FJH9EzbM0gRP2m~J&LE90XsZD(kFsGd|sJl
zh7Hv+{Z2Dp`rF9kBUCqKT5j1}O*?e9B$uu~Y1uqvJQD3($v)^V%<0VATy==ta&fv$
z)QIem223rQ)~YS21zfTn^&>g)qLuZ`{0azMYh7uDy;yn&%6*gWPr1EP)BSq52^aHm
zzMl3&HsiN|igl@K0_63&b9hA=IzUJTdm~0-=F)$q2r#9$j8GYlFjwCS2~)x+weoD_
zs}|*g(DVy2hroB$*L>%UI%c^Bs<E;1H2we&K+5NerIt!%iw6~4(oHU})Aw{iCt|T!
zW70fu5z{y+TWS|9Mm5FeKH4T!mZ&Kx#+<x_5qT*s=nxG~Bkq%zxYCBvhv22Qzb{*p
zh4F|p`$2ELNXR2pEP}$Gfxl#+u~S3_EdY~I5<_~2-UBkm6C#u%95&cgBL)Z&`oq*?
zkfSZAnMDB(PjwafFyE~kH#j^$0vN1p<WyRM;KmK`dbHJBOGT>nxJmL&{6XFlqgU&!
znX+&I6JLVJopI+^8rxHrUg(7+txn&((HnsCiSIOEBSHX|JC-;C6x>{MLp2k>h&7{d
z>qcrHw3ag!GQ=||yCLw2Z0mtdJ+yGlMG{V!wQqI%KUj@IB^j&V{=r&UO(s7ZWsa?2
z7AK3cN(*`uji=<@<p(3D6k-c~hYSzjosn@!Cpz-2=`-d)uDwK$;ReV7j?PnzBACUh
z&)|ov$3+5PB<vz>wpG#Y^F~@g`_)kv=z2LE9-Y4v8=`<WFXghb*8u0)laa?@X4arV
z(pH0}F}X{IN9Q`Su_epyMUkr$egr+J3lLc?gEd(sLoBm0FnqWmv;vKTEz?y3sQwaj
zBM}C2N||zWv6M8V21fhp#%U1h-O)Mbb^GjATsx};s4KB!3)|Ro{W#=XFYsSYqeXzh
zmvgXwdr6w}{b(CWo<zYe(tdzl#2^;3vFA>vRY9iUU4LHB`ps_CM4!6Mm062NU3V<s
z&Gq=yQ}U~O)Acu-Ii8j;2PH>_tSOsKTYHrOOqV4T3r(!xuuS{3z*U(exvD!crCoF+
zmXdrBwF05<zu;JLMHp_PbRgDOQd<xCmv!N!U3rSQlHooo68_rUH;b8jZvV}a*1shO
zPNpjl6j9NnYb>1n=30vbC%ZHYO{^ubbzv`rHtD9w9WqDZh<S8gPz^yd{0SmW?uf_z
z34r)`Oi!m-DKcQ;n1?f!nT%OzDW*py2Nl>M{S}}?G^L7ms_k>>5d8s`xs=7H+sPIl
zbukn30bCiiKZ_QCtSo7KMJD1incJPa7>-i2s1Ve1z*hzneEcuRkIq7NNbPCaiiQ}b
zm_sTKhL&A7oANVpD>iNM;WZ}o#Jt$RI?P3B$NnHgQQDzL#?_`hC^bK5^0(A;#q-0{
zvoeFJkzabp)JB&Ynfg=~A5+D;fs!g13leFHRAz!gq{XH*;w$_PW>h%2gft}-Syg0Q
z!Dy*s=BaU3Pt}a71+gYSuaWIn>D*1rR=x>&5=ak@wg1t=dcC&qHo<U#WzU*IiD|ll
zDudSaM$H)wqNeCiQ>a8LXw&*s^!?5hbt!f#PjdI`@Faf}dZGq&v-YjO{NDL2Its_1
z()>PJS64F@)2npHTm{^@68q~4^t(?&APy%iR@{h3)@Si^m_+g6`B4PhSY>nP(z#3g
z*DLy}4To9zyk?;OpFF{W?WQh=n$|y^h!!)x_tdYO!p<l>gk*&18WEavfWM4Us6ZJ4
ztnqE2Mm+@@#mB^=o+k@8`P^p~mU~kuGV&|7fUt5MOcEMWKW2D6jUZz}bX48olK)#4
zMq-WT_gPC%OtqiX6ex|fVuat5RrwV*r#i}zEDTO|z}S7DfnC6A7SNDNvl%6_1mCOw
z!tbxfoI`RvPM+~&gEZy8MiilVWbSYJ>*lIvEIty81@m&|YNc-F2kP0PDNJ)w9YIkZ
zLGf&X6VDtkvC7;&HAZ5UHl8;wVigXuu@HvT_^fx?qrxm!=}z{FtSSZ{b0z0N?E~h`
zPyiDLH#+*V*N(9nwr)GPNu`{ZBGL-R!V$HrtE#HIPI-X&n5e>H&DW5fbAXT&s-j^I
zpA1^aYK_%6mfP1=FqUQN;%dt1N<fz7<guIolkk`pgh;dl?*DF0Y3PXm3LOsQvKugq
z=S4RY%s&4~-};;h=hJ%azp!c4aZJ&d$#OVZ5xbS)yYw!Zpds*!>&-HdMc3O}C7i|d
zJU%FvMOLUNy1nAW_nBv+3?htAQ`NKppi8l#;YIaJi=1UVZW3b8vfw`w2}t}EKLZ{j
zJI-gYmLM8k9A2JjIT$zCFDTb38Y^7aKtxw_IemY5yiX33Fl2u0%^R7=#NiBOJ@rG#
zgitJcicmY^3`xA$okEp-9M7Doqh)3ux1e~+#XPcO@BJ+cLB!5V-76&?gDc*koBCs+
zfo23PG`Vi#I_H*M&MB@cRbMaV@9^#WUj=VJ4^K{VIn(0r=Lf%94QqIIcy;pr@Mp=k
z&alpR?)>=T{fF~I@#yH_@ap|9$LHt6Bk|9l-v4@fd@f!)zI-!0!oPeN9%0`POZ%Sn
zML(pk9-}_)wu=}~_O!$KtnlTXS;V4fsi~@Ci?$v<Gmr##h#JYGR!%u<K(=WE-IbV1
zQ{PLEr^J_*4oAXNdF)ogz02>SQnK0f`P`|nAd?<Wh-0i=^vEy;DQX<pwsQRGwhvX#
z=gSCcVb00F66!%=CIxs%j@a1sS&oWS8pmedXw)iePL<%Bv1n?uFrF}fSspSR^x|U`
zd|zImKBe2Ffs4pmO~^Q-Lc?ca97&AvA_uCL9AJ*=r!7sV6?+i?oe5EQ%AFtWko*6a
zk4k$uO-3V+t+jJVva~mEGp!jN!EYYK`RcGp4!|_AS-?XY&Sh<y65TH2BW>EAyX8hv
z!lJFt_TB(0N-4-MaZ^ic!r{pfZYBR^Or#VF;`Bj^m;i_a4H8ci)IINbctZhyxJBLy
zL0H-^C=`N4{a@niMG0$Roqn-H^!Te#m(;ujb+cI7-6+M4YmxWyl!bS0#Gt0n91JWj
z#!<BN7)g>C4(bpgD50%YFd;|+?xX5=iv4wTfvz&@MW92=*NiDU<*yO2_MAll_oJLt
z6Ed;na)B;)QyNRrR(_LOT@a%aYmW1fP_6K*f@l&SH);_@94qaLfd|vvjgSkyi2V1D
zq~Gea8{#*Q-?30XxnpEZJ#QqdnpsZB1FKAsY7%UMypr~wO#l=QIaXnbJjQ~9am>OY
z0Hqbz=n+>@v>FH%Yc4@4N?D#4&TF`;q(t{2V&ep~ZgGZrEM}fq+0rm>K&raBdJ_-S
z&j>mk(@>XClPg#JGNyJM>6&S}By7a(8y26ueh?BVd_%-X28C5DIN1*o_+)t%fqtd_
zrLa>#J!+9oyHD;(H_|AkY1|@*H8!QUE>FTL{pwYx+m5j075Oi+-6r>BJK8KVTcOi+
zS5WCP93$mh`vTMxK&@PY;D{=<0ah(lCP1=`$SXS)uwiS6jbuV9O8A6m?%UIl`|fY-
z=iTTOL)VId?&(`485Eq{+(t21AT{W#C5NYH<jtXKMF_`Z_kK|xTYhc9Hz^>o!y-F$
zN2pZ3=(gKC-5l}Npe1s2Wt4#Yv?0Au8A%NNOK>cUr&~eDZH-{bqnJb-?ZzPYXm+ki
z5`&o)PF@C)Y;vzXgYz_F&&fGV<GjhuvMIn!u~32)iNF0qJ=byL`B9=uV07Ah{f2b|
zfpga9hGo;&iSJ;@Y~Fr=Z`rhEhq0B)LC96edEC^`l89X}J7n71(y$`<cl279HGufY
zd=-|<lZ#xzL$eZ&?rY1Y`R+cbqu{Be5gYUf^KI@hhnyY1Qw|MX#qEFyV(!?r;biq4
z1%XR$n8K@<cP>alG!jSojQir#m=h&GnPjBEG@46+3D53S2+RnyLvS+qvR<W*-Sc^f
zRL}~+!nld%kI<}AtXl{BjKP69j4kn?#3+oK0`=4&w8(HQD;~*o4k53^8kSylO4?1#
z=EY^kp#xba43S3c9u2sAcpzF)pF0I^^OI{{AA4|ryiwm~2mV%mNE~BvIdmSGUS_kf
zg%H+KM#$kohL;;whQ?zKTxPX=4daKKdr76Fr|k3VLZw8p6GDi?!nXC`%358nlYw2$
zOqftiLzSyhzFqQ%yBq6sUl+!NLI9HfOXU3}8M_SS3MHX38;ocs1F}S&DnxpCKtfft
z1Ee{h6NlgVfGk@a<`uzSCA@FRSe1}0tT{OqNHY%Snv^c<CvQ0wS+%^4s=5T3xray?
z@#53l(~GEVpgu&5P$HiT(U?(~HJY}VlFZ&QCE@rojKi!-96@-Rff9}PD+FB1A{jsw
z7w+ZBMU&o9o$_XujC6%iCI-)&XFdb~bq2LqgjT4ocz+@;JF%R3=uXm~HY;qsSnoyr
z4N4D-F0UnY3H$p8g)O1E`pnEvfPd`vcDlgbFMmHdIBnpMgZ6F*eiY~XEz2A=@E(k&
zd?*d!X?=0oRLEm)^PC^__THmd2<cLr-2?TejPVhINX8})t-%O7%_+C#(`d1&9$JFG
zO=KrF{!Jd7ah6Fi>n=<#%dG0M&@Pz-aL8u?ja>{IDD$V5zBgrF09zxBjMy!RagdQ(
zQfN-gj2akqhW8NA`R&jJ|B4dCQaa*Las7ljGEGk$!LX0V9-S!TOD4C$XLl;b3>SL~
zVo{kYLGZHE+IiU!|JlX=?7f8HxQ$uRvfa``l?NEnVT5_8aG75&kIz)S1E}QCK<qhe
zjaZ#lM;13A;xApSbC5Q;^s0#D3di+HjuoigE79^ML<UUcxV##%m~P566n>|yJu2-H
zqpCTHsds}Kvl}{4wq<U1BZ7NW%@nTfmdUVW;IX5m2@KE52dhKmP<4!Pno;}FExtQA
zG%9Jpz=_{BbFJU+>;Dll-#7l3;Ul^!VFYMmC69OF4a_?YbXKJh<<fU@4R`zfmim7i
z+q$D}{1Xp<R%KPo*2k|@7M}k3!|UVb+4=jw|D$<$aC&h558?(fuAMN!EOi<LjE3SU
zvjk~?oJ=dLT6witI_o`}_%>8g%Emaplf}RwvRLXtW1je_Q<%?YZcJt@ieyOth=~<>
zcD~ehyA>p!x7BTTy4yGs%=3Qs`JF#>RKDWF<SRj-c_Sz&WIY!(q5pX1Ke9jP#|KC6
zj$1RQHR16r@YdQ!yWMUNdOi4WyWP(Jx8G}b{-e_y><o6gJA+R5KiZw`?d|q|koH=+
zsQ8maF%AEt{p7ato%=@q{QkSn?jsgJzqY1~IxMtEi+ujPu~G7Zs^jc(|5q9cS$e_C
zG8pnTbtVj7D|tx>2#epKLGVj~(#A##?Z5-(D;s3Q$1#Y(7#JcHT4jd@du%|_G$|dC
z{$xWHmsORzZe3Y)C|fv5SyGMaI7BBvktngJghm_YQ^Vbeyx6i-a|Q^PMTEw(((U$E
z50f8258sG|)S`+|q@_v)Z_16D7Riw{2gQF?*<2(Q3xSRL&IWv=j~yW>hS}~Y!BTgJ
zyuG|UYmmwL*&($0GacX1*2cyG2r=k<MW+UdnLYIp+QG)?dG`A3CkWj|ISbBTtx?M$
z`i-HEwup!`_vy^Fg>WQPU3?L!jOH=3vGj<vq-WZunBU2hXu~zc4Xh@q`m(R92oK*k
zGTlapfY7ONk=P8s+=zMVmD3~M$WO(s8!4gF;}h3z>7GyB$<&)~u<=;vU^1a(?6G?x
zgSR#|{_~^qnJ^lQsS$$Bt;_B{y;8SONbg#B6A4jPnhZ)VC5Q$+;&!5;6Sg3eQl;%)
zDblULpKNYyym&#*LI!ea<i;%8*!Y`aUEe3yCHqj^$8sa$9=zW88~7Oa$@PE#NVZ$;
zYaskaBHCWWG>n<Ev2ht{3>oeN^o3!_cU&Q>j1pz`!nET~pUhl85xi_{U^bp;9^(DH
zar2!N8GjZECpnnW-?&eXf4(69CT}>Oc#ORH`53bJ?2wBifgFg38~@&K?ic>Q@o)0+
zKR>D_9y0a_mp!9V%tAHZGfAfv-A*=BVwF+R6CAAw2W#tQH)=}lpedbxTbl$p%=TQ5
z;8PjC*^OXPtd-YvN}kFdy^GdAl<6XQDti;4)C5@L_4AoozfT^?-;!|6%W`Ameb|tW
z@_!{Rl(s}CvCe2xnF<-_$^OR1_4W0}UociTWC6xrOB=IdPCPW2Q?IKg<lC8pkTjbb
zaQ{b8ATXT-n%e+hxq%6#Q@t8w&J*b?3p_3@#PV2{nHlo4DIlwDKp~AZALC>0&?9dW
zF!Tm=!X7@_o2^oLN*wZ1qPUP1C98!m8Eu+-(Kw#pGB4QJxSTR5ZLUg!Ojr!I6XK3x
zOvJyVI1w|8iehvFbIqby);W)-Y(rgS7ap~5z-Zz#FYR|Eeoi~S*&@G+<$)h<K;n(K
z0eBb@Di%E2Hzyt+VN^+oz%bs7Lo5j7>_vRWxNoLa#2h#;A3HSMWJlwV7Qp}DKXT)Y
zT~8biLUY~<cof4TY%<?%jc7D|VjD~JzfNzbm(%|Sz3on||9y!+5sOKa6BdT--i<fp
zKLa;lW9oY9-#$<Lh{YQlFVLZ-qJ~_b9Q=Agj!%c6N;DAcz;kcV%RpoDlHNrS%Jotl
znj0_3lsbgM>45df)j<v=i!&x6%;$?39LXVz5-;9(0Z!472LV<H7E*PCMBGg0jm5Ty
z;4}<16NksFC0J*~;lzz)jd4m|Ld_(x)L)V*=QkvBF(}QA09C@5nSNp7Z@e(@5wY~`
z4AOKFCeaHSb>?Iwltb5d<ChY?P*90t*Ylv~w~RQ{pMZ^C_Ylk6MszIBV4DifEQO=<
z`Nj+4uz>jv^TCIM!gD-D4;DqAt*mNohV@|WCNW@f#Jn*oHqs0x8uR855eBjBfjBtb
z8CE(+$kJC(_um!$wkax$lt@Us&DMrHCLcc%>o2d=j5Q+)K95Pr0@6GtO`E(t`1PVG
zrnPza_F#DWZ}HE=_ot`t4$gnZpI&ZS<UfBTR@)+<KK-AKc*^_@LI`2@l#`c7%wup#
zWmkm^C393&OR)eCPlx1}vqKVi$;9<v0+CA2Zdc)q{5vH8<=jHHF?Kg3XWVE1`SQEC
zIx^?KX+Ygdi~XqI^)Ib|M%-V$jYa2wr_=6s2ZQYS-|hDLz54wB5`TW*AS4@yO@4>%
zV|kE{PCmlFi2N0vj1t$2hrYE>I*s&KhsG4;O-(~SLHA$gjfVL=aUJnkR-Cf*qt6C)
zw5D785O8e#J_XFG{I9Of{X_2YP|yu0Bl@b{Al*)<LAw2ZgLF0x24n~cvCKT;zmfwF
zqRNf;(r&0qU-H>!`0u9;$+3lzf&qqh5$j03Z#oyXSe$ACn<`rt8nu{%Mb3@hSz|Y{
zsrL^?L%6lxaX+3~`=kvICm{`{mz;|OUCoUJLyLd)T>nPQ@5fK@&w%=n@F{0l%~;hu
z>h7m`n&#lhIsD7-M;BLT=kMPgU%oy5aPe6Wk$TmF$QJaBXX#5FG0LwVTh62TBO#WM
zH-H`Lu{ajWH;p3Kwv4wvXI2^3IV=*Q_ipr>hYkxbru@#@Cm3i{eCd$+F$<aV|7Rgz
z^qS!Jo#ZZN_pw#-l1!Z?R@uX|G)I>}N<{vp5e*MKiCU(n-+1hV^zI^_!_pD6&hp=n
zUC(<TP#cgCNhkk3ILaj~rXT^J3AuN~zWXUG8Bej$*aU(o%Z5lSB)vq-pWnK_sb`r-
zpK~mriTE_}U=^25hv++Gr3c)jYCDP_X_)Vi`1M!Uf$h}EJp)Vdh5MTrjDGH!*pKYU
zFkhAph}t@`>4m+Dru^;<OwTa%?3NXHjRNW~>UI=U`^NPrWvoE17o2uhVc=)xd@p2D
zhrUN@ofR5V#Q1oeqgA;>vj<d4i3S0pvE-kmY*e2QbQEzfi3<xjidhgD_nZ2Y?}%{%
zS(A`4zc6lM$zrWXKx@lA{hWV&Q3D}!7Lng==ZR<j{i$+f6W@iyga@<o>s3c3=0+qx
zsEBP{Hs5&ukLIW1HZ3eIt}5dai-jRyvIl~Y2Q0+8y{k+RwvD5>VEBq(!dZCF94#xn
z*xhT7+uaf>#*%_htil_gA2&JAFvNG#EBmz$vfb(1ot@_%<c<8VsSq*=UFVEvPYr9D
zJ>D%L3v{~15BJ%-))JRzyFeSpX=kASoz9EVmcAmhq7L=!l4H(sqrjtcbsd9Xo_QfK
z1%?rig`AUlL0l>)s!1VDmL3A>#hl?v%?OwZa&!T%D}Q5rE{qB4<;rikPpnS6)oX2Q
zViHg!yAm@@RB9K?BvZ12bV>>brVzeUDb5!E%|5>mU@1q*>{Uo(_DXtK;c$zt<OYnc
zVjffP_nY15iUz@t|0`pa|JQ1efIC0_zyG!V5^(2#t<N7jvrn6wWHcwQ0`4>*w%pq!
ze<Oo-w&5`kXB5Ufc4zD=Vxic;nO9Wa*H08-s<ZNpTzWrgI=}x8jeY){r2=_e1<gu4
zVB?{K5=3FfKcy4u#wdRt!-$Z-5*aEI8IvyO4NOnikqu)iYK`R2s*!BxrR-WG$=%(x
zMpA1e--SjZF}442t%Tlw#p3dKOvmGITql{)`)3(oxI<gw{&>wies`I_nus~t*39+u
zgS5(a$h4In%nMq2<i2>0fzNk&tpmUA!Pv<Ex(=l+^TPtIZLikazHO~dYGpImf90BL
znT)%>vV-JG7Jz%CY9@5DPW#!FGO=lwYh8`6YSiiN<QpG#Aq13<`s=TD)Mxbm8y|Hc
z8I+Iu;Yt>U!?O?M1Eg@N=#__?7;Nr&G>BM1N6bzuAjB`dk2<;gsM}j&MC_MeN1Z_@
zJ&U!swqyhVQNp#0-46L(ZBnUCDz!-^eYG~J)Fzeh+oUp@$Lg9Rf1E+(;FmX7w{93G
z)VrFo84u@IImSu`?vJ#x^xM0G-nZ`gJwQkz@(YeUc?To^)sFdi&)FOAedA;P?%?m=
z)=Fo6YPXAhBHz}i)BA5_mG^ghy`5(dclbWW`(ftXcdoyXsqf#qyKDr$dt>kJ65V=G
zAPrsW)~4R?#?+fLe3jkBE7-m^pWDt=vQ@uD6Yn=N+7*)Uw`kt|Mn=3uLU@W<H%p4V
z29f%~hTYoG`6n}U*4Zqzp_7o>(20L)L+7&_I^P}q{VHS;z&2*?<g4cjdHQy2KpXjA
z*P!6-uBhPkY6b6mQ1D7rj?&%stP*fRwt28N^2?iYwpS35zj}q_8=Q~Dhj#g#9DTiW
zQZ#~m`8ip2<cFtKBVQTwcD$0pcrK|Dq)MWg#!0O*rgUnRk?1+7RmNIntX0N8oyr(Z
zg}huUdw<DfBPcB5eBB`eyX@J6VK(x=u0cKQ3|7+*_jYUj@O#h?qhywseR;tAtFiM{
zh`Z@lFBfgUUSD5{Qt>qn?9BDI`~oh+H{j7LF=%{E<4SKQi^lbvGE96;<2s}Fi^lb6
zB^CF5z<e@xJynf3h<W(+X}CH3!`Ej&DV02dG#y!giTSaMb(Ui`Bd%|I36yC`OUy#u
zG*uaFr0PestXh}Oyj1JbwJu%Wt6G<?b?GYdwfnVpzn19NgPeZ76alZ(DG<l()ty?y
z{w_3ZLtz;O<Et4B3NeT?dcU%ViToEas0AUPJc-=H1$PM<UbyVm>+OZ1GLNHbaDi_^
zr>duZWyf-1>c4TH^7lUVQB2|5c+O=pJS|xkPjq-+facu1a~($VO7_=o6!^*YJR-s0
zWc6j}0u7=DiRnaY{4*L5-xL9BmA_W`Yn6XNuWFTlb(LS-%lVVLHUm`alci<=d5FV5
zOI50jF<_mVXaUx*QWf2+gMq&bRWvJ*UIihGq9kN12#l-7k>&-r72LMf0-BU)h~o3%
zLfIdSOV-(`*iZd_x|S9JlO3E5i+!#^$>i^~<XB6NwdD9sN{+RZ_&_P~*&Ri{0H=kO
zRVMBk4`FNzQ$+BtcM_Y0GKgy!!Qs1Lh!&5~T5(wP5x9VzQZJNe3Z2D|Ge>0QD^;gt
zvD428jPvZ%EsnW*y4N?|8~I<K#TU6-C9rm%qyXlYC!-li{e|iw)^M%X4?}k{jcfJL
zeB();N)rkj3Rz##z||3f(mjBv*ikZD6%%{w0c35S`0*oZeu>c#{|#t7efDs~-+#yE
zK7S^^|1MfA)c<;zs(WxYBsTRt;?bD-_ME(;5`f3&4%__d+!3`hSSy3IGFaWKS{baB
z!7B2#GFU5vx`kR9tf#xI(_da0EV=_LwZZLmYJ=G@<60T~N|eDFy|0zQuSFT0(fe8v
ztQEmp5v&!#EGxAls0Zm!s0i|)Rt0O_pjHL{#M8Zz|MfZig56$$xYPunRt6-uJZrz;
z*Qp9V&@cF{>TKjmO4|#f)V8R0-c>B9T4&QQ)H++Ov(-9Vt+S<vZ>_WaX@&S&XDjbL
z`97z6T)ktIWKZxW+_pJAZQJJbw5RQ!wr$(CZQHhO+qSK(`R(q1&-;F;xN+{O%(@jf
zG9vTIh)Ck^^ZJ(Svc#rLM=Hz4_p9=SRlJj~a>u5%VPy@;#;zjmlE+3h?ec#_0&!bS
z`+Xkfrm;(T%l*z%`dQ>_`S_;RvKe-uu&t?C+OhJf)-&^M4Sz@9JSJxF&x!UbR%I|x
z@|{t`(<`&9QqiO(AEy-xHep`u8lp<$iCL#~x9quNqn64)l8o2YsP$Zo{$So&)$x4r
zo^b{6vD16O<;oXX$~%P3eCC5!=ZY732Flb<<|=@zh=b*bsELy|4a13(u-sxMnvp3X
z9R-FR^^+T`$;|PYBKn%CHMCnzWU-)8z1u=IiGyGIT)y6)t>jFxs%h!?)sVnK7@&^(
zsmD!c77C3YN3DkTzmklzOGnS`!-Lony6?lOKGLE|?afAr*~ZT6v&EnMezYBq=QUXu
z(0isoMIyt)J}Yl^$zgMtfr>8mAWxO3q;t%vn4<=}U7F9h0<LDcY_<#YnoFmR=^ReU
zsT?qI-srNj)|aQbksooD`O)1}`N8``r9u{%XN@YZ?V`OeRB5oUW9@cvNC(a2=|Tfr
zkmA}sV0r6Q{NJ+p4J#ia-Yz9|G!I(FDNAYEm9K_BN?E&ksI{Aqjv3Z7<xc*#D?^(n
z)+j?uY?UbWsgX`J-k_HU2v<87O0QHq_6c+4_7lCo&p}f&$#?5#UYnL_W`?MhJ398*
zRW2?9k2jtvt9(-6C#uC&qqEB|{?9uW6TDOkAaioNRI`4!f4#%oFLxKiLXtQ4Ctb_Q
zg-shIAa4}^TORNqQB^ieltq-UL@67_O1x3EUoR^hY&>pSoZDk3q~#kK)0POICZb(J
z2vAe2C>;F1M88{Xuw{Ymkaab|IXNZaeUpkb_nm}PH+SN?Rjz~o0RNU_N=lRV{+IGm
zw5!d1**1Y;(jFFkl?#&QAWzX2m4NH7VDsPp)Y(%hlv&=;Ij*ZTI)5u9{$|hm+~i1a
zm8i)y##CvS1U{&VRsRq1#vt@`HYEHsUCc8h{G>*m8;5&njL{-0SXO>e<F5w)f5bta
zk*?843vw^MY%BiSzK#8#m%%@WQ&t{nG7r3PmmRt5*`cP?;|aCo)Bp8V&019T%rSYP
zt}+2oQ=#kl8@ZWnZ4lUY?Le=Z_JKoHecft!*!Ta^|HLuGB7<qYzo#Cbexg?@Z%i7q
zQmIwWFLQaG{#X>(s+|8W{co7UaC!bJ#-Nd^y1qsak!aNU6PoeMy=}o6HmoQTNM5~l
zZmo_9gl0-L%mS|lBKHY%?jo00_PlnKTrj)v)6-3^TFtY3v02S?oaes_apRkExphGq
zV4x)&n?F|m&xkvh-G;HjTzpg4JUN*z?LIYGQ}Zq-Hj-Ex%~o^-Fy@n!F3O@4XTRT2
z%ZwZClqJp^?ViZ9{u`{j>evr31BF(~g2-Q-pcdsif5a6V<qi4<)3DEE<o(x4)T7NH
za$)f2W-w=v6OF_g+FnR-XMt*~<YdH?%qxk`FwM|wm66T=k;Q#A;g9(<xW=%*|6^>7
zZ?~1sLfjo~^M5r*rHBreIu1ktJq$VwtOfo(4{r1VknO)W#+8Iij9KG}L29Ckv<qB%
zyqkuZU;F3V2xS61&u4nz+krzWg?_c_N5iv=-6%;lkf&POTmklmi|3ExWy_2Y=>Zc)
zSG4v^=SA*hE}5BLuVk7*N*ej+74VwJNKS~isvg7r*n4j+3*gp+qza%{BirVgolC3c
znVAcGnjiO?<`=!<Ki}=g?zqtxL!G%BDZY6_?p(qCRdO~t$yw-fWAxA9xo#nRm#^!v
zIuHGd&#pP1AT(a+LbiWoY3;-qoJ%&7n{X+{7`#!X4O`4xX(kSf>}sJ<hUzSh8w8YT
z{PA8DSUbyOgjhnOL>Up=9lL2QN6-#;>T<Ex$X|520D?7ZuLEPS?n;=CF=FOhfdN1e
zy77H!(qL?LTE&{=2Ct}q5sDp}7`l47ZZ_0KLa;ZUFzD+=hwyq#=za{%h4|OHPiF|S
zBGa!mY!`jwyMM1Ob3|Q+?|(jItK>Q@ruuD>kN|@$WTe%b=D2fc3N!LQejH0aPEj<)
zx!71FliHi6xn6chlV}^LPl1cs^zHpdU#X*$NPg5*X=G`nkdW}uLldW&h&R9xAYQgV
zPYyOtBz5uLUc0`ohU?`{By}imw7j&gM97s(RC&~@7j$c<7P=_IC#G&_L!?Kx#ll=D
z^UQguS-iHU=Nyd=5&ThWCsa+xclxN_X=E=PqGc+6eaZel`2-`^c4z!jCfCs?`b?EU
zgzp?Htdahgf?!)fK-F-x69x8tpYDuY?Wjz_Bl%$sH&fa$l_IJdGLe+Q^y#_M5YvXn
zRaqrz1XquBv<`nBIaZF2^midtXJ@B`+ff{9+ZfnY!}I7=UAdBI6D$}VmQ0~a4V?JJ
zdel9!ZAbcetz7M(Y1ULqyeTy+b(HC8ta2u)+Uh-_2<^86-qeQsrNE({EVoR%8|X(c
z)!r|by3G~GkmsIZixpPhWkX=L>Ne1N>{8H1X`uvNj5$PY_=}b0fM2Kkv6ma3FJ>!W
zk4-nsFg!=8S@*l;wyrM94?J<wqIdQ1s@waxJ+OGB^=?GBpacs1=iUu+rC0;Y{)?%-
zl*ggr0dKBvwRQI_ea+QYSsZb*)APE9$EU7O3M5ywlahm6K%W-4N={8##wxU@7P)ty
zjy#Fo7o)3>Y+Mneq<|6t0y_+_2=%u(KK&I%6dV(N{WSkWDvVNg7}Wm=`2V|Cb#Mj|
zyb2zNgJYDBZ<C@aOwVqUBD}-Uo>vU@uZ6`O3XV~)E*rO`O$zNd_CMaKmfDr{gA>4T
zsxbWfPKDlG8r`8*>aaz5XEF~^vZ_t$BIliBkD(JXGlyvM>fkg%%S6=zkMH<J-2__8
z1l_I$Z}7MUq=wNWHJpY~Jjf0cEM5KoA?aOU|2hCqUL_@AX_@dFzYwpovPsn>80|G=
zdjn2hReG=oO;!b?tEYAg^BJdUnINO@HN?;`s_zF&UcKx7kH>6}Q|Ze`)i6r72lxN?
z9V)WwQ@e>PbgF0`qvv?Y9Y$EZ`uT#c2sHW~R&^!%ZkS0Tm#L}^4d3Srrb!H!8M@O5
zUgy2l`4Npc3@{nBn}Wz=ARbdz;of)*9@GCvSo^_b*2GbM{=4Tys>1FvM;CLj^9TFW
zhx`(dG3rZB3nH_I&MVyWuUUNZ&L7yUhE-iZa?984|M+mtQR>|j=&XkER=@vxMUP)j
z7&RW(Fl|O@=WdzvqrOz6Wb93B+N1MEPZPE&)NE}9QCTxgqXn>YSngK=4LjnnRSiRm
zRSmDxz42`1e1OiYz;6mBlYnH_R3BIqoibKTFRxPuzw!&^g_YMlwrkZsr#3D}8$aeL
z7c98r7c5?V9zOwU?kDTsE+b!ehym97DmZMzU|5``<MpcI`XdwuX0DctC&(QED}Mm?
zqBq7DL5B9$BsDlF|L;-lCtXv8kE|Ne-pK*lcD){_@n<==HRs`%7Te<uLtq;1n-p;o
z4o8%+9^DPj04M|&X(^-uTEc`cRel4%7%(AtK*9-RKtd}lr837|yPqIL?lgtCL+s+y
zJ6TKprm9<Uxotyrl}>&A@|xAuCSrM#_ZyC%RIhiAWZi0@q((WJo5=*N9w<Zrib(r}
z{z|G8NiT43txlb<1`m-vd)~(Oy%8SX%qOq4=Eoh)-k6*a?qHoAT9k(aT?uHMggl}c
z9Yrc=j0V3Q@aW;<AG$1=;u!U#vY4&q{wC#m&=yN{8|*H;3h<QJA02Wi8tY`ans!nf
zSTk$C)bqEOltzs1glmCP$gtgrDB5H4MYKI&nP>2+AAw*5M{$5)K+zy5E*5iZOdp5u
z7qb(AYI$d}E5Q&H9*lFbkt`5wrwKKe>y7HSr*Um5I|cKcB`}E<1kMP15wM*?&7qf+
zG|R@L@(S`5z`7EMw*{viLq{*n(>HUw!_t61$sU2;gaJPSNW*|Vd0x!jPG0`qlt$XL
zPutT)?eD3CTY&E3wfrEEEPN(9ju0Yy4=_hK-yU8bw!O70lH#L2I&Dav1r{fzB6~ge
zo_e|azxgSIjaNEA_G{D-ftV8}fH(Ajd*FOlslkl$F`dnLOKhY?<_FXzvKJo}9P3xW
z{kPQ0>)U<RxF_Kk%o>+`m)eqyCz_v59}m^3;acZjmyRUiEL1h>QXzkX9sg*4vP-H;
zCJU4_09lAxfC{vRktN<F1E@vumEBhz99rpN_SB%PMj7q;Hi+damC5)Wo_inE`d}1l
z`vv#_$rEcW-eo)a+36jj1p#M|;{)iJu<xX>E16nX$GzcBphdf4B3q{K{X#ty7e)f`
zr>Z>S$+RpJq|OT1C)UZdR_0fQ3UI%Xs)I0W&6>ClYo%em^DvaB(>U21@Fi`r<2_T)
zXO|@im&6&cLr@$i&^cKSGrw^)LZ%Y2>2xnE^o>uB!tM#5Q*Nh8RMytkQk^#7sFrQz
zj0q$2VGG)KQtx}x`-viHO>M2fUi+(f*+BCmJpE1z<j`kz0_18xp$d(HxSw<zHj1St
z<uvQrG-p<dVFP1QT8pH%ZeVAl?P$wvN+})C>C5rYHfHOq3YA70Gbt04YMj!uTUiC%
zmWe5?>+btlfs}~b6XJF?+)%gtRX-r@)wa*<;@0Un;YE2-Ob%7$j^Z!ZvTL+uVM{D}
zA2cv-F_ah+Yrt_dRJS747sPn)ORJ^fsdzWWl7~}|SB^4`JZ;XTw6Jn&C15Mdh7c}F
zb7}>lSe)*R3t63jU)d6c8<m$fjgc#VT@i)1u+_@)cLfI2jg`eK6V*QrYc4$dVdMOj
z;J?+JGk11K*GZ+IQ*kyl-8gS{yN_=B?}hT_H!759%9=rTFe?jSCO%Ky1oF%~Iu$==
zZ1Vp;L9&&i*-i-69_lE3KY{zpHn?y<%e~79OYAzgH+Nc|6@6B#|JoOV$NoY>nuL+Z
zBUKEZ7T$nlLYKgl(;9QlZx5UnemJW^!#4;B-qj>Cx8S`zQi)-u3hNs>YT@F{97Ojp
z{u8f(8wN}$4IL(}u?vULLsNR}2vU!S0FzFKI02Lj%rs6^uM>dVV`MtJ*lR>@E%z2+
z9V-J8dx7)nYm6dp>1<;feH7=k=V~EwX=&cxd5{zZw=0-k=d&YMINFs0t9~r$G$_bi
zO%>r&?6LmxTMqt>Bd0*ZuLt%-WnZ_mPNCt)`$9&sm@M`mGtfebq56p6?>a+WwG-q{
zi-FRM-)$BF8PB%OIH_GQSJ0P6xlUMA^`9h(x>jFMQzXV<fqKGdVXrJYUOSsxj{D3l
z*ht&0=kj`PRl@BKWj6sHcnoH4e5#`9B{~9l%Sp0kd~J=Q=X9`ZrK^o;d5{W}tn5_H
zXjv8;)67|cfn^5L&b+6^;}1?lDx@$_kG#n!1Mk602vv~hIf~L}u9@P7HBbK1s;-br
zUjbs(viTh^9oE9;-dGOSjafmPz?mvwagzxzmTdOlR0dw*6`wJ0@IY$`K=AV2!2E(h
zGkMvG5GM52cf;siOJ((&=4tK{R?4VcePeMh`04BJE~9^V%C07Lt)0}~xs7VyO<JLN
ziq*@r4r2(E<7wJ2J+-J^nn(fzO|?EB0`ApTCH}y9@bcU1tDw?Or%Lc?r=byhw6heH
z04&8Ym^Mn|yqO=KHR*#3@%rS+?Oz>42$G!ITqUisW!Bn#he`&dyZ4TYE9S;e0p%CU
z#n6m?$t7YdMKj6+Tsj>}o^kn|x+X75MfSozsO>)al>Sm5Yl);jhg3WRK5++1O24SQ
zS${`DfVQY%5)>g#z@Bl3P%4gqK?J?94xkxn3rOn9gASl6bNhjUED<P^dCBhCs^pcP
zJ7g7<j7t%KjVmffCZn!syVp#>HHS#TgsbAwPSy_&8Ib4005d6UE$70<yarek@{?6U
zvXB6L&`gX^5Eu@FcCJ?eiu3go4_ie=MGK0`AEZ>f+A<b0?iD~vTyoB(a>mHyX692J
z{lRF3$>E|nz>SNR$Z>JfiuZ1smXlc6o||Ik9WY=NT`Zu6T(&w;`ttrbyR!EvqY7NR
z>LIL_Ocv;ulg=ZnBJHtGZt<j#F}RiwQWY!iLQ{HmaPmzH$6CYYv`l8ASpv$|t3;v`
z`(D@)D|}X<6wljcVS2L_k_aQQjg@DOV*xki1xQEy9EldXuk8*Y;4wgqph9rK0NLkS
zjdw%c4!O8**P}Nlc=_pxUDmw3)7Oa`yJU4`RZH8+PlcnSdUJbqQ`Kn_D&U#&S9wj{
zv0#MS*C{gv8`nG)8(KN$fGutPoSs3us&|CX2%O}+IR%F9nf6jk2`Ry4-4GTnuxU0<
zGx3M~)PAk67j-G*gZe)qTKjszKB!kqcPIXNztLNxMcD!VZOdb6hz_c3Y;AsuO8q!^
zRYDcYU1@3VZ4S`KzUD>k32MPp3Zd@0fUWBbE7oM*I%|XWMeR9m_x1Jmc5439GWyf5
zKQ+*lIE}Q^RfNkj&*d`-(~gDoq;f|P(@Cri4I3^q5c|DlKM;$=T3HMgb@@DyK7F_*
z!GB=H#am#(!%0Yg{q<$=f+@2M`Flqx3tl@q6jn&my)%JM+ARd{)`!na*1qm~;#Wvf
z2}vUi_!~87zJ*XU!qrpqitsWgFx+Qdr_Ga}h0$tJdwCOtPLMGQ6%1RiayVk2VTxVV
zvWx9PR9gVy*_*J1?{1ND-ak2I6)aEa&L1N_LmVDw@DzjNr_4Q~eH0eoBv;}5PTrJg
zvjfYVVsBFeqcw7g(Q$w42-O;qv=-v?V0~M0!Z?elLPyN1aBhGWHYVXO&Or59VyrrL
zG{YrSCn~{RbhgP35GYb9ae44)kt6bgXBY2@L<zi|5+sLa7e5(l4@k(mczQO_G{69k
zGB-C-$DpM8H6E%x{wp&+T6a~r{_<F|6Y5z-Q4u=X*;jp!o7AXPh6pfEOu*07BKXxd
zwWBUZArwjd*dbkt<KfFsp|a&mFDp=>LJ_CZk6ALNiv0e*<mK%>Y8X$&t$xYMUC<0t
zo5jBqcdO_I?%$8d@i75NIj4g)w7BH^GYJ$H5JrIlv&FNC+;s_Yuy#aTs;u0qbaPos
z=c>{-U)*-!X(ugoI%J0zc^SG!OIIaj^rI4|-^BX(he)rWL%R@dC--k^%Q0e(`XZbQ
z1Oc8H^Wol%t>!ifcZ=kVpnN>&1~uUSalBO}6aO5q?GL5SWCqCp<9N?`?^pkGyhmf0
z;&!?bMxiz!(poq<Z<4UI#b>BEas1DvU7*1vfs)m7@0@{0_7K1AyyFN|2f%T8=~i5)
zMv!ZiRTM`K<Y#7zCa}R=7Ctfbl2;K_&DoyPvBg;R$uS`zGA4w`uFu7xrWo==|FmPK
zsR&umV=Nt9|MFlBux}e0>tuej<Ylr~>F?vkt`elO%;SE4PPYj0KuHmj#kjhbIR^#`
z0nB@Vpn#Bo2!MJH9yfq;hT>%XfYfPye5!wfT!DglU_iAXBFT1x0fUf%1A#;Z`&_CZ
z0{4E)(YA2`)xb0#J=F64?(mtZC{}Q(pQCeopZuEJrV$XFCuwMt3jz$Lg650c4CGkq
z&a~#Y%+AVIZ81fFPDof)XQE6;UVa{9OtasGA2!{ga5rxH3TmZ}NcYdK35{k*XYYHK
z|1osgRZD<BVU%Y#{5#<|J8f(f%5yfzV_*lxCwUHhicM+{H1}L4ww)2r(|!a0lzbtp
zEc#I;@{(()FmJD^$J8ZR9#*EZmp1LAb6!<Of&jtW(X_nAf9YfodU<V;W29f)*>ynD
z-OHxE?0B?@N~644AR*N;KTuhifEzxv$+T-*{20-<&qNyJ)d-@mrCb2V%;ZQQ{ZtSB
z*RUR*PY#U-O<&M9Q*1$XmOoSakIwPc(+e)FFV{3iiTz0{%?(a47*g528#=gx0VN18
zFozjY&D?l)qB5#tulP4=Q)b749AT>|>BU3Fkdkt5ML?>S29&xI%yq+)^Mu~_EK10?
zuxg%CiRKu}q;bMm@}k4X&&<yIBz@*Yhqm7w;gcNhjE^0Uz^T*)a;0L;a-4eRCmYE$
zMdB*>!XpAQJEwCWQOT*j16idegQUg`wf-j+U7)j^gmctrnc81NxYQ9KbsXpL{%2`;
zDgtd1C7O=b7nw&|#;5eGex#jH*|9T)HZEvG-1OoqpF1n0olc^|EXkpBO5}HX(#HVf
z<FR2ghGv`D2~M$h7k#mu8A3?F*LyL75P}tM+>bu9F<3+Wr=P!nR=+AqFD1|c*D`Na
z-Q&Sgxo+~68+|k=>r66X1{gPR8dZsjT{|ysfi4sJ&HIMbjZHgGyAKaqqYp|r!vM5Z
zr>F8{kxG=j9lepC9i~kVtWE9}v~9MoN}3qri^`2l1Ysd!3-#PqHid{}H5)xm$Oyqc
z1C<J4n~~(FOs;Vp`=J!yC^AR+!D-1}nDUNf^vE2MVX=YjjD5n}G2bT95NOf+YEgTV
zH&@`7u5;X1E(PSp*`bf}v8l6s^dc_9#yI4fK?3AIuL>4Ib&gP0hC8y&HEC!wznfAU
z?%95>BcgFnC%(kd?xkbD)P`RUz2mU^{hk7knS&TJ$;*@T?!L8$iVnKcObK1}$A>5_
zht)$0goj|{kw)yJWC1h}U;GG2=oiu_{{!f(Oc%uL_2L)^!P}{5w6cAh`D^hs;hU-C
zbYb20{M@_$g$nYjb%6Enr}CT&_P%C<XWtFTTO@*)!!{63NOY!7f!XQ%-!Gu1Kmpw<
zJe&Vk`~lsafBLk0ubSI6OL*fxF?O9RcwFOZS`xH|loB!SwK@rAbN`@hVxw{+2%EFu
z5MFQyl;jgE7C!nY1_R7PDMA5P%o%?fXeojYpO~XzzGyk;zkZKn&cet#?P{y;GxRo@
z!)$b})l<O80}@4#Y$b#N`9lmg?M6dhffxj>l<>dOfgta&N35X^nk7Z~y~drv57+}G
z3Azi9=|`-qF=qTfitu^WCQqvlv!w~U9mz(m!OJ(a+GX3(ww>0eDZ7wA+U`GSB0rK0
zpibk=_n6k;L;hTt>qW-yjWi>1<9GecxcRs?zgS7SbCw=kA0^#j<juAqpg|#^<?o7z
zhkli2`4k$xQsG;He;9NO{X;R>i~D96ou~hs*8xus5v-#C59tQ5awORC^??N0GDo|?
zuv=sfaap}m#Jl$oDgM9D#upr-!ZMpU?t)rn3yy_o&;iYqwE{{_e~{U-OmO6z0;z`=
z;`)!l{Pw{`l<jt!AvhS+?sZtclQ~AwY;INo$p1DgNtLvj@Ar^9IFlC9Ja2Cdre}vo
zo|eHhH#j5W0M8?9i0dCw{t1AL26zB6Is(Wj#I+jZ*+1ofo@0u9qe^4SeeDvu6&%KH
z%RJ#;E0qz^fG6gbsrvVj1Q!UCRu?tFKBa+MBGZ-$43>43it%N#M((;9A8jCBPkUHT
zd*7lexQj~E85qmk%_0Yyj5KuntzS9wbnRsOXekB}O|Tb#<`D=mZWmqxe=B}*`&S#s
z64WrT2Vk-M@^7*H0&xSsgWc2IT5=+DYf>?`!~p7tg{)zH@zcG4O)17s8P{yPi*!ks
z2iDptU0H@3b*v2~`$r%O?0lq5LA@}Jye(J!Q&Z!nmK|4cm(t^-WZI{vx$~9-Km+)K
zUsM#olE=I&J!8K4zvAz<&tpFLk3drq4Y~l@a|Do#0Utmz_y4rVgW%qGLIsCx#AANG
z6)=Jk<F(scl}dP-UVTR(iL^=XGHpk#guy$Rr$KHJ2Dp)~`8)nemK)H1>z`zu3ATJ)
z0PRDZ|95-Lc&%2CWiPca$Cztnu`cdM8qL2`W>793HUzuA0gxzoVlJ;$J^{rs&?FrX
zADVwBq}ms0fK6yaT7i8qfE!=|c#)AI<68WUDhr#B3D7K19<UH-2n5olA)%Ta;ArOA
zHK`sGpIH(SZYNsXt11$)a7a<$B4A0-6bJ@*ou54o$$_TAQfpRN;^x5Opa~eMT(=>z
z_|+wJv{;)D43!v41L=FlS#D3*3pjDe(#c~<HZbfzl&2*9V`HaRbNYT9G>I)o*R4)4
zKph;ls3dbAzqd+RwiltQ9rW0SeT>-X71$RIM%uZf{j$Fmiy^FkSU{Wy71(?pY6c`<
z9Wp3&e6ey#DBTpwHYU1q5j4N%J&ZkdgG~))nwz=d$>h{M-*KzwGC5@waND7>c*(BI
z8xh(EAO)vHm@p=RWoGmrqr8(z4!Epe>J87{`_3`z&xJC+c8stHzBQSXr$ki8Rh{5R
z%0!yCrVU=H#D`03_^rZqqb8?ZtJc$0q_(A1l|9WXD-AF&G>+cz)8M`}x0s7OS&oLA
zU>y1=B1gqZxN4QmsN?D3Ao7d|4&W8S_Mb>V_t<o%zbP{xWkcNO1&bVUZ?jdSH8-Si
zZN9)MbEeLkQ5Ekcy@^sE&JRW1xl4Q!U&4DcOL|*VcQ+F)*KF^3+0*6H_=HxLpgS*w
zEh?|ApW%xOtZGVJT5lx7jd~sb*yUvsF#0*$FFD5i5L(m2M(VhS>oVEb%}kB+Ntdlf
zZt<H2e?KUu95#p)iqQ<Q@p|Vt)$72uX0;htfc+5PaZk(LIlV~MHKL|_^`1vW)#tO#
zW9fzcaRY13ge`q?>Z$3ad)4CTYun7)y0P2b(%Ff-{c=;f{8O`jbIZ!oJ2=fA$N3Ib
zKFI$%O~#7)R}1OuE@b+y_z6C)ot*>%@7UM8*)>~Qq*4AO{&M;Hk~hxuK-6Jm4Q_Zs
z&}l%z=*349HxyLi<BOafoorC5Wftmap((}$ax&Q2s-w5Is1rUbNx4bL;EEWhi+@YY
zF%m2<4_fb^3Bp0q$A|nkF+8rvmfwkyI^%nrbOadF9Yhu7-s!IsCNM;-_j@7N;1%gF
zklV?Kp_r1x{!9XOFu&iL`o(5ggIAo$g`h_A6sTaC49tbH*)&p13K$J0uG6y4Q3%Bx
zL{|p={h}ZTE7s1^gbhpOkGfHPcc;iBeUIUB{5;dyB&{1L-TAGsY&juw=ADXcI~QN5
z^}lrQjucGk^TAgiLFbySjWy}SX?-!7n7kSUIDgb2acg$vI^4_g(FeZ%abJmaTS51n
zaiV`yzFM+{57+yJra85ry*;!*mzJ&Q`Z_X$DjF<{!y_y1U8uvgn=S`>=r6*>`nQU2
zwVm>(@|0L>-}%bVRj$g6rr}MW4X`GYv6TafWGgC^$rr*1SM{%}<~a5@dWXWs0_K4u
z+Fz*$GFYq<(v(`pf)fE=$$6C1g(V03(&UAxA0%AKo2j8;ZN+Pu#<CblJZEc3f^9gq
z?zugKQj_v7NhQcrF`?y58l$<j=7)dNgxz*?2$!DVEYuRR5sj5osxGyy$ur+T8Btm|
zTK4^9z--|RI=r`;X7EqcPZ<61V0;DjS6jKBC|_HHqEfY}5V?ij#(ZG{!JPE;Bw=u9
z@>dPYj`%Pe<_LU>k)Y9)OR@sG4gaL5ru)PlMZ}3am*4I7`Np0sQ0eBLLImK!dM6=0
z15E*E)SF}|1pN&H<F;sdh!IBEhwB-$IQR{u5XY1lNO`EP_-ePyA^c><N-#E1n=_n;
zs(ODd0VNOOSINy!<)e7yuV^NYx#uYHIK^<gaA3*wv;FP(K0aGU8j;T_nvRY+3+L{o
zQxZ~9Cw7$xbKpTEJTEvn0yca;zI7@P{$)Qoe0=}@YW4M4TP7+h`tGwfYQK~R_P?Dq
zRd?$Kxs;cg<a#72&jEp<Wv2VHw5nJfDCW-D5&PoPNQN#>1DwIcXHi`Ojetjk=rioy
z^@PYFZ4>jQqzuJp&Q}bSu@fxlxoAh7vI+}4wL@eJvC&xPeet^C2Z_#G^7RSHU>)`c
z8KUUO)FfN|;?yhMOlCzpAR{)_OinbmpB4>=YbMBp5+f?To~2bMK<x<<_Lu^66V<ye
z=^|fY6S<q|K<{1%IU|v|(2uDdKKW_gLP8x5C)<Xg!CBND*pCk>uO`0w;8BT(T*_Ks
z87X@4hq6ozHY=v%&GSCKDsjHsY7Kl)9`$tTGnv$w$&kt9!S<YTJQldJX+c{?ptA?I
z&Rn&{dp|<=8eq-x^jIvfTN-Mv{3SmR-BxVJzDh!@-}fE8f}(|cDr#LL{U-?=@<Wp$
zSBhAuX8^Us*j}z>RDPgmA7&dQI-ad>H@sUZA$r@Lb2pjRi``c*!@>j_sylZi%G)+=
zs^x)HttrzkDt1?SQt^gTH7b~&eVdv@I3DlCZb5G41s+=IY$qYovxL&tSZj-n-yYxB
z3)15A-dK_%JTKEWBK_LW-!MUii}qXl1=&@)9){X7jD{@_uaX~->4x!o@nry+;7OFQ
z2mE@$<-96;#InK>BBuJoREp9#g@4mkmR)uEkA-Ys?A&kihpDyDIGLYB5mSTG%{oQ2
z&4`mDVM8oKuXBGMZuB>NC!VAPQ##F2Za}$elc@=P<777h)e9%m4WeUlX*?EwaA+ZN
zYf}3j0Du7{i+ym{h5;8gV%IQSIk%jKDbvI-*iu;(>nb?dJ>Frm`szO_+Su1y()Ftr
zW^vF5Q&OY5C}x<h60ylVY0d@lUpHoYaE`a$Su!9K9Xj)U4lDOII_O%9@hS>npi$A^
z>#J5ycemc$lb09+-?V$81K*DAP3OTD6Qh;WW-&+NGeRra7`a9|@3lV*Qy2xHH)OU(
z(TJFs1FPg;`HsSjTNzRwdWNdb88Z@%h7O`m0-O4!H#B<Q4kkd-2t%IbH0}v{JTLS-
z1%OXURN%g&>%b4P){2hF*h9hm@wCjXa-7N=eb=}F2wY<5UUcy#K_SQ+DwmB|Pea(G
z0XsJ7Fhi|H(s?DL4Kyn1VNeutHrNWj7TKwxP!}kcG!>KdaU3ZYpHpbQs>4cc?Sy!e
zM6rK0XFKy&$|s++0!v|zZ~?-2ArX@PyV!=WWWwSE4|&@j`Z!s#f$x0zE}6mavvs0=
zA?Ev?V+u{RBVp4n5>nq4hu63;PTJrmL*!=xqu@~mjhL#=OgyT=f<Lnp$M%v1ts-~U
zA}`9%iu|DhMKGzt^v&BsefUzQsiMT$_C%K*mtoCjmV3KWd`jtLjw!v)abkr@Bz3Tf
z2^4QQ3Ld>)l4Vp5Bg15~wBFfZWVTp%F?|70uUYi5F=g}CBxQaUw>~Wx&;^j1+qZKC
zN<os45326Psz$NlxYOOo_eq>$uXdlY99xrxBQtWc&I1oqWZMd#NspJ3sxlAiT!IY|
zSww-FzHAA|+vH24>$GvMdQ24@+>0Yl%NDG>N)df+UOTA)b5*ConpBJ8az#|@=OTfI
zU1cxv0&Hb~{VOw8{Oq8yk>h|2*569HRB;oEkZN6}q{x8XMuyO$_7W42P>~m>z(0x{
z94IKbQIpn1M*1JcY0nmD<gk&mQg<I2a4@e)1L5Jho5q9mdk^f!+B2A8kYKMQ{6vQ$
zYGUzm(>a1TNaZ7`c@yG*f?Q`qNP|wa?`utcEW}5G!0xamNlrT$+iRR%bFhIK8Q9Tr
z6tX1BRDM$$ro7HlEhRzvo4f0_9YmT+$gtzM2eD#tmq9bth+YE;Xv%Q`FoAn0)M$9r
z{i!YYb6InQ+4Y#$#=5WD=*76)PyE4g1NYGfT&E6Fl`Prut!RDTTrc0wpaPcREfw5E
z#PluaPgg&3H97hA;a7W&>Qnp>dORsxtS3=7FzuFp!E8DY<-2z^A)FYJ=wc*o;q-dz
zAO>9sh;I=5=*ZEzsY6QNA7=Vnz*{x+JO44+|2Jg!SH<-;+Kvg#M+*$e&uQNW1Fke*
z$)@(71^{53SfRAXNdvjW6Ymjw)QfnGK_PJjs2Lx$ne`aT=km^r4#6TlYhNcDBc9s$
z*2<_l0i;hE0jVf#6~*#eT2~l)WLeHfq~d7#0R0yy_lsf!95@s5wNNWaf&Z&Gq<egU
z|A*cQnj51k#|kz*w$IUbA&}QQ;1d*J-~ZecEvmU*EFU_`{<^=rw2;hrV<cX!$58_1
z#l<NI`6mp6UrI(m3jH^+Pa2T8BDOdhT4Z!D%Gd-@3J?P$xn=HBnD~Sf=DX8!7zhZe
z0u{Vy-`_UQb>kw;Hc1Z-Z$%<^VyjSr=V##Du4DN*R^IYAox_)!NQ5cr7@NZ(PGeIb
z+Gr43jPPV)3J;*Rk>hI2wgdWzjd8-{4wQn%PpAWsuV^5RJj{DgIyLl=b5&O$M#KnR
zJrM{k8x>c6+n-TxB>Y<VhLoUxLC^^9ugP;lRKkd!vOt9k#L;|^frv3+h;LY%aCdvz
zjVTDjo@-Ul78KD5ZXpUah1uD#^GI%aspMgIz<a`9pHX)PsRJ=9r|NgYp`$i@=z+8+
zM!SgkMfguL&Bsm}0#`&(#>EzUhsgUFwDnIkVxT<foN$na@{xj${gJ_L0zJOmZU-l-
zaxRzjZ@^Q218ED<A05GQEg|}MUvNE*7)3uG{7~tK<#bfUX~)5Diaoulhmu<-3Q<6U
zhFQA;+8LkUk>KwF_5lV$<%I-NfYE_LD2Wze(D`?xGsU{atu>CMmdjz%N9<$wRq@Y?
zV1L%gW;3$z5FJp&NDv@|VC~a$<3o_ItJSXOfTW0oD}n;r1T2BF+($T0s1*40{<2_6
zN7i0Ugk$o3b1OD_H50WE7QPD15iSVww20{k)++)=PG^ig>m(`FlFnThy>rE`8~bCW
zk;iFBZ^ub)?CVtXWVywY<?Oqa2VSZ9j0vUl1mLhk{K^MARDIFc&cd(Qr=V^*HZAqn
zPV_>_NNYoMa-*^BFV0%@#=R)D+BI=^_0N8B@9oBguOZLTm<wkao1esKH6*yHJ2<gv
zEAgqz`X9@0uQjf&t)I`^hx6wSgdJ%eE7gbO@!#%0p4<@R=Do(rnGN6Rz9J^SH?16<
z(%V}<wks>2Fb=-82BtgtzS#vRdhcRDc#`rX-Eco?6x{ONGzaCXDU+X<hTvK|#_i*I
zv?1d3MA|xNbuD1xvO^_6E^?St3n|O(G%f>3I19(_3xVj(q<j7)$;JjJE8Cxd7naUD
zVxnOFV$yWZ&GJxl*WCBOmE0bXHv}7A_GkSWRe&I-*I>1MYh{vQ7WFqQS~9KB^(rju
zPI8f%<Q{L;id9r4>(y$AXJZjZ^H9O$dtfvGg(;UAC1;+Te9r1{+EaGSSH7wvI}jcS
zqVH92+)uL#Ov4JeMT5@fHBXv9TBjEqDsJE~_4Y9HdjaW`?M8d2yT?2KcyYfw-o7JD
z`tkzw9sKFN;zEU?4^cZZx;+rKm<<UYkaa#RCy{szINAc)c<f}Ph^EGUcm7k!hZWQu
zVhP8&)~&)dETfbO>sNs=_!bZTmIszjJdk^qA1|ypa4-bIr{AXrPOw(MzG(Txq|Vs5
z@juXoNJTlIXH(y7LoOwx$&09|3COvE>MF%wy+7aKZkeRUBAyn=M2J=i&*b9(oSma4
zB(RE-3x<b}5vdu3LLXcX;$|NO)fHMWsC~%?|5p~iy6^FMstrHG;|BPR&Z_L8D#LNx
ziN*su$Mrl%HDU%PhxJ2;TShYh^z|9m_0l+L6AU1_N7Do}RymZ?IIR*&CM(<u&(Ng~
zu&Ohsd^6zne*%qmEjp(05gwLO%KDQnj4P~7p)DY@H=h#>$p`Pjb*1<C;vgqLr@K%I
zO~ge01>Ct1{4TAxpLVjdA3J@;f`9A$9SydXm+I}1MVdL)$wjo_0j4Lb>}?1nNLu)E
zEDASqU%jL@3C}|7&~iN8{e81&Vm9&ik?BW<0ZiWE!^>kqhg{Y2;IUwq$4sxIbE?7x
z2L*~WbVd{*@O6%Y&Z8mMWw4>%y&FFO{OKX<(lM)siWpfCl`Sp(=-5zPz5lUir-vIT
zm<yu}ZuGX<<qyf?hwsT#m)Q<@wej`mmhfP^hL}FwF3gL;KZA{z*L8G(G-~5o{6fIX
z6fNAU43F)pk4%T6e|FK;Y#gtu^pP_3<a>bM6|b5cXMHxse)FilPK<Q8jU=(`WpuRB
z4LIs7|I{A+ho>+j^u5fEICG`@$h)2mMMaH;3_DQ}D4WDVJJ6E<6lK>xkA@xdrM{kP
z*cHEoXeBL*sf_aPfu;LlREO2&upp#mM}Dh<#r5OU#{)Lh-0o+&>Tk}I{;I<moMN%M
zTF*M+A_fOnmms<?TeV*tAEfp{uA(Ws1;4765Bb^D{Z>8KCGX}<5g34$NL^PYVjLk+
z_<`!C7J*0Fa8xBIJ^{grx6$(;Q(B^q4*_p4zJDw1jTZ0@rzb3PR(Cx-G%%yj>S(kA
zp(pd)K7~>~YNDPqu~sJ7YV#*Gl6fifJ}cd?UXfQuc+knAAg?2B&28|O;fg%2-MGof
zH5j2#M$E(kn@SF8lT7%<xINm{@ZPkzSEoKAws|78pdUCdui|(1GZcOzjFc%KTC9<K
zj^wcwF&gz|uClaKa*cmMEV+?JzRq$ip})Zv_t22uRh7bVWof(E7WE(%!wJGFnkYbk
zB=glas3b@hKt383U&_@?2H8Zv61D<k_Ox5S-fmD^F!@qJRRWrU5vu~YY7*Tc&U!3@
z`EgT}Ajg=0;HC>!dr5m7Be3}0gB5^B>R<upml^_y`~|c7i9!V^eqJwTH?-bUGKgbE
z^0`u)h1VN^(-wyixeim*33=BzoI^R!W??cweRxXdlu?F2?Pg2o#yTFjfHZ(wc-U=b
zTNiz)Xp6-`ySZcwff2QI@iZ3j5?)b#%Xt`fT^V+dm+;WaJxJI52SZPAk!G{u34B7d
z{<zeHjQ2E2pgpd`5U1=hF*qD?HkDclwV*~gJG!GhQBDjik9zn}v+`#jxA>E^!5;Lh
z>|fji&ZO~nh>ntxiHc?kgKEhHGmL5@-dhW>d+R|b_2E*+a0Jp{q9z^Vu!qdB@MWe?
zV(xDwA>CLNF#cP^D_#DQhq5!@Q|v24Pnn&y>eH>M$Grl)4qS6Oy!m}=;6>{^M^yD0
zL#vdfD(dX15wexXJe_wkWF(kixYyI-YYV!sr8K08Rx{4QJ^%-F>_s?bi9BYZA_PS1
z=Se+D3yb(myd5qA=f~^#v%PJE2Qr}E1k?M6m776y{q*<a-5p%TU90MeWFJ|eDn<R6
zzdUfx=)U8(;LwK^!6tm^7ld6GA>KYE2lGP=yb_+{%{`njUYZXzULZA%-Wo9the)}B
zD)@mq)&T<?5Ka!K*j5*qGo1;7`071hjj_(OjN$acvxd0%3$r0$3ko^Sb9Tn=<~YEp
zCkJyn=QlYJ&D&t&J2<eL_H?duk1GPl!vl_+iNX;)2+x@pZ0)#3a0M$iU<oBza;2tA
zpg6B7E;-$30&qWZ;r_Cf$Yt!)#7B{QdLkO}pqZIRTsC*)Lp$9(s9;9$6K>+JZ4v6%
zz|9a=pDb3L-G~=%Qx|UD_$#b6<~qxO(#7|6j>hc)>VhLL_BQ8|_2{}wseH5(ES;co
zCJMDj95-;DxgOBK)Lv-_9jbL5RDIt*GTi~%8pT3FQu7T_j^W%~oj}zs&^`LreP|bK
zj|wvoE5PD@!^8dU4ezvQoeSz4-M5joP~q(sC3i9VCl4Svds%-jAnV<P3Bhf4);G5I
zIT*kufFZqpLQc7MZbB9r#{x{E0%9n2CrhqfPqLgZy+1JyM_;E})F;TY(A7Z}?LKQP
zq)6Aijnsj?HfrgJWGV3Do)rrbjZZnzF|@9FCMBZ<B%KBb61O*N+>taS{Ff$hMLGF4
z?8bQubJh5LJBt9`E70(7nWnXpcUHfMP&%e|Znv1)O|TeXf_+sMLqEub9`KeqM(e6D
zp(=YlH{U?IS6~ntSH7QhVK@9ci#_GV;e3?(OWf@}6~3zUD;0+CAJiBSbgDuaWR0zd
zdWYo3XqlqCkXi^!bUTM9kGFRn8=WdgL@>SuJ!8i`W8K+9!iJ!sb>S^5G0pckK1=e#
zUvDTk4!`+kVt*xuS|?XjhcSri?DY&3qmGQXyi9?i^8Rya1H8pHPt&QRkWV@zbPdUe
z$ri3=>Ic`z^HZ6~KJaA`@O$TYS+K-Ck%)yW{H<HN4<N|=&^{<s^D_L<_fma4j0Dcr
zLgw39I(pN70UH?U0mycP_^`-#!SQ&6BgE9Eyw7KVa7|=4a6r_GL&=1cobYk)(Mj_o
zK9>|UT7bL#9(W5BJO9>>9VN=%d9F15%r*%nAY=^?njXVDyRz+7SVE|&T6G+keB9~-
z|I(eO*7g0ew3okSHg;+CZ-)A!f+D-V@7VlwpzlQ991`eHts1xcyR8>aM5N1K7))qG
zw7-^8L3yY%3VVy1Sr3lXTw%50GELef7F2XNHtwBwssTwKjca1bBS}cHWJK_j!I0fd
z=MTzH1wWI4b8X^m-N!NHz?sU4dEnMb%tDo>Z&Dk&D-DJD`xhQr0u>{x*C&sdd);Vx
z4x@)dPSchxsZLaU5&&FpEONvQfa?=n(p#Q4Q$S1FH&^5eN|hB}^(8(9L+$1Ibt97A
zhLsgO^KqOl51*CMx*pVdAf~DlUei{>)NDm7|5_GyR(|EK1Ub_-cH3$*9lUSa&x7X}
zsG?Z>^dzFGkqWCZ&y~qCXQmIy57HCsxL@Y8|Gw_s_D+_mj_+LAs^VSfa=(Z+<#ys&
zyI4oaO-Es|uoKz_KskdlXGs$09^OzE^Z&4V)&Cz>e|FK(-1Yy(>aAG0w{ws3MOpi0
z#IO*$%=ua?KX#H1$k!$}t1jPkA<VX>ZCIo^>}Ulhdob1+z3WV;=ngBd13=dkZDhSW
z#!!moAQO-3$#+C}B==&FV@-Y;F^Q-Y1lNPgGkpjd4ARL7iWmGHDLe#5faJn4{0IS6
zbV<F^%m=z+nM45D7^b6Rt8hhbez(6(oICT<Z?EN+ntxNR9i9kQ&w%#CR|9Mia7y8e
zmrNlp`U%Ccc$-E;QFSfJ@zwL!oV(G4dP=g8a!$nghjz|5t%Rxrd5}`YjG|$X_Fa%r
z(=*qWLD)9_3`XNX&sr}!hG~qp8NhnDQL_haRIh|z*jioXugu`bn13KBg#X_#ligfS
zf=al*<3;Rb0K>)vyj?&lCy&i_SP5B~O%CjVQVFJQncZCkWm?Z^+MVjCt|8L65x4-h
zXL{PoD`amkct7y_L94)7bdV{WM&H2c;+cb<egfJ$9jYlK9d!{mI;gy-n60^v8=6bk
z;bx0)X@m^jHG8WeiA}A)3$F+=_cxWJM{9L8)Ga-!*u=SaUa71pb+6!NJ6Ug|R07o1
zHWU7x@NK^Trr({Qut0Dg-2-PCb-ks+Y+HcyfD389I9$db@(boU#$Q#dP?Wk$@h9Z5
z2lWcH_FP;~teoh2rE~D4yt=V{h0tgcEKP$XVLvM^<*czyt<q1IrtV>t=JQ62|0c=F
zB`e5vCy67z-~PNF<+{Gm8R9SPlEOKkv44Le*ai=Ousx~asobwo)x-$=D|nzE%ph`B
z<WJc+d8>*#5yM2NfKk@p%*IQip-i&$P3&9z>t^52jE0`Ld140Ry`*!5+12w%N5O|z
z3oLko8smI-r>7RuO0i6pLI?cih-k?!gkx7Aw(F83+tXt0f-e7B3I-0uVpT{^?^sET
z!e}XWk4c7SaVLjV&8R*(v8Bm-TJ>c=J6OQ@MNH<!;5EyCzi|kEFK5O6>*Lzh(d$l`
zVwwJ8`_GatvD<hnIcFUu?1k13)&eZAj=(%R$%|jOZtTXj%H0N6rO})7Gqx<n&KiEY
z_u`A1hFb_A^bdtuYJ!(?Osl;Vi@QnB9E--o<5Kem8l}tEm}WTb^r9=zmMYPO1z(Ja
z6HIT9bN#^2CC4RzR17e~f$4hAR|TA8J2)(VA0!n)S<)M=S<R#<7dt`Uy^U&1qiR(P
zl4k>tu(X**bd_g$pEJV=u{A+&xZ(|Z8}Y@{(gcO3G0wxKsyiXZ+EOKxi|oDDP+SG}
z^P!NPy^5a*fZ$1e4@{$Fd#^|}wnto#<QlMyK(4%qYP@IOXj_p4>b~f}XxnAxv`4>%
z9L6I8$3um6T(oy2b>%_iYUL`@=BW-9F+x_6kc<f08O4`8h7Yj~xjWOF?|agsNfkS5
zE<!_+mz(VBq4ksJ>LG}@{4+8);ak4%7)(W;aJ#}r>#m=O-yZ9icYLI4rz?!&%H2_4
zerd0_CUj-!f%a39P*}iDu+NkO)ht8fbs2J4GKV30Tsx&ETv~YEQ;-H!8%K@zwWNlO
zt)i$d6Hew#(W9BKjA2t%o3WQ)X5U{bdWb<4K3)0EjBJx#_aIv8AXdRzI^S2VG}+8z
zN2%`>mwOyR?5yUf*kNV`KRQ+Ds3hr(&9pV>0%Jhb6`<)^54(>Vd#Hz_i=G2ZA@s-I
z_6|I3hF)hT(rGEZ==EC^^gjP8ZGpic$@=(!fT0nrMJYmY_<<OZfsg!9?_J_E;pYcs
z;@yMmm}y)}0<$uDBw#YGu-QI^5TYTt<iEQ$u7@iuu-_k2!0~*QU0`U2e^`v!zI*Hb
zX{~<eT^Qj}v-G0-Szg;k=hxE_b69T5mNuz8xFBTqwY=vDS1q9nmV?93>0<|UxE2LO
zL4Pd}$loe$$ODmRZ4FEXsrbdxeh}WjLZPp~XWx&u!Z!8Df=f0@qVEzN2PPfPV0bh~
z839?uT1dtEFd>Ggxo$h7`appn(bS09O%affzDXNdULz_wU8!zxaOf8l)@z2U*_{~E
zxDiE+z?eF9&1iP6JfR5Y+gODE=y~cZ3m27+gjXzLj-wkiD?Iz&K_g-nCL1%y(Ha_S
zx370NmUp<|(%Sfa?|DFN&820sC>REL5IvC}tAIZ$R{l8TZCH+vt;^0fRK??=h(FC?
zsKb9c$~oDZY994qxhxG-kMvY%Yb)hu<DB0T0*{94*9zq`8eV~<k5rx07w!TqOgq`)
zU^gJHyl~+!FVg}WqzMbTRLxPt3Hz<SJ6FA$v}Ykvp7I+aaqE|I(?ZQY$$QbQVACh*
z-ym0!*N4aC4BI;w!D8FRH~%V!)FXGc=tnNEhZ<Sx2HD2H*H|j&a%$iC$rVk}_kWue
zko5mxT0f|>G0>p$WW#2w><=>oKdesM|9(L2JF)M*Z@qC%=%!$D&o`icFa9Y4sG>g|
zG)LY0@OnPM0{j@SHpw<W$`)^_1Yb2Bv}_D|v54fp31<j$$(s9=F5rz9oSNG>|IrsY
z9d6a_`Y`xC>_qg3g78^Rni8<zPL2FxEX1hbaoFJ?_AL2pe(;;S{gF`LD<bQ>v;8d+
zQ-c$)sb~a(f$gh%(aP$Y&Hna#otqo!yE_Ko3kf~{JAU7^qb2!{7XFzQUI`oXoriMI
zTcE=`ZBPXDv^xC0d-|CYUqKtiO#7#aHi}WUOecF3SmEyDzTdfo!1?&vB*dbq6d;hg
zwl;iXUI6S<lGeoUX*lS@JWayrFJ{><vep<jF>e@R6UI@2F`_d^w8>v(%a2FXaVH+0
z7GILFuk%BP=lOTzdUwMj2j}~@!$B+MpA^(d)A9w-jriCm+0iAKs2P#P(}tJ}!c52e
zDe>r<Kl?SZ?BzA}6b>_JMkO}aq!GLHX6(W&y~yaG(Uu<pyjS`ZFK_YInYPhAeeH`3
z6q4&m<pzrV9!LEyNxp9BsH{FzrU@O6F%3-$%rI*XJ8BX(bUj($w)mgFdN_*CwMz^y
z46YKAZPL8m#A>A6M3W0u^}t5ezDW<VR2Y!L9~h7%@dU@)goaMP7>^Dw?q7XkKhAA^
ziAbM@nYi_xZj-=55(0w_q&4iunffVb90X)X4&Vx4l_w*dTlbm5dRzkPNEEnkI|-U@
zNxgX^*f%!KwbA*)40HC_Z_|TO&b2Odm1}Gz<KI~L9%VG<u~)BvGRFz?wRy>LVu>)3
zdJtB8hKj-d_E%I8j#blqX;ApDq{scf0P&BR)+YD=agDDRqpo|1*sv#+dL9y0T~bAS
ziw}E1g-xMr0p2wf{T}1>4KTve`@tv>4~v^0XLOGojs0WNP9J$K>|uD!wTVCe3)mZ2
z&NmkJK7e;P+0|wC#CgU*ui~Y&t#W0`?uL?zmkpa@BsQ6R+<2S1v^+!Y>gt2iiP(33
zBA~E+%bGiMrwYEVz1mXXbeFMt%sM&Aw7;M7{$BvLKuNzog^%|*5AO;7-IKh#OMScZ
zK7G^sb&vDv9_Q0Nl}Gnjf9`yrC;D<v^5h=p$34!ATk+w}`f?WgIN5u<+;{r{@U^~y
zdE@H^t6f^1DPi^Acv!9VynYg_&G}Xf&3>l9B**G8Zq*qKtaYg#=TKeZPW><qcy2a!
zRvbJJZOXhsfJfbLA$FPVkhNxGN0X03MVnnK3?%lW#PnQ?cIDM2O9nrM)3!q%k3-LP
znoq%y8!Nty_IF<MG8$^H0iA7q?eEOGzJ7d7>uVp@*Av&*{;ccka4H!%7JZMR2`GxV
z`QVbgpt}e&ZbuKEQk&ISD{eGK%BLq6m9cULU6A851wf8Z-+>$ta{Thk@pEvYP_sDb
zFTBt5qg_2e+ImJ=euQuH^Q{T0HfUIgdVY)+pcrAj1Zsel6!WL|z^E)XE(!F$&p%a*
zW}D1C9E-Q3krx{+)E!&!O1wlCZq<4(N{cQn%*LgFU~wzrd1Tx|hw5^j8vFw~26PPQ
z7y&v4bUal9OY22886#&Ni~-3L{K#el$r?n=*HQja5laI|P6oMzAQ|9s4jykz<C``k
zTwVcRwyH`ZFD-dg#GelRSgw!<$pa)0kUT*00Lf!HB##%@$+t@6jqT@@H>Q#;bW#b(
z8_6ImD{mC=&nt7it14RFKu>Y~D?sL{Q8IdMUW2o3fYoyvT&4~13{GWF*%`0Q-*LvB
zv2yN?ursFL8FTW~{OjfA8OpnBj&o@Q4T?rJ0veR03}{f&@qh*;t*dlnt)K>FMkPm1
z_+5yeqhMDpQ*^YOpy?>g3urph_tRQdzq<U9>sbom>H414H9ePM+a<yK<hQQrhh1?c
zM1p07P4GPpM_rqvyK+!FC6ImK{rLfT?plfiea~8#-4q9A*CBnjmV(0gw=O61dfHHe
z)cA1TUxht6F7JkqDIg;4>XZAMHeZT-zq%6WD!}&nO@n!`I(Pfu;n^4Tg)fDtpwdNz
z6SYfD(Byip>Enr%#PSeS1kf9xxAG34H$d;@FkV(7sHnZC=Sr<-#q|(Y^eS;ZgcUtj
z2dy2Oeqaj<Fw*uY0{Oaby=177dhrs(8v$?z;2gaJ;0(Zd`GIql;*Co2bL%<rGejJ{
zO8gAS`RNfyGazY*Jz9XcQXTQ6Lh(pr75X5afOrDp35X}JN<68u{PE&S`>iseqy3yh
z2RP%bu+RZvM^y*P&m4gC2!ITsNDzv&1e;<Wp%;(ZEfAgr;YqMtrrs@!4p{;vi)O!r
zk_D73={r!eylN%OjCznt1SXa0LiRxyQkWOeg{1ExFlo_&N#pL-e+9uwv*FKLR3UGY
z^9EjMt10(|5s+&;x`t4&cY~TkGQ#QQgj;*^aSVzq99+py8CH0b!NewDDu0!iGp5^E
zIWx^L2;>=bubwKANTHtHwre_}MGhRNxW5c1#)4;B&^!tqW@|p<v&X;6oB-;F={c`*
zT;p3vg1d5zE?)l{*#^`VrBJ?=c{(7s`J(j7_P+$q#hq(vdLB=*as=kj&&gCSJwGR%
zo|DhcOf#f!yLJLE`BZh~<?~}4A~xcUrta0puZu%j*({5~EPgU!Ib=wftdXY-SUn#u
z7<MfjSij=H=Is1$q5&<%pKX~%th%jPdEeCLS7gzZv8IO-9Z6<wT7;T`?Z-_%%d%D7
z&QIf3XIaGBZZB#{KZTr6UiocU`Oh#_kJ5=gO!m`yo-OhBsOHD+h#SrKFR>x!MP*<g
z3*AJiV*h!T`gv5_EXzC4d^2Czq8oEX7GCp}EWDStXgw4SS2OK^tWcb8farp+vB)R)
zZM+Zi{aMN*{`sc@Hs-6^m@^oZAI9G9@zgCm4yldb!Ap(NUUJHoW~+<;f2&2^5PHj0
zb=a2{Qp5Fb>YZWKy1~5YnUVR-x6LaOBnO0e_Pgh%YB<HFFBSm$xQm2!{}W+>ZHiFu
z%u<cdh^;}pvwisge*IlOy-wAl;_n+mt}Ymsb`7KUQ2TC0eoWi3!_j8nb_m^+n`YC(
zblCH7V8u`BE@6BH*1c;IT-)TPo~+Wwzp3X=XrtL|Hapwf;{Rr|nft%9y}h;bU2D6u
z+u3dJc3SQ4n(ggQr~MsjE`k6dWjOe*`Q*0pgIkiHXcu<7w(Ex(Tiku|#4c5%Pf*W~
z(VS`Y+{#<u2?w?-k2t+5UY0nGI;b?CJ$yFeVG>8!M5zKYjIQ7ic0fvopTG?45=U)Z
z9vwX#3~)HebUdcmk2pYum+9eRjDtgQvx5Nlv5SihYhJ|d{#<;ew7TEeZtPCew0>6X
zG4tUTXF}hHR-@TyPSb}Hsw>tnP4k!bh@j$Y9py6%1iP-saNhQxw{PXl)V<Jl*om8W
zoSDjet)(zhz-v6o%FCS9+7-5cjpZ?dbcN@(>A8nV<jbIk*P0us-D+*1_Rh`*%BO>g
zX?l>-2K@;gI3!>>ye$p-#lbrENVtErnt4B}5oYG_z`ZN+<jGhbwbY9^RXKUa6iuwK
zHRZFC!%8>@6bNnfZE9lY9|Q*i9ena!;XoA)(-^pfiPNjq>BMd*d`A7@W#U#5mlf0P
zhK>{c?bz;B$$^CFQQ-NOcjFe(HJ@DGZ*t2>;9>{ydW<5f{}l(c`1KVb{-wlcxi|4t
zsI-;fAwdNxWq-?j$QQ+r4tB3}cFx4^E$Tv_qq;KNHuXU%;T<tv$v9F5&ZHCe8R?iG
z*KCB8FzZS5lX&;psg^k%9s8P`dN<i_C^<+qB7Iqw)DoAjVy0A0uGC_PTjbc))CxRe
zW9_M!p_nvPrQ}bJcSDgMcqXAV6Bk%an5th_3({DWc>tID0GE0JPv-|*bc8JN1)ka)
zcuIfZ2_C^y`UFq(3ZB9*xZoMwD%LTDbMScg;E4{xlU;<zI0<V)V`p#_9`7nV-dT7`
zci{;R!@B-YbQ+%QHay;Oc)aUy#(6jxVP|rWC%X`jb0W@r-sbmZsVlMGnRvWA@nnbM
zF)qbAr{ZZ+ON~!1rJ?AghV&uc<AS{NM9w-m7l|G_IeTi3);u27`Z;IM^)ZZbzrYw(
z@8(j**eYj?8SiMF+jE)Yv+DYsUt&4$WFbD~icE4(9_yf70Qp)c<?(LHrH;z#v_BMp
zSbmM?8XP0@P2;pYo!fG8=}mB59+M!d&(TgdK|2~9dGvd!<~sjyyeeJ$W?U2-r`ZOg
zVNbXs7o6n_4!pdW@YRhz$vNtdan&tx)>YTTG=P!!T1>PCIOctJ0Y3tM1pJtJ3-}T6
zW9A3&<AU*H?$HDQxwQiT5&&d{0pv9aEZbyLK*y-$iy+3R?N<sK74Grc`O>3UhF?9E
z!x&}!R%bHH$Z>!e6K7ZM$aa6VfB!472SZlC($U)(X=dMf0k18AszWcZfA?I5oxFpU
z6`JI;wu_~)-{mpfxhU><J5h~HB3B93An@$uavt}^<uU~s8^<jjC4S920jwN*VxE7s
z*3u-Ot302Q)vr&%r)0_bv#CqZN3CW=460*IiSG+ACSXizRaIe3I$35MXW9kM6cq%{
z1e_`2Ov(opWKT-(9?hc`>!;G%FF%1Y`HUubsvLT*OH2_dYXzRK9X+_J#I=E`0Za|q
zw_s`jQ$yzG)tMSz8lD$<V|xrbZ*M(=siCl5iYfSJfyomS@qwwLGNuY<`rW>R2f9em
zg+S~L#GC){)wuY_=@hCUR2Q;>3~UXESVo1rk)JZC(r%WIOh<=wQ1yeuU#68LHqh57
z2AJ3J)p*;I|0`wWgSEyF>tBuab#!C1p%=1jHRvy>nO^{98LMAZT=`^EzBSS1;TeiZ
zrA6$oz}y4C9e_IkcL46%jsS2k??PpOyGE}*4!Lh_19AuC{&?hWn<M|_KszVMhp)!5
zIrO4iLY@n}KXP2pgxfRY@}0X1AorJt=O>4s&JZUF5;S=NL|?2?p*_Z^(3#$*a4J*1
zpfk_0%{#CwfOrDp35X}rTM$n`Jb7vHWbbiyg{^URg?*4tKstH6bizSW^}Kdu^&2Q4
zn9hv0-=q6``QiMLw+?dh5fn3zfr`A)JOT^~7!)vQ{1z}MV9=Q{Xl-2gjc%9TQAS4R
zq%Rz@ZHrt8-Xo5U!VHL%hD3L^rx`=<M8<pF`qiV)wDM>HkXw;_PESdJ4zz1PyuJ#1
zq;9#izH4o7n^tef+NlrrcCH8S(U;SUFK1_;&o7UUIN!VceE9ie_ovV2-P421?x%x`
zzkNAAKR7zhZvs@ruTfimK>D`GD}CTNh}@dQXYcjB4hXhByUtw^r^=uFA}H=<Kk$4K
zFuP>%T7t?6k^Hlf@Pe@mR9DXwtO8BNE>Oxcv{We4VdD0v>E1l2u%)pDjgz*vnjmd~
zw6$u|mh!=jBA4=IHRLW!bL;4M;j5;!q24}fB#*L}kCt9Ps=a`;m^4-JFw=AE78!X)
zrghErq!SZ3D;JOCwi|JX$#e#ssI6Nuhmn}4jgwN}m!1a2%Qq(6A(go>4Ks``iaDgq
zu9BJ}p?m2S924(G9d|ow+2s@J^%HCV=ldw*wdr`FRTnoS|B-n#a_S>_o5OnJzp~Yj
zy|7~Jt*V(BDO()bNn7yk)MM_ak$ITAQFimPi$*6evO=bC{S7W-?@*m)>Ewu|zrkgy
zLCtUnN}iq*m*Q+ot9Tnq*?lPGOAR|tvTqtcWZPeYWjNtpsz<E9X)X$zW|@w;EbQ6V
z>-f>bLaoq3o#t}dr>xdVxB5=AWG7wh`)uoW3Sunj;*EaGUhj~(eJXeVRBM>@CVK-_
z_Ve@>s#<oGiBOOgxr|mb<3h8Q{j;Ttk;YEuuU7WYt!DP^Q2nc&`Ky&&bn#m{CVND>
z%Bq>N)oe4JY%|$b+uPYcGuiWZt?XFR9u`QPxztN@t=A@sg_rok2()&ZU%c^|;X3s5
z9{Wdhw^!yGm{u%x<SzJ<tLLRJXIj8d=Ke3&vj{&kH~oN6=J|~tro*SVG5-Fq=JwW3
zD|`P}tJ7?^;Qp^g{Ji;ovuC@Te4=YLN*Jnphy($-wORb9Z~LT=Z72TQ^+J~tR;%6L
zqlSP1v=OhIM!a(TfLw@cbkM^?t!DQTWtgE&HuA+Pt4GD<@@v>0`U~2$$n~ZhIu2_8
z<xj0YBQ_*%4I$nY)U5UGT8)@P4;g>QHW%-a=OW*;C}JKGO*R?^Z|I-sdsOeEO~TAg
zGq6qOH16=oLBF9t{y>9(_^AF3y|X-ihQBKmOPYNn?g^x*?*-`a^Th@Vd!ft18bUWi
z+aX9+fP9MLTCX{~ut=Q`%s^>d#@Xkit{kZGXJmPZI)wPB#ea86jYz}b8{SI2M;JzH
zH#Qq0({mZNT@qO94Rqm+2#Ss^io8BAjE4A{AlY|hyJ&OhjmYLz*du{U7@>S(8%cl9
z4le)t!FYSm|9^O|D{I7cJ$+1kvg|&xeQ|3JqC@WnMe^Lxqb!|UF`-AqA!0_AB1o{(
zJ~oM%SCrIc5l1a2n!3NQBfF1WkD)d4t+*(Ap2sK)u>TXMgkh}nMH!6vGSRK!Z1F$P
zx6osRf5O`#t|gYV{5)OI+2vegUT6--toNkTh1LUN3SWXSAisn?P8#0c8+14%<`w_q
zhP(?13PRV7b^%5||8lIX7u0v~wHGvMKmT&v{pHJ#$LFWVm&X^~A5TuZM<?eW4DIZT
zz4K2#DC6zD{>z8W!4)ykZ@-~G{Rx@gXoOvhuMwr`Km8@y#>p%nem=cCI5|B&Kk6QS
zKK<$B=MRS5cFAX(a>xzljfA3Ju8VVWO#-<vhS(htvDMj-sO`nHlG@4|LX=pjerzLy
zZvM~LH)~(%fAJ#SNG(X#H@~(v2L>Nwp<54X(<ASix6GTnil*Tvz`jp}8GIt4*pSqt
z?_z?DuBZNBOu4vBd~V489&!Tl{>FXH(1p{jo?PN7^DTYgC0)W2nsJi7FO)J}`zxx~
zP1mmXY`1RN!3Sl_n6BOE+3p!;L-g=a{5opm{lJh1ZKMc|2f;UQOmEJHS&rgHO<G?0
zp%lmx@vF>UjJDDmUygCt23MpZug0^`ninL`<+GEs>+MgNa)|+3B=eDFQ(odocJ;!=
zY<*p9z>~h{+sRq|)4|2x_?om`&YdWu8wgt#>S2?gPvSfD?{MU!Aan@g5{CGa?^4^P
z47(;tCWs(;-JCoxh2e>!`VFcx<YI>EACm?Z4w-B%-4_Sw?DNIt`R6Z}C#OH7`bg|l
z;xays(Qk(B*GHIsdyj}qc^~+P>Q|N>5R*}a9S6CdTmSg^@Zh6r7(gt*{l0DTrR9YI
zk`~k~aSYx#wyb~)Xq+q8Ez0WR4_ROR-|+{0C1huG47BhlQ?P|xK&PHXP;?C2*s*_?
zy)?a%?+`|emASC@nSb>7Uu?B-G5Ei=v%9lZ!2esjfd3cq^A!9qciu;i%51kUESk3G
zzBg(SR*OrVd!anp`B5cb2VTfX{QkhQ0wRL1<jeXt!s7o9!uq2iUY}Vhqa0C<ylZmU
z3w{i2YaozZ0i5=NW&xElVfz#BP)~f?KnYeIi%)w&vv{J-8SWuWk?mTxiCJ_9&5$5|
zW)jyVwKrU7;7{IhE)acM4?>sOBT^@>CHw{7iBuk3n0Tk-*Y9S9l)U7}<IC>R@lOX|
zK3-mQe>(Yi9HGBl-819QfBqA_U6b;N`4g(wCymT_d#~-zgRzc2d_YEvSDae|oX|gX
zi=?)qwISwS2ybioqU-33@41N2bBtZ+2A{ciRGm9}ggLOKgp4>V<<rGPg?z3!og!B3
z1$T(U8^LR{XgG#^{I$GA^&LfrrzfJCEDpqcC5hc&HPGeIrpO`qnotyY-bjeLO4oRO
zHWO7L=E+XsD}uahF86ZD+YiXK?S<62LnG|sfn0a84;#qDp$MpqZgyoJa=b{?^=@1e
z(4p<i%Gi)lBC2elzw;hCcYLAq!I6<~2eyeF<n<^Ct|Ra<#F9$7Wf!j~WK$s$N^)5U
zn}J7ZJR?HL+Yp0{f^$WMHWRU`2*+qYf@h*h<dcA(a}-f7kLR$4aJ@t~vHBpoQ(V%K
zuPQXeu0`dDIhg~`iKj3i*oo({As5tV*SSMxKrkaZAw-@GLIvQyW9m$B0US|}Oa5|4
zeLtJ1^5+_gH$l7&PB>_FoDz8`-UPhY=fuS$q8Sr^JzfBsM)*;?8aH_o&w`##H$&ST
zBFE;d+?H!f%yxVp7P~1$_i02hUfLXvJPYCfx}EBasLyAfA37y7+dwCL4LVM|+C(A!
zS|d??E>YK6kC@&lQ@0$Li5dFe|NGtX=bzr8KM*5isxB810tppRP&+(55%P1y2ZUhn
z+M6z64a=y_D*M;oB=m^XU5K)PuRIAb_@*{~N%lLsZZ+E5buPE<H=9Q7m%WSbugB*X
zC!bG0yj|0t4$2xr^?KCEI&b)|#NjK3dB}{JFV6L11Nm6o*nuhP+W}?B#{nJ@MuH9A
zwSm~M{6xbp@`BnMM81XC5p%)!W%@PceBVkxZ`AssD|5L<O?C&2tgWN_+W+sL|3t>y
zH9xRj)<^ID7yarAcGi9no2B(&pg$1x0*30pqCe1(U<=jV*1CZ{#Kk1b3<wJYxAwpX
zE6x`#Pl<ISWowl$$=wm1-JAtvIf>;FdAbS#c!T4MApYoGM&t4hMSi(=oInzguy`vL
zG&zV%BD^}A)6bIAfv-K=LZRytlTeBS+qsK*s?ZK4l{8`y@jEA2-*zpb=uuYagMp+3
z+DCP9RK5E_ia<ZSTQ|@jf1t0iu`B@>$LQVv<kd*;N)$-z2KxR3GMe%rO;pJjoX#q1
zrJT`7P{3KHIOq9Lu!ht^e}GZkv}EfMZ%q~8eEtOIIys{VQ)&-f$&MxDI6OURh%eto
z`VCaCyWY(^J|`hxlD113UpQVrS``#A4iF;t7lf|BEs=HKxf7M;6xApOJP|&Z>~%;Y
zeMeksWDkZ+EFPi3?vaQ};wxgIJHj^j{L7=;#FQkxekV8`ahV{XpiI0B8YyxYWd%9K
z()L6UhSCF}^GY;J8G<OKBp()<K!UJ)$D6K;<t~mRE-}Z;ShGK3)Fu!Oy|R5#o2bU4
z)b2TVD5)#jWw~j$9U>r^I6HcRy+@9vv{6)4hOR}Zz#Ezs#QVwzJ#j~PtgtOmo!k-=
z1tWC-fWH1&Qssc65pj9t{50!%*JNX?W>#=0iZF6)#vFp!4Z&P$lxR@wbKW*TdQ->~
ztI`Ss+CbFf=qL0oUY3K@h>0Y0`N_V`&Uv|}_#NH+ADy1~&DYlEplqYpB)n3NY9U~x
z?B|Wjr3`*j3sz<PIR#hzT!@Y^v68t6A+}G<bNB}v>KNh|a>r8CYIGWLRW{#c0;R^K
zln-4FzTE){5O&1fQ==%`Np7J;%kA*=WFv+a{EWXQ@|`$t#HJs5l*J}^4hlGs4MM`D
zijZ#b$-$NtomyUi0}kj(+*cua2#C`oG5WS-y$K|X*g+)6;sIwGzGpR3SXw9O-Thbh
zD>F>jR;~|dHntiqV?(@2{1m0BN<NJJMdZV}>DtCu_u(D-3(BIG&E`%$GT89mi2YNm
zCG)289f8?Aj>Mz&YcqN1>NYiY??zrg(#3l0X3nbuTg#qTQiEMQu6XC(pdVB4r$Sp^
z^@f<kt38VTceJ!P9N`Bkwk+W(g`LQ*Nr(2R_C{y}sMM=V&@3f22UEtkARCf9d4~G|
zF^R<w`gOsBpRg~)X)_VI8E^0Z`yn-g%<xUo5@Ndcv?dNt<m1mj@h0PVPC13Y<irl_
z1O!`miG6@`0M3OXZBgG&?Y>XJy9i|wuMXJqHs%0rd9~AnTZBsCEhpkLBV2?Y<hYNL
z)f}zm1aZWA5Jbhn$#(@OZ6r2-|J0Lx?PubWz&6*>fg`C#%58H&=yD{%kBgCKsmtmS
zcD)%^vy@;*SC$>1x{u0NJuf!KNEn;>o@PCiR@o9Ao!m1M?1f@;Rm@}<VLO|q7C(#6
zn^c&gQCy=??)DS2nnQ46f99Bgi$pg>3i`}TFl*5u*&|#wAd+VbHMg+z)ddITa+MU@
zY^l;A)<)8V&@se#KYAZ&x?&_2gc9^JulA<cc0-Q%Ce|^E62cBD)Li^9lbw;pH>9@W
zhQvllq37^Zl8{<nf63($&mlT}BX9h`q22}`bV_t(oHj!ve8(XNx%H)LUv`SK?$ELL
zo2d4HP~USoO6PruQBkzGi?AuuND3-8(1ph(-fP>EBcdEm$A=$wY<5?BBc&_O!=s6;
zQx~(kP`>ll63IYl`eon)ZPawu-lHY7_HsE}L`Q0N<ZMnny0fd)kB1jkym^G|@R!GX
z0F_&Gu1UbowRWAn*HFPNXp#{;v3!*p!Dq98XY9Y!w*#^%Dex?oU->h^|8u9=-p<*7
zw|92I{=1N$H;4|2<49B(9Y!B64%^MWPOa=+YimDJ1m|5c`Pn5FQGB;?qMI^m(hc!@
z<O{W$C{?E<xF$i?vn6pR+=-kCYZqrH=f~ZP<MUsS&%5WJKVNpGGvg+2Wb^G>vBvey
z!1I_<t6|6HaFoC5%2ywZxA*!AA2vOoMSFmY4r+x)?c(#{FUN7q<yG*Vt$w)a2lh2)
zWE1;#gL>vwQqxZ#4}Sh&)cG^Q1O|G0uQc*t#KaYrU{2i(%_zexq$yd|F(Tr!;7(e$
zlS+Ae59m)hS|>7SVG84h;u(x2muPNka%$wa7h=jUWO<vS(BDXpq13T6S{l4_HlfmN
zbnx@>>1Frg?Bu7Pj=LvE9}Mc-{XTiWxv89fIOIry*`_$s8l#Yf*lCE`8Y~DYJMu;x
z`#d~sx^&tPBV^D>VqW;?6i2fs;F1w{@A%{K;pOM^3qD^WBv{JPU7uq1UKH)R^!*bW
zMy2&q{65p8!;_CEUp{r8n{JUVMB7No=-<mBM=?>cIwc*Jff|L8y{A|u6JKJsNe)cY
z3tdJVN)<vpiTd&R?D+iP^7HxgkJs}_fSDI)np)hb<4&aGj&}8gqq3%K-(!yKgbGP$
z%ESR+NLhBulc6ptdUAx`<`!4-ASQ|G2>z27x)y52yV}T|Fo{U4=|!X}dqO|zt`wK0
zUM@!obxB7pt|dnK7}HzCAp_wtV_SUbuseR>ahSjUX!7Z|X#V-4iCNOCx{m|mGA+6F
z9iBk%cr|NDo*24hD>2b+LZ3|T;vu1V^+H6~^lb{d7rUJ!eI({ysBBgE_$17iScrxu
zM`HcZaqf_pY9?*BPVZbZ<>_0^KTEFu(wG!}7Wbo(|8B6&>U}S$OUC(hNpOPv*Xp#}
zdH>&?<~GQGi};x&$E8AmFx6pmDD{qsSeI9WjKg5EvdG;RJv`J7j*iYh7*is+{MUw5
zmN=B8RjF91@mM_m@X(;w=KH<oUdvDwGKZf}PrH{VpN>C&x%^;k8MWm1PSdE>Ozb$~
zHon;Bw0mQ-VVBt>;)N_RbvT}h9ib@uV7zS^%Co5C2jgu!@)UDT>B_=O8>oJRjJHvt
zESHilJ$&PesT0C!>D1YdgWg76=hB*ZMXZ{bP|@8FZ`Xu!?7#jOU5}tB3qlgfi-Jv$
zA1pH7^7$~3@m3|8Y9dK(9GTw6{SgV+l7hW};4AT$WPj4N5xreoLrPas9i?MH>+7gK
z;5~^ON55&CzqCihLcG&AQ?CBBUm`ZOmFd`Q8%b6b1y8;N_l?efnF~Thz&6;(cb>J4
zvFHExR;Rs_KmWIO+if`i7x7bjgZ^8lVynFo_W`{}|KumiMr0NKEmNRgN69JqIm)0K
zdz3H_#Yt5o$tpD;q^b@PPAy?;Kx8%;+Neb?A&H}4T4hKRCqzt<j{}ChKEf{gGU^4y
zaWFa@Ca!N5hus`iqbT!XqgLpyNbfN7s6&4cV2d1jBOf!nXFFU_91_PD-g5zs3J8mx
zm)f&1i@l=y_TUrt`S5FR;sFT{nAAfZnSsrOtGnEdN=>HcGTROLIVGek+jC=@$$$-M
z)XRukF1d-VU*ZEn=AVRd36Fe-yhra^joo(}{J%Z<-~PLrZlF=>UyJm@!Fyp=uh-GB
z^g<C2k>d>pwmaa0iL{@l39nN^iU0x~t@DNIb#$0SM_!Yl=TS~>hg=g!2IS{kjc6fL
zn<Orcf__RbM}$%lZNaNZ2+0|aBQyXU)P&|x`XYwCy0j#VXMFLkk;b5buC6Kb0<wXK
zd+ptAAPY0>V>U#>J<74oyLIXI*mt}eWK&U_u<6B4KDo}2k<EDPJ_*DG63RB>x1u7`
zb6p~=hth-dQ|K_;cSyWUOzaBNC1L2=#t0*^-s_b3I1uBC97<&Wjike30LHqgR66zf
zzGIt$V6y6Hvc*uMU!&nie~Buh-{X3tKP4?{D4Ia>9{r~l^st#<KvE;%xqMrnM<+u4
zN6hE%KnSjUEr?i&jLntzT1wwhqSab%-H5;%<cE%fC@}-V<h1h#8Rx1f0;eYaI}07>
zLY5X+lkkD?6XZQI#QQq`ye{iAq9)fQdDoHR6%skG339wa{~epp>vi-m<3F2?tFT8R
zw|C=THU5|E_ZenGaXyt+9H|b4`yHx_(@~~b7lY%!jWDxK<apjy=%=B_kqx<SyL~Sr
z(kJZKuJ-7KtnsfNWl__GlQH%WvRy_7Bq$t?<2vel0aKbe^McZ5#vZ^)8-E`X7yT>S
z@eh39|JqR4hBQ#eF(K*s%O_Jf>%})S@WTI6sq?Rf(%p}Oj0wF?<x*I1?^EU}7)rEq
zsalPupZ_WjQzZWO!=7WCno%a{lhPHK?k2g0Y|dIKXYl-BL5@9&1dhZ-v-Tzpl*c14
zbOpPPj<qCWO<5-gXD2Z<Cby<=5>96<42V^GqcpamID-oADII)7wSgx*i<7oQB3lRF
zaSkDzRYoXunJwJa`1wFlFSG`Pp{W1She8UYTpkc4IuwIG$BcaB9e6*Uqa`~;!_wAl
zm#w4AAwiU5PTM6`(xw=p?WUa<foH;rPM-Pd5z=bb5c=lRXX#5X3@DqvAN-SaI!GXA
zL9ARvhhD&Bg)|PL8`^^*=WCde;y}cOv7-F@BHy24#YHgcbEI&tAr$ML-$!0}>9EI<
zr&#i7(^Z@>nGHRfvuEqrOmp`PvsauyIj(35Ytb>9OeQ~3;xN1DT|>qlWq|6Te1$#{
zIuw9MYG+VZXCwP0bOmxHoiH>C#rUaDObN969v@4@-zf{Q?XqZ}{E&PQ9iRv^G~#S@
ztIYv;fK5gM`sZBX9vSeWt|gQ}5nUYbh6FM&1v~x_yWxlgwwYF=)`IVn7AJm3MN1Z@
zLqbuHup2_$bmJv?qy<ahxQ~PW9*M#MqKK`CnkPs6h)X3R0R@`8G6`s+y0Rz27uWt4
z68>#|+CE8Qpiq{GVrjAC#PF0@GB7D}R+G`gGCD@&E$211_(|Q~*_pHoHbhmCvtCm;
z^r>qkl6Ls0g}bix9yKMyIwF1BB`9lPl?*hBZXWrbOI#*|A$2Vu#&6zHBuypXLhRUm
zn^+Pw)N)o^zN)11MDFPf7!|rZL1tM*JP_!Nf2$M{Qz*rd_vrqC&ram&RZ^=0okavl
z8ebuq+mJDzzTey&*lZZ~8m2djOx>}?+jQ(ro6?Zb&DPd_NBBr`ad1RjMv{{vj{Ey~
zA|m~izy>~{7YCA@N#ZNcmqW?9Z@l0N2VUq}4fI#yjN;kC{l4_M?A^tu9v9g}R~quD
z;7cYUQY_Y_NI-aYl62^5*hy67XU^MiY$~IX?xZbj;CcbE8VS{+ievw8PsYs<*%e-K
z-@eULq8?8RI=YYt19qrT<tc>=vTt?~Bz4TN8iar~#R99xlGwBrXF28gy1kUaPFuYn
zkiKINhGok*Q@<aOx-30I3tVU)PZ@b#L|qijSDemJvF6a8rrOY+p|jDcI3jd-;M)@K
zj;BoeK^@0m%+R0&Q)wk83D|(7su8=dHql6$XfQ_@OT5O2u%TytFayv1zg{mphN!mL
zM^GOSm#-yK=T*>I2PBifYQ`exWK8FW>X*|@?;|^!2eBj=#X8VIz(qKp1hyCXLa6>J
zN0^K}_kyrSP5J0&{>_>A<U$}h`X04pBT-HU$)zI&si;X&tBMCvZ^cIkqC~3uken^U
zsYJPR&vArFBvZ49{!4TWm@~;6F3-v%dW3!H`)6UnNCMAsK8H-6pJyKLy4-czo(T0y
zLuz3r2sV1Pp_k})|07NZ-=jA3f;*8jJaVWwKR){`LP;1NsL!Lo9`VW#9Y<b>B1)Wn
z`S`JW_W9$<;XlOdH}SMt_JB}+V98(JqolT@lb??-F2zYg$x-t5%f)f@>LOYv2Yr#D
z{I0MX8Z{if;-v6B>%e99f$|6?*y%|4-dvbNVug<F4o)PulaG&Yi79UPdmmY>>WF#1
z=Xis=U&!5il*Y<6Y;SYuQO1`-V%-vH!Y?8}w)e?ngv1qR;uc7%K1S$jkJhp8XBU(3
zN>AM3ieu$$QEesLE04ZMj_roGN@dJ*66LMXdx^zF6C!X}z-x^J879Pl+8Y#*|Bt;l
z?`|AP?nVFSr^rWnEXn33RY_IF`{tfYEmh6el8Tm8-7}|8A1MhWNsK@w1_?@HkL}O?
zPDVs-0H~$9dfeBZntR<Mkcf=jBV+l+Y-lB<u$ov#svl`tATL$lk?M;31az-`pwi`8
z+;!FWTOKQ#_pUow*(rqn8L5rk=^k(22|_5}V%{Ol+NWCF{CE7s6#zBt&}5Raj|Iq5
zL)N~KH1gu#Cxw`a!h3Kbarni~Uhj~}EM4!CTIU*op%Pi>xd-`0jiseNIHugOF6QaK
zw6J|~MOt3ps^hi_En;83xW`etR$Uil(~mRN&1KxBcl|B+(Z$E0U5+zl*D7%}a-pnt
zcTtSTF)H}I?b6$F#ba6UV_V$legkTH@g2W}qOugn!6%JWd1W8u#eB8I3kr}J74w&U
zD6;#ckdRT8-4iyyA#$4CKS4vUd+<MBqB|;n^Bp}s$J<V*4cDJ^ms#13dC6OPO2W6O
zzlM#Zzs$<MeQT;1vgYU4u)m)e%mjF6@&VfO%T!XxoX-(zj%hBhrS0R^h9=(2bhWhI
z@dN&PqD!#+x!)f@c#qtdX5!3}xzXRQ<q9lGxrmb4+7GP`gT`!dtU{*%z&rt`Vta8m
zS2m<?k6AZgXUUwz4z^rVxh@~F_TK)Rx9#xpbjbd_3*E>{p-PY=%-{Ro-)~GOI?;x_
z7VMM<xkKh%u*ijSjGX=jLdkZl7y`%?g@rFsfvfp$t5Jfw6445FCq1&_v8>BWxWVKg
z7eP@fX_Zf-JRcQHSxgEELHCsQz$y=KeR8*?u1LHUrFU)~62Zd`g^~7`3_3Owar^lW
zvpl!pG;e4!9;Z)#NJp;yW)ui~sMS;KpREe;HAh}BIr|u1*|me{ko8o*WuKb4M>P*|
z7O^N_4cXhlV6dbIOR)q=?Cqz7mNxPie6Uw9f3UZIp3ro3^XZ>WLj%i0ZS?f-%Yak0
zVXAyl=$KQi2p>$MrVnA<R@q4D5<@mHA6!-nGLedVFtz4Ia-XDPE)-mX=|^A=*VFs-
zOiMIhHz$>Vk3Z*D=wN6XAF^#V*fv0Hgck|ysXV$VDbSrj<E;7vQ6dea5Pxn|A78+;
zA>x^FP)I=G!hJuBbuJiJ04_p7t%L|sE`+DuX8fKfDHwbS*bj~CJ#R&A1Dm=55zjfe
z9wfqQ%=Nv>d%UU7Y**nO58lBtF@h>I3pQv`G7P@bmomUZk(rf~kH7o;<AwhTp7nG!
z6R4PB(IQD>6YFNb{eFCQ7JiCdPg25C#>p%J&_xdyRdtvsqh7CP$y}UX-;7Sq#}`k~
z!b_}T1%IH%G}E~p{rDtDnZ7G&5m2$^lIQl@@#OgC?DO&W;m1j4fv0<Vi&jYt&I<%Z
zBx#<3_KnJQXN3@!?A4#IZq7fSd^tO{gfE1kJx@I(WwbES*3SH?*bdzH^~f&-Pr-!&
zoew+I`0m-!ZqJhZk>cgaWR%GVHeHn-{FMLpfB%sk^!E1f+}3wnOUBH!ZO!%N>DA{i
zm&d2uu9|U%AHPS-;<mCb_D7SCu!tw8m*<}^f@vLeML5dGCK#P(jHjh2GF~S44hzbD
zVV_){jnBu|Hy4x3&&L5_!>y%#B+G?n=cDFFv!+?3yQE@w`gBNjQ#{lmMo_AjMpPtS
zshfPi*W2Ik4Oj>piZ2d&1Fwf>ZvA&W{zFZyE#Ea9x(7#-kCxg9>{W51qC$XVRje6D
zR}llNiLNezeIe)39oKu9=MuGRJL_b0eDnE-)62{8$!Vn`+A1o}C};Yj#&$->XKEKf
zd5dXMf*u}$!CuY5$Im}roL<)J7I=x%o6Nl6OY#9A1lUjGlh@aDb$b12eDcbgzI<g(
zU#O-hHgJ&YyAkB|zpWg22vDL69K(CJi-QHp?g!gYW}6|ECl=Qi^F^jaR#F9~=<#=#
zpFdv*k0#fbBU(Sugs8CzJkQg0SFKf4rd@e2iiaX8g=%aKl)ZwYpKVFku1nLs0RSRS
zK7C!<R)|uCmGxp4C&h2r-VJANDtJcNSY1`}QZzOdilJWMN*8jiJeR7pHb%b+@Xg?b
z2c01^VIc~wRN*P&;NbT`l`RAc7?|8++HJ@+(2`kYG<o4#Q}s>l7+BRp%wz!~P@-6x
z+=+B;V2F_pdUFaAsT5jhUCVmEokZ|k9LN7SJO5jqow$~L4IN=8s<Pmvn6F#-`-*<*
zm5NgNr38n`FYvm>SmFPE(w&7IS$u_kwd|5Ve#va}hM<Qy4zwf~zf-&axA>i!u4R-Z
zRe#da_gC!b&!3Mk#^_1o+(oz8g)FUCHrSq7l11d{oC>@v>F=!*12|`chz+ZZ=;}KX
zR;zcJ(J$a`>gr-Uw_HCnSW>sU23)mQcaU!IB%DgA_sxyYgw#;~$kkivM8?PClS@pk
zV7*7c9xsa47AeG&89kxjYN59U4yZvgV`uwT?p9*HL|eqFl&G4!kg>P~@_{Xf7%~ud
zuVTiy3|NLRd^NaaHZg^eMU+|M>MqH@WHzWKG&G^I1rgo==4zG8tcsEYLvO+Jm!jk`
zFL}>sr^NT~m2SMD4C7mydDV&Vm6LA6gwvA^-LxBLxSn-pO}uF4(fpkh$&wdq3aj&9
znltbd2wn^%t3Bf!k1%10%*H1}MlmmgZo~gE|Im&nGM<&M`UHIdzv2`0<9@|wD<z5%
z0Vj_M4B*A}@-&(9DQ2jzO$>Z@tlzQIaM+r51o!2XXYoT4mkYu>17T3+WdhE@*T)k$
zhrXOlU=5{`$LM$ks%Szk11mOY%s{drATMwSOR_k*PvR9%^@1g9+3CqO+d1V$ng~_0
z6Or?xToszH>trc*!P9m%N2Jzvs8JMiJ%_rM>$WEA*~oh>`|2FqQ|+pHgOhAla8(wo
zNOQq<!0#q61RcC!@6gRWI=b9#p5%HHh)O`=(WRi<BB^gRr9sKnH#$v3_d<)Y>9hz&
z!x{7yWIs-2CfLR3`t4!=Vsw4@md$x79{9SI@$&8A<Kf#+_`BM=%a6zJ_xBFEc_F}U
zNRLLQ(&s0_cgcKl74cMzClQYpf{LQY6-iwz$?=`uEl^34%oj}Q&sxqguLtHoQ&u<L
zI#Yu<5w9X=*U~3Yq@}(rS!&54i}f)@Q^<THvWVwuWn*X}UKDF)l&v1bL$9@{w4>TV
zx=zQnYf0%?ZahPSF*@6aDYwcZm>sH>?gziCmDb8{nnhX^W2xXuxPYrnJkSN}Pb{|Z
z)Nrjqq;&m3jDf8YiRL0^vEXrsaR}0K1t76B`cXnPCq!___70Tc0)~(BOfy~*O1iF*
z2*J1jXXYt20sgwwFHQuH(<Bo^7Sc80yXL$u1Y$}gGbG4UHseXEd~#*6Mh}%C+gA-^
zk<%97j|Uk+o*I(+XB&sbWMXpa03|Yr#rst7a+Q>FrP%0l(n!<haT>C=C>MiT=)=*c
zNozXKt1KRUnlQD>b6EgbW)d5J^#8@ga*AN*dI*mF*gyCROSh_5Sd8_mdEC|7Y#QJx
z#)&1p>yxuI90FcT0oI>Fa?T`=k9f+nNEB>5!RwShJErt-Jn<dmf*L9$L7vjRs)ao$
zoul9vEKQ746dX2iB}%({-6sWjdh1>RNzvFstqgRZa2qdq^l35?LW{&`^JmAGC#t8%
zhLm!XlxNi~1-D3Df!XJCU220ogr>(rl*&fKfRk+yg@X&uAAeeLdac|G7j9Nauy3de
zMc<-<KDFkHFiaL|z&E|XW34ha*TkLCr{Fh!*pMWi{R<#U+VkWdmN}0}$K-j!LAVf_
zX<GTRT%9B;lJ}yh9cvIxcz*o_bh1zam8MzD#>eLqHY+$t?JzaF87le<k!uOVW|p$y
z9t}e?&1bq!eGvfze8beYk#9EWNZ-yu7mF<*wFbmrSwgpZbg44jwZpIUYal3MMyj4I
zc00{yy+X?J7F$jREiiMZYrXA2bRJsolnIBfdeRvq+jvG1#0JvW<F11+@*!L;mIfOe
zu||}p`D~_q<|+CZJrNQS`<$bPL&qfza`rlWWsi5${wLaEYtpk&_esScn%pHDB7AVP
zz=mTF`r5#0j)$zT)~Y{K{b@d{F7dn&U2pS~GbS{VCC@34m6Dw$nO;Il;Q57CX10Pr
z+vy5D&QSnjTA0bAbq`&ciMBZBxq4A#^YgJ+m2TjVAYf&y<x~{V077%pSK$?i!+AY`
z>h@s&?f(1sx41SI=R7~>kLUpDFOK7Dy|{Hx8%T<rgQ*Zkf4VNAL!xqI3;q2YsSA)`
zPQlJv&IH^`$~-qs8$!su9*D~8$Z!AOfo}^8EwgUOJl0AL*vS0;;r`y+x5)e`TZe;Z
zEKQW|#yBL~)Q+^7yKwHuT#}jkI5g|(QAXG4o=FB!OE#m=o5@F0nO-?APz=&t;x<$y
zu#u-2rv=Jjv=CwPyo{~#NG|mUg#h^wQ`OuXA&=TdNa<P_(A3F`GfiQjAiq5^A|4}=
zmn@!QZj3y_Wx!1MlCvmm7(9#^lrtA^@5189!i9>|haxFUy$?FeK-eL8adMNu5=<21
z_oCo)eTFOr&k(nrmk4KV3pz`IDE#_pl2I<i17c3m=1<vz@DwkSQtz3CAigX~T0w{9
z!i4<kgQYNGtF`<MgAPpEUqm5si-Zw?KtB9nxl+!wVPahf);wk@1j>4Gx)z?@yW=F;
zJx`Ok$F6Xc*;JMbuMS5(i#=9L$p+>yRQ?zQ6VfTjgB3NnrRSC&uBa#HNPU6Zv2C6q
z9#@t&xW8v?&+mV)KVLQgt{47q?|)Z~8GyKud9Yj!f=D5As=^Sh3J#3?jDHYCoJ3_4
z6>>zr#}d!d(_6D>q606U`TQ%-mggp&xu1onB3`v6kD0li>8S?1rBid_A08aMIsAK{
zdKaVX7aYqOFaL`UWs%GmQ~l$49(B=Q#brQv@9@ogIMtiDS1*<+w6JYh*S~7w-7CZ^
z<0xg;iQcVta&Q~R7rVW$YB`cKoI%5%ri0uy5A!UQygYpC54FAvbrph$8ySH_d&Q=J
z5+gIuxe#Ug9@#HE*VkA^%B5N8i>$ApbNggj>WgVU>ua+8`hX64gTelR9?>PwPu3Y<
zCec;$i@4O=?#2N@?`Sz=d_FJ4+zDDnF3V(@%qYBFA<sYP9ozba>Kl3{GtptGe9*E*
z42hL#r1cj>YUFAdQn6;9%5|O?s6ngcYvc!@s^D~pz=G~%Tjf<eCPn0swGULgUMK1u
zv}}y&m&ziU&qcK=h$2%$*aUPy2$N6&r(h5aagd0CkDBa|wRxJ_>d~W#6y8icf*U|;
zoM^OsjIYKMv**%wdP+s@`xo7V$X?q#r}fKSbGVQ*!g%84xbc*TaBHp4K41YSpZVz7
zjp_wF`GX|Ng(xTujCDc*?YmllM+Io-tmgkdL1LiiP$iG<*p5CMcbPO)QcPElva0?l
zfvlkrR7lF19cb7tOJ-IBL{1dcC5j~_O5G_h^-wM-ZBDWTpemaR9J6+V2aiH^(sT`}
z?J`l$63D+r0y1!HHDe8jg6(Ww@=VNmv?e3-x9xMtZGJTQ*u_okdUE;sPk+V?@SuPw
zM4IT+UT<$U?GL11!nGj_7q+hl>x{2O!QRn^{8YorypWIUXIsOIg0Gv~k|ruRkHw=N
zjs(VBFFg^nAI?S>EQz=AJe%e-mdbe&(YPRcKMj8N0Z8=L?ml}+%7vaQJOhu)67;?e
z&HCwQ-KP7LXGcKV+l{HuPe`w37Pnq~Ntw`oymS1+X?K6HKj^+cIC#7JM8A<p?8uy3
zDiswnRXi$79xc417yT*~!_>WH^ynwuO<}IFGGYrU?-U~)0xbm*)7nrCeV~`#t<{=d
zAO9)TxLNS2b7M}M$e6_fHa;tFM0%xKWx~$AC>I^Qe(sXe{I{F#cUU^@LM&mO4gCpp
z6cITGuLb=yuxab1AEh$7V-&WM7jkOO_i(>pWfI*P#X3)Wt!X|x)}KxaISt)Bj`h-m
zIRvUd+YoS0bU0{15TA8G^c{<~{J6la))xD5ba^qp_%wvL0Ze$z3-SN7z`5}#pP^@C
zGcSniOX`?k#R?lQQD0uE7SS)B<+IM@j|MFG`!7eQUD$rQ$D@nU<)6d-2Ha2cTyWS!
z+ZG%g!Nl}d(uT-2-}#eG(OEL(t1Mbnb20Q<TkKpCs-<|e_v;zp@Y}@TOSlFT4x*f~
zsnEN`<g&H(EXYYeU!`e(f3UazrllGFD2wk`Q!&Af4?Dqk9rI)9>p5FNNt$HNw>!y5
zY2&oifJ1{+!o_##GU2^|vVMlK%!^eS%ZIGzEaL<vnatQ)uC@!|96V`$Rl)vxcIyMj
zqf(mO*@hc5K{h0v)`X@4wRjjM6#L0V2qUy(6Le>gj~v^KUR<SQbIDd2dU2RrjCHmB
zcJQE(dJer@St)ZpQ6va6y0<Y4rRuSXQKI>{maGfHwfUPrsBV-c=I1QsSte5RbB^ge
zyRe<nGrcimu#DjXx4dUg)+gFE0=E6g7g!I{GxF15W7CXyW<v(K(t`2=;mWX#!H+U2
zmyK_<iJQ~Zc^NJ6eibl48JQCmu+&2<8Ys0$7+GatKJ&6VuP76&u4l?sqP!UKjhT^q
z2ptGsa(MbdCis$ZrB+K}+h(OxISU4+$3_b9PthSJ;!1R?-vC{GDZ}ALSu!Af4cNh6
znVvVo_|lUy&iS1klv4jKA2P@|OZr^!mk;ww-@5GZWIVJhr^5=Nub0`}CSx>EOw}Gk
zOvitrOYO~+-`#pcjljW*WfEPx3`i`Y1H>eR)Yghw>Bk1QYKx|c-i`EK4D|VrdW%W!
z#Z#ueRL)%vdtC#;_2R55M2Y$1jYdMw*gF>UH3>Lo>(U<r74!9UZL9`3Q)Y=s5$boD
zmupWJg)5z$e@s#_Wc_<y^ovzi1;fgcUMlC-_J5b;pyoBnSetfjvL*V_1ayOW?n`j-
z5yeavOElxSt0|eU3D*|jKXq?b1k134LB64rs9slfiot~jsLO0dvG~EPd|4%QTy3OI
z`Fw{AlIdyUQ_AwM`<G(keZt)19q&Ip#uLaLhLC>F&2889vsFq5B75Mtmr-8bwOkb&
z&N#U$!IG^PxDQ3@At=xo+Yo)TA0aYfx^^qTWv$=VlgT2@ZhOhE;R@?OOYK~72XmNc
zUf-`6<mJX(pQO#=@o|>mtU!o`TC#ctz}}WdFUj&%*)qKkyLJo+d2z?X#Dy&z4e=NZ
zOhyJYOK|16F!3xVLtiP1ybxrBK(;LG1bnk8^?giDPY`<WfqW1Ap;in+xV9XRLtRHV
zpx0`iuXkc?L`cnoW8F-x(s?~9CY|b`fnoCBv0MOVj$`EM1@i!rOnO4vo^{N4z7&B&
zh$gHztaA@dqg>|wdh1_O_cQx~^KGFqZRSZ&HC@d~Qk+*oJ{mWWEAltN!{5d2+nc67
zb^Xf^;5C^*eT!~{00C%$aR34M+W-XY4bGERXuv^D)%o=obaarhmR*dF5xT=j1B4%D
zFU}CzaDM&eqb!au#>Z4FxHQ?TwCneUd|)%+7xY_mUQG4=6Uj6sKL(P~WE8Cmmv_#f
zrEfL4JQ&4)6+3*O+P5uT9twUs_SCOc(C}vC0C7r?J^D=p!+3r@$r*-UBBmpbv-7};
z<T78CPTdVRB~xz;&5a8Vq6q>S;n-|9v}>Di9>X)2fFD6u;JO}sob|<fm9tfb=dyJ@
zwho1GvRuoL|8{bLk_Y%DdsUzF$CvdgxymM4=v)W8DddGoX5gVnTKv*kDQd%du++m^
z#QIKtjdWez*E~rf-3}>+AQTGoZ-c7CsFivxk{fuM)*Ncf7Za&D-^HMVXh3MjUB(1V
zVxSu-Io!1bvIW3CQmjZaXjg=>_BXf&a?=_-J7>;qqH^||3?;PPkWk?=+$V~)2{32L
z^I?F%)A4XT=~24}DK)H?4(Q<}v%{1ik9Lvf%);2fjcApmvBC9Gt7#;cOKvc>D*;1z
z40{(n(2ej~eg}6{T^Y=iufK?r9v3^<q)tIs7u&_IoAjw0`btng#}2-jL*JH?DZcJt
z<d<z6E^;H2n6Y6y=>3DDz94&$%*3v)1@Ccs7qVjtT)^QEA-X7#ZaKM8U(di<FcPr<
z-MYS@O;Z`&)tc%)JzAT|0TBII3t<y`&1Bcox^NnfU=Ea4%4=sb6KzIzHNsSJUK})R
zR*cdtG>^lt8QJFMzF=f^lL>FSI=bVGE|L$j0LP^n=<V?wQ8X}4iO4I9lJvmAXnPhw
zFn|KEj8QHSq;EL7`v2i`sDI-G26(nt4z9k~H1?YwiQsC3XMs_d*x&*@y9~fkprWR;
zZ7F!BAW;D?87B`-rYv+f2U!N;cf8C><}%~y{Y*Etwmger%y#s*@Ik&RN&U~pll!-j
zi%uxD+c5!|VVPo;DFAvvg})LA=$If4ke&_JxwvEX_-NA!U_xV2>T}-M9H5O0ey>S#
zP;#K69Ar1@54Yj1(8_PnMm1%mM^|cKW0hEuiE1&4o;*L{z=P4)U0o*N(#b!WctE!(
zqyKc`8j<gr`xG|GTg{;X0utJ#5{5uiG!|zElnOrJZ6egR$kv)Vw7OhKB}_#fFtJjl
zfWry8BHih6#ETejm|KLLO|D>QAn;QpY58j^fPcLo!Z894>kzggyE5;!NGisI{RFB!
zF?|#y-T5esNH{658}y{*TilBb6a2!AiEJx)XhPJRkce9|O|(`kiX>!aSwI?;QqsD|
z=|LK1FenKDKnSZ8bBxjUJSOwTM|gdy-+FU}-1Q7j0-9$ru+c3i!Wgy7+rpdbYOwIR
zU3xY?sXisGD$6FHUh?7&rX;0=M2kC+g)dBC>Nzj&f<YjHo<8H043Af-Ud1N<CdrJ*
zmIM(0fzjPo_x*bnkZGzC$u-xu<K|a~<rq7+QWmu<_{c^r8?)%HnS%{A*s0J!s4DzY
zdmB0290+tqhoP5v#Q5c4jFOEub87jp3W_*NMS;iUDUTKekZ5!iaN+`<ya7$~a#(<B
zlSFwis|?w(iEg1_c^m#G5myGU+?HdkH$^wh*XJ^UPt4V^;6^O1A@l2P<6wZ5VKR_c
z<|hd%!p}C>v^RjNtj8(=?@|w8N)l@Fo}Zuu^Uc_TCMydSJqU{Gmo@20WUJ+n{nR##
zwcTOuSu|7aMnMa@TW@N{Sm9ypHp~{%d)tiw!tM1`o1=41_z9h%h~8jBZ_LL?O0)JX
z84$-n&gw>TDZ2P4ptYmjro(0lZl`9-@?x&XQy<$iNUw(LNq-38Zu%!0!VEvH7Qp2Z
zU}@v(Jaq;1tr^NRzJWPm9HP+?2#yVt7-G66S(Fy*uZi@tcY8$pyE?i0jY9nzTUv?w
z3sZo6)1bee7xiaAosdswA*X<2+a-Dw%2F(IxYsQ?PVhpn=LoDmJki79wMq3%X0X^Z
zi2Nc7*&$6~iCW26aEjMQ#eshAbTWGfs+DAL#va=Zww6_pjyNpm?Zg#hXeg$-*i_7?
zVQ%PLu?LZ+PfewAbCq;ll)jeXIlj^-38IeExc3@YDO(T_y_EoPdJ2;X**&SSQE@Lf
zR?;i$dqie)+;8Fzi$$Ekp$_Ff%7V=co~=?|7&bf1See~<=0W`$vytJz=znn>+w|CT
z*!AO+yNHKknP{^eS+F)ThY2nH;^$#$H&Z~wL}wDjOOSXD!;Wo4>+7>Ce34{qOl;Am
zmm-~vS7a%H77DPL3&by1MaJF?-s4+Q6oB~@3u6d{^i|2dU^aj;$=Cv7`EkYppWlJc
zOJHv`p$~<8T<iZ^%7}0*^i_6j2A9}TJx{ZAqi+^BY!ZH2MRw4;LteTZIe5#aCE!*A
zP?->sT5vvaadzaRBb!6ZO$fMrK)wM+;26rdm*~PKohvzW`V)y~abJte7Ct#Ad~ot(
zG2K8m%riaJZS*@`#=v=}#^;0>8M2?Y(`l0PrJIl29kvbWd}>dLWN#`;-V5MS{I|6i
z036esOF0Jv-g3JxQ@m8e<AUodM*=vFVmrNUqo?OzuT0fXKlktxNXA5J652qn><fFY
zeKY314PV1=c&zI+|E-R8Z_n6tmYY0zW~x>P?#bgh+zaSaway~5e$c$j@3in=07yj8
zK3H1QwXIw)H~l$b@m5;h!;CRDbe*o$aVMZjne*6^CmCHgjH?6sWiY5B+|BgL>`p5y
zlYx(u-q$TMwNv+Trjl$9z9CJYRyRT~F%C0@yiufNsLZB72|AqSrz_ro*KY2D#PHdX
zx4%#}6_d`$_<L=DjDMO^Jv&mR34pl$G!0y@J`~7PP<}7VOzE3rtd>Xbk`tq6OEQ23
z670L{>xn&X3?g_Vqvn$fqGQ4de`8KPKCfQJ=vT1085nUhm#H^okd$R3S8T_EQ+isV
zz25%Yf8Dj1F9E5)3)ADt)BPBheGyAu<i#^QB^I-$D1E#f(9(Li#uc7klRBs&k&R7Y
z6KqsqN7RgX*cG_G32wq)on~HnW8`53EaXFo>}Ea7j4drea9IcK6`%ll^W)0fJ?ZLb
zHqiQB%xuUS<)YW8N1MW@+91@m&t$~YcJGD#2w99o7TLf&-G77=)J<~L-!e_>QiHoT
z(>$}yzQ$K3HxMxdhsSqXmcJnTjLH08^{vqYKb09aO(PRAr8^RCxK7IU3>OBGLHe;r
zNOfbv$jxgArfdT#6zJ#nEU)bQhA}#J;o%uQ!;R|w;QfH=_8s&nftGb8s@*5*EyZIK
z)N6idwNI7gbkbUUZ5?R7GlBQDWMo@xa~82pB~13SA-hYmxJyW-<Zk3up$}Yw`x{Nh
zRlS36R3Z>SNO7KIE)(o;pnrJ!Ciuy+`(Jz+G!Z~Nx)WK<OewOSfGL>zZ|BqLq`UWF
zZ*RBOmG=o}JkQO?uI7<@*j(@EY;s{c#Z56!y9_sSud*I~gF{8yE-e!D_d95y136}|
zx7X;oVM7v$LBNSOEZ&;7c0#iteEyKAh0zydeLlRn1mMod>f?2flnap*VFg~#q<J+)
zEyObMl2mz<1*g+O=E}vE6oC0+{AcwO=mJz%P&!^k9$m4(d@06(Ll((gF9d-3+E#2l
zF{WqD>f>y7v07g1&qe&5%$1jL=Qlp*Jm7b)`DPw~MKJ@D@5|4+4Q@OY4+iX~Tkp6r
zMlklrKf>+kwjq}N8y}m`9GWd=;7w6Rtlc@`QcKp}PhLrT;i4~mH!JJ+v#oc)ZMv$)
zA_6ZB9!0V+M%KI#3cYn^hLN6YWbf`h^uqmKKd9S;kx?iVu>kp@oo|>oklVVmw_y~w
zVWDgX_h*s7mppyoYsF;2GI1{oKPR?dd&kr2nG3JE`s?<#ey6$$f9HFFzQW&?{|D+U
ze)p2(Kcu-ANpr0lT<DCa>6Axz%;2;qX;QA4lIhBNHQT_2$MS~Kh+%|wYfE2`Rw*oI
zNGp~hcp0KV5&UJ<51gI7V}(HHeDJrH0O^fBSGg$Cb&p*M!D1P$ES4rviABki6x0C3
zlk=1|Q+?<K&2B_OLD1PmW~z@ttv4RVw(4&|k9V<=#xvtj*H_T?kJMwdJVX{1>)d1>
zuHY+WD(8TVY%Vaa^ivY9DZ?<icaI%o8)<7!awQ_YGe0DSn6G#NGAXJF;9Z3gS1ASx
ztO|p<Bk8}!^~Or<<U6JR%F;DCuR{!w?su;hpno%dT#~gdOKpSY<C^nih}VxvAwKC3
z*+j<s6B%1XZn}Wu&vQyh5w`HzkDs`Jj!!P_6nz1mD2WSjZgQGUOwxr|IV_d(ZUw=)
zg;;922zuB@1~(!C-YTpv250mt%S7shY&e(^3sz#@5S}Sk0L=j0K!PX+pU%`^2!fC3
zB`|a$W8+$t2oK{EX3nsF^qEj22x{^oXFLIujy3Ogq2+XE$v__N#2O<M@5I_W8YdLV
z<AR5XoL85L1U6W*ehOYuMtw8u8(42-v*b=x_g05ytY<Ww#@J%j;<}D*$h!q7pOGJe
z@p>Vmh<k6=R*1meuFYc8(-5O9ie7kvb1i9=ys*inT$ml3nhBkWNGQcISW(j|jQZS;
z!H-D2D(Re)OOkb1pjyTgz1jGrdX!aL+$VCSkmG;}<4MYAgaKHxSfqSyS-2!h4)nc!
zu&nn7R_(eHXEdq5%+t^K(9L7J1J$;P%85s}rj-&!mn2XFGedwW&ZCb~Edn61F6s_}
zx;{%^-;}?Vh(du_P<}5&&QraO;{FPFg=_!@5gKT$C$E1pWCPVQ04v`?PRQehfIy|1
zM+n6--RqN_(nm&A)*@jUKypJe^d6$44PQ|noK1$%S`wcITPSg+mxr7&AC1lA&GGPI
z%tmLhmmFHi4Y?=KDrz`G@7^ntLFsb$gx2c&_lgCD8+xFYbm=tZs!Sp)4LeBwozsi)
zZZ#=R^AV3Jr657dDCW6dCMMCZ(LS6W@9Wz}i;?&A>G3`l1y8^q5<Z%Ys{kD6bvmA)
zr#R|JEkTG7<`0UBoj&TVVmwjJ8YImd`X}hcONeVo;FPpq`sImzS0#h|yK%<dQFlqS
zKbnk<Umop*6#q3>o_{B<&rCd|Ya7&ddNIcI2+1{|p@B^>^xM)y+Z^h*$~XWO5glB9
zT51`nc4ZAV#;q|nkAjFfBLO&_QmLC@YbhmEWVxTN=_sSff1b_Zu!lkpf}-Set3Ii;
zgq(T;=Kj`BWG{^N$I$S&J#6a<((wzRnxLz%4DDh2|MlG1Mf|_p|ADQnb?%H%6vm@-
zR!D+6Fp4EY(<U{bo_Zw!<5RFLdI1}6Ptrudyfj!j56ZjL(BX?+G>Re5k9D4bOE1<+
zK;JBxQ6xO{?{^}l-qm-A2KXHQp!$5tf00>N+^KFZ<F4VY`yi$ZDets2#Fv*c75*rH
zM2{R0ZC2Avlx%#W{9AmSL=X~)kFX56AxhHlxTK6mp^}LQGpV=Oc&Rrho<ZJ0F+?HJ
znl|Ai6+Bv4Jsku$@C+6!OdsyNxrj$I7hMRt@rhR~7I`Yy0ug-Iaz&vh1TSE+NSKD`
z5r>Itr?;KX9iVR9;5G!rTLkPKfDf?94?*TGtZaOuu(yZor=J`8A6D7U-5>9F|Iz=y
zMgQyN|KtFSe!PMmer!78B_mS(2>bly<70Zg!kw@%b+uSvhhV4dwm}j=!{NMT(|25(
z5O9;e1%k)STNfej0b2SRj$Q*PI;!V)wU~`h;0YIov&@rBygYZ>QvzSFwFrep<O9#!
z;|U7_!|+N$6u>BCuBou8FN7;jTQ`<9m7taN!~1t1s;PynE^n3;;(@1Wucd!}q+gAx
zY{(tdWZ;3%O(47J@-V)z-c9-=;HuK;=J|`JMVJ>2HDG5)E&S{3s3v3D5}V{d1NlQG
z(<x=1&ANq@CCilSc(WYHt~OR>BCUi>@m`DoO06FFbC#}~#X6JLUw@s;*vGmB2}q;@
z;;gAxrf9#UI?TsnBI9HCp+BWOxH3@?@U1Wz9gGGFGc<&vGU%%pn7W}%RZq($J=A~w
zF)C#C|H)~GVr)HI2B2EF+`HZyI>vAO-6#Ns(wD@P7a(W0w%AS~c1_+1i0Jj$$JuYe
zVwOBxp{87ynF~<-B}+bkI!EktE=4Ai+IYPbB9|&D0sN!=Pk%c;y}bT(dU11kI{Ew`
zcvmj@Jb3lP>E+e<^98+)leti3P~c?z>GbNF-mjE6p&|}@ewC)iDAxX`zfHcJo!v}6
zpN)_I{2y)4kRvlKl)>%Zp|wR)-=6j4`HP&w+%la`ld8p7S*G;)NPqn?$r82Dt7Gr|
zz*;~X+zm@fQ=>~=uIVcP<&MvMXTv954e3Hrp+xCXnVu{>i_OGoh0cf2J%5o?>xD>j
z(y#Xdb*ib+En8R?4yiVAAIpsG0Hl4MWE6Swa<40#!bvvoiu(jsU?1poc@}qF^?lvn
zjv4<T_wFmE7cdhNDghqLg8zWOU-T7V<y1e#hr#!=neJ=EV<8H<m+3L|B#upWL#6!!
zfS0w<Lzkc3y2|4D835pyGVdZ}Io3y!ic0SS#<~tUu2?CSd8)U7K9<~VHTk4Moky$L
zOcYEdzgXR4v;bg5!~aSlTx204kw8u>1S6*u3<ePp2wJN#gnWw<<A(ma5-WjKIGwv6
zZDUBfg1B=-75}CmUM0Wat;Wt;>l&f?%1Sm%<%9C~X-IS#Ekw__v_mW24n7<p@k!mt
zOt6z|ufyJS*t-tfJLs@CdmVQ8ro;C3-*wpj!9j-|?Co{f-eCVthsy5{-oEPq=?;6p
z_d&lseDnTIhrQW<clfRY*&hyEi?Gj+dCnu4L2dn|YZ~#t6lIY_s)B7-yCZJ47ESeW
zh&kEUeWKRiqJ4yZV;rKv_0^kUAr>M7;Iz<^#iw#rR(J!Lcl`4OhlmBNe%b|8xwu<M
z^n$$rHw(}uz>GsIK`ng%Y1bMfn;Q+ZF<hKJ0`wZO*)m2+vkvWpE{iiY{Od{->;Hv5
zAfwS}<i9Rt?)@wy|CgSG-p?dj`fv4+1@-?~uD}qee2Z<R;Z_s25b2T~pN*?c=yvsr
zA{oRC47KZz?Y}iOr=uIuDWklj8SZE{JDNE<W4A)n(|^`A(&AA|osdZ{oUBR4KIbAk
zH_Xdo$xGjq<-L8vtJ2Es?&PB?K*j^bqbdc2sgdp(W%v(=2PkCt)@dU=hpZBz>$9sK
zm25D!>CZhVvF9k@6H{}8UFWLNnBxnb`Y;E>6$yvmHPzYkY8cOaj1Nu9(tuR$=*Z;0
z5RZw1oa~f-n@l>E-6>b%@GTQrB=zAlIX$<^ucufF8d0}FAo(v!RO<I{@%T^E`F33C
zZum9a+=+FanNuw=u#<}`bf<C0wBH8^c2RCC@F;TW;k<z;3x1NJ9}I~cwMv`|-mj}?
zoR18ddR1<QFR#z8UOM%b-XcR%KVq7YlH3gKU04w=C;0OiQw~u-5627rFckS9s$M|<
zqh6PkjX+;JJ*t)LC+?dns7eLYPJf%I%5m|;cEIosVir&JRc*mLNXg2YKOX5`f&^fC
z6tTVG{f*DLo{wRB#xoow=h{mqb-H+G-ezF3ZWuWW#jb!Hz!DsfoM-y8i#zCFbm95W
zY7d-dWwCxi7x<)LrA53K6{Y8;uvsJy1sQYqH->QdF=~jzqF3iAat4l5<a&1%l&Iii
zP70~7_hO~=K?gaYd#zxud5TwX_%_7>YLMDsfCk;C!9~i``#S<Q=XB$<X)34vB~P-x
zKuM>mR5vQ(J_*}NHt$8U5K`%SZm3)6rRuHuGTnXpTnsL~JcdE3^c{{7eNl<8YaZbj
z&}oXUBVvD%Q((zZ^2|Mrq)d5li?3VdR8;Uhka?MLia?9n-arLkUkYd{q*Xv*1-qp_
z#Y|y8^S0G4IZlTjcjn#A%~F*7#$CK`av9&~tNM+NlEi-{z@k%QGXxMY{|b?(95t3h
z_D_G?b6x67=}*b?O=Y`XySEo#*CE*BmtMDcsUqE(<sVrgIk&tnWC`gIL`D`t{Sly2
zd(Okgd7s2_*XmSZZ9Nm~cy*WLKZruh?0SNb_|9olUn#q=?WbWJ=%<3uc*a@G)nY1n
z5fi?FYyB3RQyG0hNWjA57q_X^td}Po10WN%p59W3a9>|2y3v9crRtZ35V(EN11hwo
zl2}B%fQ%xpdQ{cfpTnm%iWKJ@5xlWqy=;>Cn#X!!>&@(D22}Th?gqUw+Z*=`^k~SE
zM;1%naHG{W5Y2eOAh2dDt%LzJ_z8J*RRHYiLZ*vUtptULc?7p7rLWrHp_pWNR|3F&
zaHt3SjL8}W+6}~7(ccbR8@gK$cSF`pzs@h0XACZcZ0FPI^{#_KS8llkw`Je^H)H^x
zG^Ot}Z$f_X->OLeP1he5w}qN6#Rk`F!(}++Ft`vSyY4=$t8710STo%-T!x=G-fL%J
zy{A_S@|w+Lhl$?2*I_wV>OmIdH96%fi7<IMSxo+31E54P&Svs=J^;jJWdNFZ$KWPa
zxpy0UI4}N5kuFs}4DFLlmd^Zbl>f+xh%pLp$Zp}ITi9c7W09?IVS@laZo*u}m<L%d
zf@J$;vJ@SH!Oetm`=%A{Uq&k<-Za)vjds&`yAf~bAoCA<qu~W;w+bE!bOwK_1Yk;U
zC~(Z9h3Jxlp)2E+{;K)*%9-}eT%-Q!L1*YMZL>SBft{c!jxx=s>ZN+q^wYCv=w_UG
z^FMFqK}T$uHKSFzkVW!~i@C3tfk4*ohLXR}`K6ou$9BMSr=b~+Doz%fT6cVQ$DcXf
zzt?596*w{8iS=)AqExuRe>_hh`Nr?`Kmne6$Yl71VLb3U7-fFIE$QDXwk0bc8k0=v
zr#os7-|oMC+cvpx06|wXtcQqb=zGn&!?^PEXO#<%X;+-Qi4{=>HMj<7(tx1`Z%D5<
zG<BLr{78XoM2RB1atK6)V=&9)Dnp3rLw$|$p{9k>tmB?iR1_9SVw~R}eyi-ekk*O#
zq+Ir3XkKM^nS97t1R$9#iB;W=)a2GwcS-&Q%O8Kz#m6UfU(AIlt~R0xO?*$HiE!{l
zUO=L?W@3aG1<e2=02;~h-iU+q_KohkCKa6|ics$T0I^O=Qx8>ZARip3l<sUJqa6&5
zgcHRxnDm0_vF+83HKIlUtJ4$5tIz`-rpplpiIkGA4xV~A=rcAhX{HgmsmV1K@iYwf
zr5`6y!O*^glGe2vHM_n~pk0J5&&uPQ-94o+z%={40KU^MH5r<#ONrAMb4Y1oi)6k?
z*DOv{Bv%Fa=u)OUYBL4j-<x1)!mrCE<V@2O!w#ys;F(xDeUoELQSz9V+(3H2JbW|^
ze+l!jV|EwlGhdDD+?Xh;YE{bM6dA2b*|ly&O{(6yYQIxK#&BLp?05vt3V5Ko&zQlj
zMkRK|7U0<c{7upi@E^~J3ri2iu4C<J!9Gm{jbdl&CC_qc>MSLm=Y`CRL^p$sOOVsF
zW*-dBL_!zU^`qk#Y_6NTw2s>8NWm#Mv@#Cm9RQ->hVh*~Bt0V!_=PkNSl9XbG}Gcu
zerLKBzC&5%n0Nm+JDN?`Hb6<sqXhTvi)VFeCU2o-T@)pH#}~sI>+qIh1&W|I{u!ga
zn&&VQ7(y5OgZIf8%)&N-WhN=t9u{t9(;u21_<;(!kg&bMhl5~hkn5gxAF>q`!t*cO
zDa4!?ajG{GG@B%a-W3v)6pWW**Yyx2ccRROre`2A4h~}*)=8G61cH)*_s*(-#F2lI
zQ+wH<2oFbijP}otNo*kW-Jz=%vV`wE@9&`FD@JU^cxg%c6CfODTf}$JStfA?5GG_j
z!W1Jh2Xm6R*N4wcu8MNOmNF|Bl-_5ZmHZJB`dFeb@k-MhY$|ySj|jY1^>r_H|01WV
zzhyixyI2DeH&2JGJzxX2$Nr`Nmi>zpLVqG*+o>&e=bYn=9V@jG#if|}GBgM{!(e9j
z66qDVOS0HPejo|&Ex|bOZW6xf21|+ITbwwcg4*P{>b~)3d#wS1PW##&j}0CH5ae3`
zX0*PSz-OVi#JBU62o2S*^^n-;AMrXrgco{6yu=Hk;t}yxd~EWAcuD=C55za~fY{{!
z@GZR`HuydiTCAvxj)BnOz!_<km>Z`){dYsDtm4RYDbtjB?s7;lm$9lyO~5@0xJ#ac
z8rUSA(ZuwI^m$cIWL$TaLegDmiI><NJh~}t+c|gtN;6B<$-Cy}{oR+NqqEbS%hR*b
zpM76%&)a)^HvV#6arTC7+G|G_y}#+5aRslCCwFkC4?eNwzFeKs>nrpA8Q*Z`L#Axb
zi0LzFoVfj*n88NqyQb!85^)82r5b7BX}Yu;IrGJk?Ky&h3$pz@H$mmr71=ad#-qw3
zW&s;cAba$c^~N6K=7*0@A4Rk>pdjX7mz6S?shqDtQPK?K;*}>8+!ZC<2~F0l2|vdD
zyL+#?JkN&?i;ucs0%A3?!Bh^Z5h9tXvH)N7uxCuim=CU?{IM%;HyiZJT=K`OJMrN9
z-2WKWTJ$4?1@HfY+3C$EdNqH^6fYAsg9LFyb|NoiX=K2bH%DY_!FlTb_EhdyIoBgK
z2o%j^Ec#pEz)yn$73c@mQF;o-=hsFH{OTrciWg{#7+^K;|6tvDsibW>Ka%X>$T-dJ
zD}-L>n@`oe*h3%7<EgR{J^FcPsLBSVcY;mCo{U$i(>bexV^3s!lBi+@dfcN`Jcnd>
z7^`VMsul=DJ<<a-(6OanJX@R`uX*mrmZ0ia@9v@9_Q^w$K&qcR9nsY#$pDB1AshR-
zC?b)Se2&Nw`sAm4K%j*!1iBoUxUPzx1>_k}I4=3)m&|HkEe4u#SJap7+px?KT;gxd
zr8mh&;hW!}>4d@ZOw%c8BP60(IerbJl}7A^7mK_|WTB5h%$?$4*3@==Qxt&y5DUjg
zt?``9O;DlC*u3D8V7Vv~8GB?=P-G{SQ`-CTlm2i5-%*TMz<aQsP`1-u%1bdvZt>X_
zJu(Xf$3lydNj68=4I_B@&wOK5I56ITZWzj@Z=M*0O&h5ffz=p;^`g&RDAwj+tfmgt
z=MFez!OW0ZDIQC+_gvBQV|;A7YNkHnRr~PZ;LZL9x=x&Kq^_DtZ$ZYU&sn;@l(PJo
zqykae0)1hz%0}u!X1YlI#TO+CpEY`1W0|pt=NQ_P2v3fR3z>(q+vx0ULnBSFY%RX1
zl6wKa#bpS%X>w-2t$GdPMF$n)9phGKlok^v3ua)_d%;Y%MQSx-6bLSNi|D8PGzu=H
ztV%nxQ2%fC_TP904giJ>Y<Lzlk!KWJgsTP4$0T#-ybqm4GZv|6n&D0}A=U#+p(&1h
zwcqZ)J@7tx%HDyUi~CO+B0gSMuN8G~@~Q%+;<S7x);UiK-I?Sefbu}7M6h~z3>mvV
zyRuaHs$7Un-)n8Qpc+h^r)@HJu|&Zd@VW6~r9Hj99%2*1%#wP{wMP(6c&j^sp7<XU
zk+X5|{|n=B0-nBYG*0u}f1&cRDOjs+<RT$eugiwTNF+Q8JBb*gsvqN5Y+MR%C0@TE
zfzf2_b;5>-ldlV`@j2WaR`dFxny(M3fq<b}+rHI$^hf`9v>Jb3(QyG!ze#MIc!g%z
zDQ&&pe=;aeyiP5=se;YXaE5UUVXZrl@I(mSNG}PqnBBF*TN;%4YMG}3FoJm@SDAGo
zpbaswmKB0UtD+EDnXcJ_7cq{bwQ_6H|I+ifIT!Nn71@9t7J#hv^HrMm_us!8eAtQ;
z6|Iy?WOh^Ry?M9y?!*4U+e3eEkOlkn{V6-)CC^iy3HHN2x=uKtXxf&LD}71tqS)J0
z_ffCv)q($@EM3i3$%b|rvFPhF9i1dR1&gCxl?`KuJ}C=>>S7?F9MVB9$bZ{7=I@B!
zyvN#a2C7YqB~EyHjWv9W+)PJ2x|6e+vpEAdWwCBJN1EABG8S>ftDNy9g%sa4u7Tuh
z*nTcu*G`g^yX>4ldMPUqkipLqJq6qYx-lpUAfJkvECibhiiZfI6t|4vu#=0zB&Ob_
z7VQlN)E-R>K^4wKcFrHa#ZdfcE*rThx+X<7wn<k<jWJjkGmMBr?;d^l6@*ZKFAC!e
zq-P=_CDNP(2^m4rcEI4y;TTme1$UBBdR9oOYFggjvqR~cexj?a4XSq!F&Yy9?0v67
zv?SQ;YTCd5Y9Bb)2$w*|#8WOE#y~~sN|_}bt}`YRGivp|j~3wwJ{iPh;ROyo;jtb@
z8Zv7-*alTr4~o}>in1Nmyu1G%B1E4MU0)m}+6~XrTC`}h68seuo8v~=iz7Za#e4=f
z#B~+X%O&u@ybE3cv3Sg3wL{+AEcVD%XO1_S{Ym77zXf90MqOY-;AV6AuZUu;^mfq{
zw)xGN``XCT3X>ZnOy@FJ4W9P!yjku1gnOV<Im73q53-nq4WwwhdH>-JZc=$6XHD$D
zi)Z<%g{nD*kN|PyJGwW}<Hpe(B#(tu<qK#&-^#<m;eLy;RWb|?Urf4U5d^(E%$IS+
zC)Tx33qdhYWftfz=`4o}y@5o)`!4yWnOml<0Nmd?Hq)_%A&*5avRGtM;=5XoOA6qd
ztx|oUaqB(J(?alg4Yy><7VkN?7S6dfH3#HcuGn8zUe^Mys$&dK1q;Dyi=o}flDbbg
zI68LxCVm-vVtXtz0mW`1@?w?G3myxMGkT~Kb7<yTBqP7VTY5r5C=FG&yGm}Knu7su
zh#MemlouiK1=8}lG3}5+Idw9Hr;#Zzo+2rI#iPH=NaLf*IN2Qt`D&GwR?kp};Rx^E
z3QZH00|exVzW^9@HKK`P6)?yB;O$^gd2d`uDv!H_C*2evh2DO&pjJs2nFeS;)lfVs
z#j-H~tBW`IGF29IBP_rm8hS{*vZ0Vi#p%|bpwe8ZTf_foCK9*{RnbB!eplU9^6i|i
zyh;1DI^|}iyisM@N&kD$U40q<&eX_`p>L_RBE?Q{Sh%@k)IOe1UB#>J1@g@ER@b_B
z-6sFKFXNk|(ed}E7bl^UopZCR7p!{R1rV$C;sMwy+W@%AUgB7{u{*0aRR^9HnpLYn
zF*OsiNAn4Po(7Memrx80+Z#;VFQ?;MxSz6dGnOXzA`?nY3ON<c_exVlA39UvZ61ET
z&VALr8}#<}|Mi(Wn-*A-XBe<$eiIJp_JIeZQ-$b_&!iiny<wZG+V(8=v;}Y5k=U*|
zSvGlY;#q_A!{F8^Uk%ybU@%w)kC$Qzt8;I#|MuK_WB6?*(oEy<?Rf$(W`&;n8#g5L
z`ggS>eZ2g9as8q#$(DTKo@C4ahMSV@(r>vdS)$)=Te2j7?Y>kY^zx1A70c4p@!w`$
zZb0_5X|n=QQc*xpB>BBFrRX2NW6p+n&M@h-bsv|r@CJw-_ms!@E4@`$$tzq{SIKjJ
zs&3w;jb5hBlYm$NI%(D2^hNHkB=4in<ZFFjD@6X``1%jW*G*0TjU8W`;yzZmAqDXB
z%vpL~93???{t+VaKR!g_Mefx!U7qo+b~|Xr)ft!h|1G}GR~1pPdQiBt*d7!cT!KBP
z-o3$K&woljz24(l?OCN$U+1yA@w}{SR_JT`cr(80%bb9}jDM#dzz42VPsB`LU_t-H
zRz+%(M(Sp03CVT3UWrzCwD#~4d{a%oMhl+JMQoifk{L@VwR*6IG^d_f8s#e`mx8I)
zv}<xffqA&#3Fz!^`?rB3E%+8f5;RbVc9?kVvD-fNM|a8dJ|2O(WnYSP$lCqJ6>1o4
zm`wEQNrU*NNfK^YM5zbc%8+IABzxRYv`kf(N3f&#_)Jl4r@@r{0YolfmUhXk9rzm6
ztjOSk=-p|oqMfoP`;@w6s{DIFQ18~$m3!Ar@*2UM2|dU+lT&UlGtbR*T=GZCdPn(K
z<f_b9B|alhnWSWMQ7VGEAPGtrIOmU7$uHu3s&|kL#NFj$%A>ng-X|(RKn1jppnw{(
z1CQ2K2^cfj0#P*0o~>G;M6oG&!0GD;<Z4TknTXbr0l-%9!ISe%GxZeEYM;{4q;hV*
z5NUkQ)m?ap1?L;@Cth~E2eD8k1^0MQ??n+Ok&)2BdU%$ovO;_NZ*3~r9{$umx%@nt
zoSw8h?bFN4&zJ3=|6`lV#v)rce~#?j<TBP2Ja@Xj_c@jIIDPU1ng*2W-3&|P(%)(*
zM)GSRysgVvMmhTE%NY$UCHtnCL{36a4lEK4FV>zp#o1{<QVN43eDRv6CHR)1|DH8Q
zyJqO`lZ<hF{DMseIQGqZ2B$tqpsp8hD(78%TV?aQSiyD=HdJFVEzE6)l0o99Y-!Tk
z(<*sL0I<uVPa#yC$)l-6I%E2>RB}oh2%7+iBtCv4)?qRBYtW3q=4tbo>jUf0qw}*M
zPYZQL8JM{AMu%oco~GW@=4FQek}OJBvA~>{s`gquKKa@$`1Z3az8!qI<#F3Cg(?Sw
z{d$Rd4XK>>33RKkN4={b<h)NLnkx!BfR=C1I_9)H%sc~RcD{s1-pUQj`Y-$s%&zit
z0|S+QZYW`PIlW70F3Bd{ZzRVMg6{_8vc~salG*ketE%iux;~>1?1KQ%{qXMK!-vE8
zZPb0YSj?Ln^~~%rAeHfuwf6`6Z@PPf?%>1q{+r>!hvC78?%>^UFmNfgPM1l^?)Q49
z2rgKNl$XX|F;@CEhPk9E<95yg3Op`kPB|nEfYwa#Qg17XVm!?kyu)(LUT$0qW<tb}
zr=OS4yJ7<#kLtg9^WhyNCDRoGi<;lks2ew+j5yT`IF_2|51~H=Us}C`(i$PL&Umlw
zFa2|&kXpdyitY)TfI(rL84Uf(wRB_Bu^XNz{rf#wKmE(o(aHH~e@izDD*#$lmzi5#
zh#kABcx-erXX^SU7Fi<VR?E135x|<cpV|c7`behWvz^<hh;KXW_U>MlvJkiW+Ho7p
z)if0kMN*1xA$V+G_UrHT_vjpwK&nshQ^x+a6`CZYyS<iqHnKdRyGJ`J;x=-=gE!J$
zb`4&@l0ERGG$I|QB*?^rqb@U-gWf*Gdq%HSOY^SUx0Z=xDCET@gXBz3j&MM+ab6N`
z>?+0Ne(EmCStiOECQEjKKQ3#q%;08}%eb|rpU!4U)C*#P^j}%JreL7tUQ{zjo0B)m
zSez6hDqCANDJ;)o@S<klPcGR~#-hj0Wg+CfzRs6kEe`kCI01RJw6-esaGPb_^U3th
zGI|c_V$lLUwvR9LeYjlZy%wG47xGwU8T5ncxJ%t{W<e%7U)tP{&JAunVH9M-5I75}
zgO=4(XKq|j=0LJqA6;9&#ek5WVU!p@mk3E6C?*lbuk_NLVlRP)if)lc-Cyy8iEKes
zzg+SX5-J>k+pBRGelqJHcyd1LXAh{e$K#Vr%zRhq$!l`@&H-CavLuU>`y^iRl(c3u
zfU6yy2S}n5DN{{tB4bUD<m>j{pa=i!zi<ECRPB<hJG^iGs#>)KfLSW{-+q%`IsB%*
za#-n=Sv(jFhyA_5+e)t-e#>4tbiJ~-Kk(~edcrCTl}VCvlCk9~Efbi|K-Df7#4W`X
zO*o4uG9FKKMZR^$I@}FCt#gv!zx99X=^Ym;e5B8uy+Ln}CQI;cSsz@+WVsMUrJBPR
zRRf*B2LoV%eybIIIDBdry(TQ@dLi`PA9jT4s!%14E9{!ELx6P^_F#)-YqHa`(PV73
zUZYe=hKS4*%T~%ek+JCt#HEN5nwsLl8MQw^wUi+|nvBnMwMUvEZ1D?Xc2Iq>xxKSg
z@=A;Ux)Mbq6w49KK^phg4J{{PVf!0ePHis4EJ;%!)}d|IWj}Y4Q$o-I^wlaiL0sN=
zJlTD3dmH-i-zHbO=k!w4%cbEQg3VsP`-)RXlkJ)lry_@*9R(GV{C0M9j3xw;riz^%
zbzu>g5+wr?(lkFPcA(ml%plx2J4WnG^7x3SJd3n6qA7mOp_xvR`K?s)cuM4eT8mW}
zc4_m?tlHo;;};+eHP4f-o&jB$PM(}%lQZb{--`kSOn(P8c4OlmVTQbp0TE8uh^M%D
zx-*@PKmjwFj9WZU^l=UILr;z>?#)6laWwhZ#T-&e-d%F_*Dk0-T1kG+)n9?uus-Hn
zUSyT#Ig^<#z7hqGg+4b_Ys+eM0GPB^0IqUdxYhmjEXnT9WTfvTrh>`~eTbNsTDT(t
z>`X>?6zirt4fLCU&0!?lcDJh~?6w&Va%sPpcOu551K4f7W}-u;h3b|$IDF?fkQ@|Z
zIQMF)yv-R<`Qotg3)ALccsx1PE{9+~wC>)k>az3X9wM*chM^~mo<1H?&kr7u<nb$9
zT_9!{cYi;KN$(*>Qgmy_tF@9r!4)|CFJbGj!WJ;~y%0GqGvhtXjJelXnjgYQ1X^1s
zTr6dFCCXmwPKf-(es8=(o~Z@gB%dW-p$!h0mNw{BSGo1dgt|<KZ@DOhTF4YMu~ZT(
z#cgwMaKIkfzS8%$Or-?Lj`+?H4zl3)iCkGPt*V3P&ffk&X)%zm*}t+k1NO+?sNEJb
z3|yP~hq@}mol!X0yEDYm*v&5B6Y?|!C|diink($)His^;8yI^bUo~14#@-BCbtl=)
ztX2B5k+(N5WUWrC&RfH74_1M^kdJFW*Q1uUX$l@qKC+mXJm=-2wZ#C|+@@&Zg&>=p
zzAU$4I=1z``MSf{nfu^RV5d7Pgy^@n^aIF)bLpp|q^d~wvk*Kj7rz)^J3wXfBi1%I
zRP%amBgqtj_1okR+jK!3?hW=24!5lhSa1HVEgxyZ<k{W+X*m43q4=RItm`~l+XJ0~
zrY$5&Q-i<51|B6@Jc{E2)Hdn<g-GU$lSD;YfLK?Lma~19=>k((V7dwbNGF2<p6GRF
zLm=>(e0*KWZDrZDH1+110wk;+Z9QLU#`R#kg(p_a^k$$)(PX%z?1d)x1*-IVt@ItV
zofrzf08oQVf$AYPF(2s1=BaV;HGA&0G%9dCKS^<nII|-5!F=_pPZ4WYr6%+=z+-jG
zT8rB-=TbTUY?eR@Cfv1L;dNLG9Qyqn6k}MZ#{>vH?lTmD(6%yUe^D}P`HfZ7l}Y4C
z%@`W*n3h;ushnTIPc05_5Eqtwo{D>L^8)YFk}bGeB-y-$Z{ThW-@tOzS1mx@T9A=>
z$L4=z=eu?xS;P|<6**%v(={8n3z3z@T1$h5<j^cqt`=8<fW2HAneKz0X_a6fB|K*o
z!}OLVF|2gf(#Vn2Q6Ptr9+IVk-<voqkP2Y1jRsZqTDS&CQA6@*ef~Apa`+Xs9KNC!
zI*3UPXLfqIDhaOPb(On{FExoPpc>2_!vu8T(fAX)KAsry)ZAgSs1RJC(*Rtfq41}x
z&;3uApM8IC)Byp&mW-9x%}3);*T<7h6(7E);=|Wed>B^T%6MrvO^3{l%8R^v$F43$
z*KCQ&$qm>Q!ff&A&O0I@1z<eY``(i0S0yjiX;v1Ame2r|F@zB?=l4QBFgYtl<|+aw
zpcNqO0oZ^h<&zy-JI$McYPAHo(0t;hc;MCjUom{k=J*<|-?Vw^zJW@iu{4XoWUi+Y
zUYLNKmzJq!Yr;#eZ(u5mWIh)K$Rw58p^wn~uJ>7V4}ycje{zikTr>AnRdMayR0Q_1
z9*9b1c$ny3gRhtT5f27CDtm`--oI_#mm;tA+7Ev^8(pyLRhEgAof<pK&JWk8lU*3Y
zxyj2i6(!%bSwn#iPKd6tE1;vVWF=4Ua4jcA%yM3oYo-aZSfGwWpUq}Al~DEO9v?Bp
zj8H;v&w8q)luptk=`2L!iR!>)A~z(~-s{2t7}NjR??EDDQ=D9>UQrR;+#72c^!MLV
z9s1993zeRJ6+j3muyd~Na0>D~PZMGCv3g}Hwd@}p^vwSsv|FeleSHJYN5`HZ2Lr92
z?N(}g9NPaewjO%_!>S`^OS1;O5y}RjG|kf_O3HK{q&jq_2H3YaSjNcgrNu-9_j6&s
zG(}8GKoXwJl^Fz3poUnTo>LCbVmLpuSlRWC)_8l+a?h5ac{@w8)uWZqRH^qo^6hCs
zLacO+#<?|YC7NB#my}{7x#p{5nhQlMEhJu-G~Aj4YGA~*%!QB&2DArUBC$@d-N={T
z+u&40^SrsiCIwJ&eiK?ClmO1e^`;&bq7-I`J1m)b21&2;(59?O;qK|%B`azN)B7ZK
z#zx+5Xn2QIW{?dFf*7LUW(EyXxNY-j0h@_+o3(hSvS8CSh+m~eDgd(y@(SMTT_QD0
z`Md{;s|#S~61hQT$X89?!+%WPe@x!L^W;5zV)Bw>9$_OfmBb?AMX$AVSX};<(jk}B
zKY30UYwkPxHpb9^pf4$@XPvOsIh+!!>Le|fd3^Tv?1<#tSW?<Nhe_BnKG9vCCl1DR
z%LlbFLM>Iv)442?a<Memt;_?V2zmC(>cvF&JERXPP%Z5MxLm=rST6Oj;RO=P*sq85
z-tw^2R}rcn-2yZvcq(UACcu&*ma?=rOcec~VwLf-!(vr**kU~`lDOk}nWKycJ`cK_
z>w+i}Ca}e^VXzbJTQ`(?hXK#}`-HPUolJnxD2E_QJzWTX0<AYg7jU){OBk?~68f{<
zj#)7~e>$14qsd1gloxVdaO3Pk%TX_al}%{pZ4Gge+>2scF~N&;ZEz=%5HA<I9aua<
zm0dBL=}Xd%uAS<IF4lDiT>!3ZAa7zOUWmP;D^^khScYHTHPCcutcsIF<&aF)E_YB}
z!?GSvO!tD>e>~CGd7i6PYK8y^8LL;$6@Z~q=Z`0JV=D+V)Sn9Qp;!G-*JKBpNL-un
zHnYaQf3KK*IC|iPVBbNo8=1FUY|ECrEHm_T!sMS@Roc~MCLVK9BukN%Jhk<jPBjXQ
zppc&ST{rFVmW9E>UBFSLFaY~SwaT-1feEz5So*G>uk7sIh8+qfx5)10nt?XdhLtRA
z<Tfl19|zLduNT}iJh=r(Yn1Z*Iz?|f?WXTKMBn6<oXO&W7Zfh#z)Fo)2{p7BJL56#
ziaR}%)ox$~6ZE#UNvvZ@2$0GqRrMlM2;Zq_44K+8UJcc?@BB5o*oQ-}zn|%6^oK))
zu>f>PiIS#H7s``AIpc~wh&1hab($49WGDDnL%q{Ad%%>KrmI}DdldhJ&^G=8H<ODl
zNV>yFEo$SbFitFB-6#|&etatL?UJ>gA(_i30lAFPVbGjKN>E*9er&41(EFHVqB|!H
zRa!X4pw6R3BJME+7#%158B^^Bs5cCFq->+??8qH!-uj3eUQ@r=NH^oRVAc$=Mz|TV
z$Ot)_$kv%7AlD7cscS3V-8e}ZfJ)yKa++ivrk6!|Lrc43&S>zO@=k8|MODzb=w1bw
zu+CvZ?~yi)u0gaSdDKMSSqcDu4V#-8jAl&-d}PIX<JMaxXWTz@Ij}Sg27}I<{db4&
z$jN(S`gy$Rc({_aB=lxEpo#(l>=qKIFph2rH|~Mm(n)L-JiPFxh;2c57GOI(%TP&(
z;h1&A2<({kR;?1yuy-iuKA)y*lgOY$`TDaM?`Xyp=JN+qIcY%1EeYxe9w<lc&^}<U
zmEbq|VZXO`_?~n;?G9`24+eX~VgC?a2K7hY2mfi$t}8E30a*3HnH)7f5pB%VBs02i
zGhtw*YWDQINg>G}KeSqna=38W&b1RK$#39{xhVw5&hZWIILQp$hZg8zB=Ut=>I)#s
zSXe@l^FMZu-kPX(UBe~LIG+ca{AiB^`>c&KHO9%tDQuSj8v2g)myMLk8I9z{#(L<+
z>B|V?NsnC!K@#<8wI<raXc0E?5)yMaB2=`FR&hcohSnR$_&<T?5$%Ebs$@w94qx^v
zQZ5Q1jKY>uS6FXoFq6@0=rEo>@HOi7GXYnim)e<42zDRq=_mTs=x^b#u2(BSX{%OF
z+G6{heD;Zz_H(Xac1x*vgdttMnVf4W_MGlV-0CI4@@Vx56uyR+Fg(@Zif$ZJz<3Q|
z&`KqC|A%bfU;=6PS`9T0TNX3cpIHtsmTtr~6LGLNzW^t;LZ=ZU_9<FchOQ8@*swK+
zh6V`mjfme4>pR5xt~J-<d+)cJvAz9XY{vEe?}h2TDYfx)Sl*Rkd=Zk*3n^{H8~Tf!
z0$YZbo=(pZGv9;&7SE!9Hz9!Iq4!PDzh8j--Gus0&|EKt!mf3OkJWACuh1S{&(zyx
zH#bXB@*C&Sa|5A@G8Q*MF5r?Eb5T+^>(};8;k)_#)8F>~<9XL_4;Q?_^ZWI9;I&TJ
zhz0HoHMjb>Mv!C(`GpG&=<(o;#rtN%O6%Y6;SN9%U)Bi_YAB19D)sBrM+nbwoA5@l
zcC$EZy26KD@`9z%QHao!_0`Y!JH|eMy%`17Yw(9t;Jt(s*2~Cd3~tjkxNh@E^w`e7
zB8{7wln%ZdwRi4Chjr=Kl;b^~Zo2O2?rR*r<y5a5Oo+HPdp<--;h#8^81G1%INd5!
zQLuR-S9y?6!i}L*g&dod)LTrgrs$@ldO;7lGrmS07A=+riX?)Pwo%Slo2O|TCRRI>
znP|gp!fG|>OHm;XG`tE-I+FQ{7d$Jy^m*vWV{G_zX}cGNGReIhQ9z-gS%eF}%P=%D
z%98FZA?T_uQ|m11>NCEZ<jQ}RPP<E<tFD&0yLazZ*NVU}Lq8RK#xu@ht`<|ti?~6Q
z(9Ob9TCPl%aG-l1pmL86eps^5chH|zk<mL?iD+Lh-Yy__sD4=pfrltPph8<@Cg{#&
z(REd~+@Fo2M2h<z5xKFYUvf>YE@*G7|4&2u2i-({{^-5GdM0jpf)Wk#DX6E6lUfTk
zT2C`Gl`<7PYusLF`5;wr;|oFBeP3xS6hVx<p9^N{F2G<{6c&r$stYO+Fu3tH74`?g
zEOQKff**S425z^zpc3vT@pgbGWFm+4Vqb7AJtF=iE5zKajxF{%OV`byKQoM3%Wbc?
zG?{Qb6syckREWt2=Pf;1wdlX#_b9lgNmQyHyRv#rqvsj0E_=KG;q8aRcl#d>dPaSv
z&~<gYg-}1^lOY@EDI({dz^XS5^gs0SnHn8S%E43#$+191J7-Iw6raO3%wt}1z1u*W
z2pNW48QVYo;m_SaEW3Y**&nWZe-J<a^oR22pZ<{k{L>$@pV?1;m=FK3^)vg!y`Kz~
zmkU%mn{$IYOING+6fkb`Y#lbRAB+3GDr31KbP7a)Z#O3glbQHDv(5MCv{nBxk*$_P
z_ETB#NOWQ`UCld5Hj|wPUS#@KCyGKAov27aJK2%5+2;IWG(B|_5Khx{m#^%A*Kinz
zHd|-Q1uj@$Z^u)qoMUOCvTdU^j)O}EnP9lJ-orHFEKVT9R_60mE_hat6Y8QqKa~%n
zU<t}LrqQ=n+aBCG)sSJYA;TR=jn-kN;~4fFvt7sJY}OFV<`1tgdj!4M!0)ZD4ujz6
zlQUh~Tl3(irZ*$>hG%?Mih^`_9GnfkxOQHaVwsl!o}lz1z%x+4rWhbE62VMjz1^Mj
z$4i0(n~37rQ8Zo<c=cQIN28BbH@PToyt<7kT(3fyFW_9%Ocs~5l|gZOeRq9r?Qpsx
zNBhR6j-y_%>xm864vAU2Sf8upgg&xOZm4sWtFjP$iIpcY%1{<2fP%41t?>Pcv2uei
zhL?g5ZhoMV%LOU|Ey9{*_i&(P3SAG4M~%tDL4#wb7NteZ7BbhjfjKW?V<LF$TC-Fa
zoc6QWB7s1g7J|p3a5n}6k#_d3Nq0rt7eW3)iyvpRi`DWPS@=%o>g*l*B#sGDjs3<P
zi*Lp7X_a66*ugnl1ac33{43M#Rnf*PNaM%jv+<Yno70OQKL6Rr7&rLh!TS(d{8>0~
z4|Y5t69A6a!NyUE;ZTlkw|Ln|y@WZ~cY$04K-<UmGcr(B>559H^J2bQ8bB8yF)HRS
z{dgl5c?E~OnT{6o;S66|z;O8PJ9-|#g>PB>CAb|dv$CtD39>Q(1;TRE@B7QF?0fG`
zRYSJv%{5G{6EGS|$gj9XnG3X(<_(jntdKdMlf#4N_*&Y&Z*6R{hqT^+vi{UJ=V2c;
z0IFAmv_!Ea4={akhy;a(`1c}FpGDqh9^Q-HANTCRcsyZ&vjW-_*k}T&wD8x2a*n-w
zZ$1kut{}SBFXu0Vsdm>))sLYqN|gOApq^y&F7Mi>t!Bj7O?a`5Xt5j7o?nRbTt$hs
zqJT{`L~ER!0A87Gs4>@2lZtdRf_pGXF931(%kMVaAXx<imk@31GtuM+&0)sX(Ql2t
zZd5E~F)1X#*O{0?GZAn7OF!z>k}N5`9Tio-A(;?5xcw!A{>?<(enIy+?pqsB;wy^o
zr#=qQ;k|>>qUun@%0F8H=XDDw@LTC)$U)Z*Zr62Fzg5qk5N1yB5+1yztO;SZgSVd&
zyOX+H3H3Y);a3NH`{#+?M5_VH>@^|E?6(Y3-W;aPzA8|;Aym0BZ_g{jl{W?~zl_5M
zdiB8I=G;E730&S3y8JRGo9H!h*@&eL6?{?X^;N7WHM2w{QUkQ&(6+s<yQ~yuA{F-(
zm7m-vshA6s3YdP@tzK8B=xe@d`+{xZ*6mvGr4sOw4F<(ME5%Fewi-Az*Gs}H1NKxN
z-IPovStQtlz?*#`mhxW2WK%S3de}$|lb;pnxQePNy4L$z0f5Wqils7}6Os+7pp3JU
zIU+qHrO{nsR`+1*-3Df{Ara3}0iTF4b?UMA;@O^a%{jdXtZ%uRFSJaQm7ZK}N_Twk
zZuF~z#j3CU1<!L)Ac&(Ss?ScJQPL62$RQVe)1z|5Q`*P#LPkP)xjt_%POoo{#uq0y
zSErXhjE_%mt=Dmut{v@lkoi34N;&oe(rmi6#Eo9y7MjwlEQFrV0TV9l(RlApi2Op7
zM@bfwW$TZqBHc;ALZ28PXy`j?oUO^{v(l%#uCW)g6hk(4Ddoj-D&Qyt2C4TQDToo!
z?X8ZNcgWX=+G?b|i5$}cAn6JnMpsHG+ehQc<nr_N=bQ1QKc3uNUyd%WCZo&Ki)%}$
z%k)@{PR_>{9`PRqLKY{ad6o}sx+>W+nJ-GvRrqiJ_aE6oZ*R|-Y*IgSrOkG9_2;Xb
z%hRjRUoMYNw|#`)afSrm>vDzIRyH5((c~k@I+N4O^UoK-jP%&ogsbcy$#S7T`>4Ou
zBs3}Ob8x2xiBwnF@os*_D)T_EVfc%rD>ZZXd%gYr-hj!%m5=GgL2nSWX6E*Uj^oWt
zaoVE1FS>?L{}DRM+r0t6QoI?|u)M62thyNW3OMGKMNk!^{S+$xJ^`*?CW#7pipHa?
zOh&;&izySItn@wM%I4e{WA06SeEKLNKuPdX>4Wqrp^&F9vVp0bY&+FlBlr)X4C;n>
z=!5sF%kz8~w9Pi>n>6Kh4cXX?jg6=@0p4XY7T;<h{2VUVqF7d(8Gx_T$Gi|q`RBBG
zk7;SG%{h}@lf0-h6c!UxZ=2(+^451P_sQF22dEX4v2c(?O>?%Mk!Eu~8b`94jRvnV
zE`ba<vo_?T`HiyC__=7vZtQvwd?4J3O(W306Kj{k&+qN_>0eho{dfG#FLF<YQuwd`
z0`X~wtbHL(-l2b=fP<~~;6mbD5<7dnLpa=b+h1eCwRX78Id-aJ+>mAGKfk)_lZz{(
z4AylWSJf4$slR;jFq0*}>%y4&ai$=N620qh!H+IJ)-|^ni!)_3vAQi_LBg@;@iNJp
zlH0=zyj0A1)ZA6f*~DB5c3luEn41_#a)YVh1}B+5QsPzQ!Udj6NeYg)giNqw6I!HF
z=2L`<AVxg_O7~<`rl5Q?y8J3Ipn;xT)LLxl80W;nUR`q-82LT#GHdTQavb>s$)y*R
zVa+lWvl+-~jT6&%q6|l?!7Z~oU@g{|`LM~|lD)v;lKnSxxeP}N;sT7Y>!Bq~wE!3>
z;%;~r-_-rt7{p_h3z{2&8TqMc{z4B=H=+$$c3$n}=~LUBf9iSv%w`Ww_APxh*-N}M
zS)-pO`$|tuzjwA+C>h{l^#;1mN`rgnQx2Z5aq)c0$#avN=M!4_nyY71*<a)C`73+!
zIUmvD{zV(%28Z>Q+w9vPJ{-Pn2MAbw6Aie+yLe{vBa$<m!8B|6GGYi&8DOnh9ra&V
zvgDMeFc4A%K^YT7fW-+iU;Z0>*ysg^&BbZ8;Dwjb`rwX4&3|G0&YY##j)9KIVsq_>
zChAMTu00831q=JGjzS;SvUgyy@gI^{w9P^JnZ7|&4P>nwRfr$7TU!uGLjk5>ay33D
zt*zR>)|SG%gT1i?y?ugl<HgFlUD8AY6l!1d7o~z{l>6WdiZb9bp--7or0doeTV>?=
z=72U>Qlg)kDrIgSV^C+w3kw552<!UEj7OzvZCT_8&?2f-h<r3FMKR8jvH`b?T%5g-
zQ<DmsXLF(0PP8ftk(KGXgSs%?xqeL1Zm*^8BLpOauqr<S3K!5iix!2<l3!{tudoMG
z$_|Vn7sX5#OLlxQVV{nBE#<!b{=K?@z#@;dlbEj0uIgEkEC^z+Ri+MI7sLxM3VtCU
zeAgsOW+r(|SPzg%juy@J*;SWAJUS&^K!F*g;Do~Scl2hOu7i)^A|fCfdb)Nd-fXTJ
z*DaStGIx*2PrB-=MRuAla|!9-Hv3+ohFw>6WI}|4q;*FjO5f!4+;}OQt@U`sBBAF|
z0$AQK8W@zQ?`odgr!VPp-I2?s%=G7_WOG1bDTPmpdTzR=JcT%MaTPCxTEJS6nel*t
zJdBBA8HukpNn$1oq=d#-QIv$%Re0#^jsw`+JTAZ;ntLKHs_=PgTHa&h89{myW^vrH
z%g{7<x;ERGMS{0A>IE!O<o4@jpY^kcM2QaLnTuA`^(M-GPREh{Gz<ap`SeHRcfl@R
z<2`OanfKuoxaVmS>mw-k)@RJu$`7vhgR%L_8_bv;k6icsK(vhO*pTfFJ{&aoU*N0;
zS1dMNWpV1!C$QKg<|aQ>b;1C_RNRXK5aBk?-yXsx(P0T=V4R<nRl>vFYi7auwj<t)
zigKHLsI4tc<&<N`XQYEJp~koHc!XIZ0RUZ}FquBk9<pwkECtT;BWP^>I!Cxa))zDE
zoL+0g9RgKO9tw?3OlS1V#>~=4G4nI;6;hU6Y`xE3S**W~IBN1L^uFk8FuQ^c5gfM#
z$8?5{I3+Ju0!xL>9naV*(;J(}N<E}_%&H1|klZLqQ#!0mOvYnjv%;)?TmHHV=_HDf
zwM<-xF(~APPz34RyA%MD(YrABj}Y&|<o09#P7fI52<#r6ei~n}<I~IQ@yGG;==v0%
z+A_UfFD!q0ak9Dex1)&XFu*11(aj54%1EY0f2PlF`*LYK>tS1ny9*i7Tfk$kosoDZ
z0<M()<Nh%PR4@Iv-cRmDEz=ehY2UVx>V%ka*i^K75E!6qz_btzsi<)J5|)q<{lL#_
zJmKT^ZHua-IOcX$@IlZ^-94Y6aYT<{T7r-&=(^s&eYX!?314>b;o;!@9y~-MrYGRm
zQj67nKurejS29z=3rItZRls?J;j&_-$t`LSqBL*qLi|NUWg8_+Ek{ArFWS2l+35ya
z@FbUZ^X5V5<(f_jgRLDGGH-9{`7Xn1*ba5YE<V*CwTQh7Nn+C_HEBp6H36^J5#iYR
z^_MUm2x6fT0)c*w5#NcTNbgt*hyx&_KDh5mRa$~hL8?h7J<(&LT!2YWWNM(Pjm_7%
zFX?jbN_vxt^8e7EnsA4CKmLy^(`jv)H?Rs|CZ&(j4LK89K2)!De*MMH26Ju26NS&=
zXh4zJBCj4_p7dJeoNgW-U!It)_CciS_nCai#<2;WZ-OGB^GcWQVzQpZmTv$c5oHut
z$>?XeT+PW(w}MR}@&-HvKD2N}9@wh2a2TEA@&C`>w>LL(BYEE6`V<Ih_gb1GsfSx0
zk8XA%*pl4Vxuw>MYWwacE~bktkgQR$id!hEo8Gwn>=(#P00|U|4@vDCds~ihM6;?A
zZy=G6-|vV1&D+cF_2t>gH-G$7P(C%`{@vhkFnEWfL?QE!<gC{v>G~*TQKR@pxCQ#o
zyy8@7v2XO{gC>nhJj&5YdAUHxQ1Y)HSpNR@@~(gX{_byY`h&|A0p@;a`JS~tbV2pZ
zMqLahho|(D2^;^Xf47Cay}Y@+yE-=!=Ao?QmqjJHB={jBr~kh{++DUx`J_A<pHxi3
z&x6+Q^K6(5lTltSQcn>3Jtpzp)tmmC{`tH2A1*x6EQ0=@{{6$i)O&zW*GB29#dw^3
zj*i*j!}s4`{m=iq+f1vdBxGPI6E9}gb2#5H6MKeMbMp}k^xepHXQaiQcMhyL?u_$R
z)vxc5bJYv`rWy17j}VYOSX2{vCQeTO`Q>DKLEfiF|GX-GgbnuZAc7<-DWm=nf-qR)
z$myBdY6vygw+-N$sH-F+hTurQm@fwK!MS_iraxfl#pl6;{A3apU@q|%n}78DrvFkF
z(te;%oezad>P(F@9KMV4rmT%0f5(f1Ad;s@r6D{Nv9o9|cxLPa%7S%Rl&L)211lzt
z&Wi<dgsu1*((#m#jv$+>p)oxv|0)#o)cmVZ&VQ;*tg!Lh<z&Ub-Y`3B+YB6A%H~Np
z=93k9IJ%E+48l1^1MFb;)33h5Zqs%~l(rMpJf_FTb9h)CR`f)>ysgq|+QkG3Hn(MZ
zk*R6{hVD0ubRug@qKO}bkC|zc2*4sT=$$9zv+0^1rdAx};j~yr*Aw}!rG++({}_dI
zIG5E(7B$_ek%)w${#0_7WQ92s9E1QEp|koG#Fume^#_Bvhti=04VU6$s3PfVV=n$I
zEBgNLFW6j<4yLua1fe%eQYjX$mOC-s?zm0Y{m0JOI*w*+9X}~!>-gk5%-DL)ju9s5
znEHD;I6JYh9ZOm>Nvfe9%TbvV0DX_yP2Qe6f}q{g8HVySrSV9CxIq1ALt&N`E-uMD
z_M{zq;tVIPCv7T|svb(Bc``r$V19L!v)>$%EDPQ!R>L<kmAl;?vpI^RCoT%*xLRZg
z=IF_@h>pjBm1=dsj5}7_KpsJy1$t~oDK;YxE!yKZUjq=m0K{iU1$ra?5`lq%z!kB9
zo1;JmG8<5kv8`ddV8dsIw{0CD7__Kr2B^J2t)3io7u2pLh;9RDIL|oo41Bo8f&Rh>
zaYFbQanXgf0w?at7ViKrE`}J_p7H;X&2h&9AGRT$Z+5+U$mZvF7w7a=V9&pUJTPP0
zgmW2e1{jjojOx+~9HCdCBWcNz7UyMZV&sr<Rtvu=Q+ZG3BzyUJ5||xGF=i47{&n<9
zR&9p-Knmf5ir}VCxaP`eM0?o6p#&f~`>`{_1oE{+j(>H2b7jJFswVy&Ajc)D(F350
z)x1akgF`og(P&f_lnzRFMy~GHrFaDc_{s$)R5DRSx$_Due5F3jUoqaz_F>cA(Q~z;
z5(jlsFWhh~3Sv*ZEz_TYsF%Ym-${sE1mZ3|0gy1TlF(&_c5%404F0&~!8h!X_xA7(
z!v*VrS_{F9*%(tZK{^$uyz)p?OQ~l6caSTm5Ph2!S(Gfn2DD~Lp8bN0%+bHM`51vA
z3t%yRb?4a4`-{t~o2&a3elh!s?;vYJE7=#<pewEQ2yNh(F`W&)Ml*7yXU6sMbDSQb
z0m@e4sm4DmU^~NC@Y$vouZXk5NaD^8c4&lFb>8Q{L36sT{#QHtQ|;)RT1{<NZ*DF%
zpR6#Kt|;EEaE4s8m6b9op@{&r3OXq&;`#7NR_qHxDA@t}|7;nf)5+PlLhF`i+d4YB
z&Nek|@y$y0+K^}BurOc2U35P-P&=|hWb+zNH$DIL1qmr1ACVFa+pU!=^ImscNy(hv
zga0-7+x7d45AQBR;jlw1sdX;)eiP&)hMa-Fo&Rw6{{4OM<L&)j|NPQSnqgVi`s|;7
zuNNF)yC6Wc3;u@1hzh;_r~L-eWb0%$H$;e^s;sUp9~j$0xZ3BHc_wxb>)G6FdiGf_
zZTtjr+;+hlm@1%;Rf6c?M+;S#v+NfKW5o`+Dx240e{NE0N~PC=0xjaeL3){WAP4Y)
zwUg-gy`P{ObFGS(?bR^PH?IbLv0*jll^o~UWZF=`&Hbd3U3|f9GA<SlCfQ;>sge|6
za$AUT8lrx6&3yAfHJUXnjw`jnSoFz@1#4}nn%gnjNH=$Hzoc&Nq&`(ScM`VK&cpAX
zp`Ke&(O{(CR3K6l2PS&M@TSgh@QUH;|MiaXrSBN7uQ$JB*l#ugM{Q9oy*b*Z<!^Rt
z@kKr1(h}cpzXn!(4XpS=ffa7D{bPqzd=U`bR)p2>A#(2%Ue0u5b7`m3rzEQlF&L$_
zn?y$BfpvJPWIMi)d9t)d=gpC9H-KP0ecC3sA|yn_gF*}=3}!)rHKW_D%kjTKoO&g@
zqhvIdAMvhLmw<PUPj4%EuAgxoaYHP1SLq8I_YaqjC*i6y8sASgwT&1|DPvd?lLUY^
z$W)x)+*%Siyk-~@dh#o<B<ET3AceBIWJ*@}ySdY2DnTX{B{5i}4v<HA$IPo^wT@Y$
zTWM;jtHhxaE<ew;*g7|$L5wpl(Cd3Ud!onjU3)(+hVmz*6@wI@LLVaVWmbrfz?o-`
z+>c_E<hknX?1`+_O^`*3S$*Frk!QmysdU?jqzreYAAocZu>|Is?$BhC=-#zSa}8=7
z>6&92VPKW&#zln)y>*p5II&7<Z2?@~-~omoCl3}AMF~J%eN2jx?CoH;of8qxEx+5?
zj<(rukL8j&40(Fd97OrxmR0Z)0arb`ajf6Yp6;`LzZy-yeNA>ByoD-}BKC+y<`8O{
z%|&AS)X_WbwbjQQwJeR@UaWBq@eKEFGS3(XGJCQEH_QI*6`<r)!G-!B8FSd71VneH
zbL-Mj;Xyx(b9`_OIrT1A66ZZAZJeR2bT}(UVh0vIpaJs%<bpw%IkQ>RkxSoBW|TeJ
z6F(tB#$UwA=_xMKRE{c{C~4QDX&%vyA*2cx*M$(PAX{;-!373pGhKkL`|0s<&!h2?
zDOFyb>6aqjM+cE&jakeeZ}Kh&Igpu;$_kTqiKiPK>r*sW*3#uSLbm*TUX}AIOKO=f
zyQDSCR7~=6nB<lLTh!AE@SOc_#^vIbKk%y>%ob|X^&+pcF3B>nCrb2hugq+*!mrN<
zdg|e?7N2L^`viv~+2lqMT^B&{9(@NV*@}C|IV<06Yd)3@F*%O2NgUE)GYRdngod0c
zE%fFBTChchVWMFOpt*{^We|-HPf9Njb4)RYee(1htP+xdO!tmuA1jKLI1>P`VPRTb
zg-w1g-%5sBC6JY?2z-ooZo7p3YLsXD6aBjZaX~MbG7X3Y{(8*6>Ql(2|6vDAV}SRU
zjm5HD5Qszy>4KFUl@tbLMX`@ty4@iw*f360p<cAB_H5R_U%9pNaY0ckvz4R=Y9m3|
zcuSyI78og0SYf(9K;g0PXxTn)=DIp&b31xMbj9%>PkP7S^-fMtdnZTU01ek-ADPyS
z@(jSt9r#LzL+&8*3kOMB)Kky`dbYfKz~BT}7xe7xJE+nFJxR-1R@XR7M|6@9v<~r9
zCZnoU%FfW9xGD_nJYk2}!gg`n-d$Zudsn4}f#;H4qLmDCzG*cBYKrUbI%nP8z$p?9
zEFgF(Id`ww&5~_m@iBIGchB-3UV2wr-<vOo7Wk$O{@sVc{pH>D<=}_E>2u}s?x)K;
zZjxVPlxO>je>!k0y=SM77Rb%^>kRj6O!uy%8)Q-OW6Y<J3Q45CV+0)M9@yGyslf%+
z#CCa?YJDK$Aw>WV=7b^mhGAAD)lx5$tQh5sv;klkokJa=N~hMrPZ-db49iDw1Xj`=
zI|AVS@y-H(O*CVOv(xf6cf?SRl7(t(Z>B^of&P!~F-YU5n_+Zx0PeDd4i{OD5JJ5j
zXQVaQriOgd=_HVGp~W%kK7zY5m9SIXH=LNY8M@w?E#$;G;C*|@$?3P?hBr@~0Va@O
z@><$NcuicFsS@pBzwxFcqn>^N5C?hr>DGARFV!f?0}WKre${k{!;-Cxqtg6!MgQG9
z-i|yQ%h7Vg?xB{x(W|S8DKM|IaWV0Q+e`pID5Px`#OFbLCdBMwv7t0U8Ex}nJ2`%{
znOn_f=OUSH>ui8H8OKu*=JCdbM}34(D9CsdTaPK?C%(wkLq}Xg%U4F_yK(<Cm4ML)
zqYdoMT2rV?Qgjozb(EFf8`1BG2umqvpfNEDuavcH&19M_W*wmxqp3)gNTFtf!G!=W
zZc0t9%S!K<`?}r-9btq0_rzWQTI^#(4v@wk|6wdOc-2rMn`wn#rdWRf8qoR)m<O#e
zGLI(3ND6|M8kMNwCvLEazZ=kotjz@csb-t?8ceT~mD;GSAx#Z6@fy10Oz4K<C=x2E
zv5bh|+V$g41N|6n73?1Z?3-k+DUe!Q_eUk`DwB`Wp-sav#ID}lWZ|?lTI5JQ-hlZA
zs}rwX<Cy1F3lI0k@qWxj#SeHcFM6!EAMDNL$Ax)W_-!kAm4H@%e`A$0S$D>nVRk{p
zzrr~aYje1dKjC~mZaW;mef`|y_4w%I_4Ovb9fl~_K8l1XSXo>^cx?YepTMgIuz3)Z
zUCUebdV_-)I|h{Oph}$;XvC?E@NRNbrt;R{fRi{2=?ZI=!f43I3)uvA4Y$eOv*Ld4
z-`!l@yglQNh0>Wey<kF97rn>GMDL$;3CzY;-os)jyGYH&klyvFV-Zdh#WG%;89IRw
z0Ca&S0<hYchC31adnd2I{nN<-f{K~CpzUXx6e)R6VZ?6l^wE(+*=WH6sw&g@R<3Wi
zwe6D-xPY_@-hK*py2hpp2&?Y&AOJ%K$&9;o29b}R#Q@|1SiW&RcqUdW)7H!Y-BvOM
zd=0WlQuPQOu|t&MIoXwr62L<~Q>kj>5ra81lzCZ9EW0KOq!r*d*G!^<Ds?8lv8JAg
z^>p>+jz)x0{9ytsH+KdzlGsr60?5lG6+^-j7iGaFD*%$&<SDih{z3GA9GuyLhq6ur
zFd+n7)3UopcGnbn=Gd8xxXX3oKB+($Xl(LK>>8<D+}j^7&xAwn>P;S`mf}mG5bdkr
z`?gfr7KQSi9^{TOqpVaZ;U@hVOS{Jzj&_5s_Oz&kGgE;VuCD3ar&l*BVdLul(0^a#
z%Z})S^S2{z<l~xJU&wK0jGf3VOs+|w60pI1Y_aHFm;mZfpO3FH2WTg%MWF=fw4d~H
zQKL#ST^etjw9X-K6V`nOS13ZA1gO$Ny7&PDsz;6-*CaAYGKUg5WO|}+tfiGSV3rv3
z#t$6Y&)9aI=O$uNBx1aPf2w6M!rp@83vW3^Ehk`F6@#GnoUtv@igmge;hvml4>HfD
zWl4bAnG(}vK9@ySOghL1nJf)mlr`qKBWg*mLvP!0Llptz#|NS-c5$lgI*eJN|J^qJ
zL}q1%lp+LYB?JW|g*Y~2((?+zdALjSasA}d-@u&R#i`r+g(0TUYJpRuDZACvH0iI=
zAWD7ZCNk>pT;KWXQYeVf$d@s3sf5t%)Vm3$3(#bsSH_@Edy|cLu!Ox24MM&SGbpVK
zb_?Ti5RQ_-!DTow&M|7jyxF%=3L_6UxbcZazlbe)EAHJJyWer20WCySOOaJd7s<If
ztcZP!Wx-bRaqr~yf3vh^jmm9|F|cLF5kC6JEAi@fb@#P?_NBWp);(9Zyl=eb@z)q9
z$_A5z?x9z=hIs{UOd*+^+xnuX#LKpmH-NcL<AAIl8ta-P%s2oHEbFn8+<u93g8VC7
z^8yEgRz`bmTvL#@CUEQ<<`v;Eb@4a>-^|f8a%?7Mg|VYy>ex&oOLmB+J8UP1TNc{w
z3eRu=1h)ScyTfKyhq%olv^Y3>!!xQ)L6z+Zq7+tnQx<n+$+PFZc*}23Pro_gKfkTY
z#oYgW-28DZ?%&!vH-ps0N(8{Q0^j*qLTf|TR|Kt#jl$N&O9rmDVk@mYFgFA+ez6dC
z@zO!;tzqmh+w|v$v&RG4x3T@U>lIDQZ`1A@v--B!d_#+G)ZW`_?Tw_8F@hq$;z^J|
z)&g)1Ntt6=Jt4JBZ<e1VWNYfmduCgf!FDgJS(q=jBFjvy&NLHVw%H1G(EM$h{zgGm
z8z5%47P<~OTg0%l#rEjgVhj9i(UOT5=HG3#VLl}TFP4M1Dhp4n%ER+&FUT|+X5c-$
zNo_fJeiojm=ERS}X6kD^`L!L7zXg%Mxu=S?2>P*a95Vm$%S-llW~N22VP|MvW^MV#
zEO@PPV+$jQl0`k0MV%2efREP@#%?p2BA1h7v^;}<_jw39-QIi?Jd|bpy2^KB#4IEj
z30CP%N$h7m+3S!%^1j<hKpy!=$9juAN3I8@pWploRWTdeC|xm2ibay=%&62Avut9B
z_YjI}CesYc(@WCk-0LC3lza4^U<Wa^u%%uQFbVh7M_H-lz>(Zp^{ZzBBp_fBDEBDf
zphYH(vH`#&v*%n^UE{_veT%6g`u168c`g=;`*0#6k^8bNq~R=Nb7#%Kw1^$b?FL5d
z8xT3{-vd5U)I6A!m)zfnb5hz_>4h24bWCiov{V%X<q!cR5?I=ttKC1F)Cm3TFRZHm
z-?|Ci+CxDBE#jl|+xP@<5@$-xWKv|sWW30Uo(xR-tCwgjj@L^^nI|q5+r_5~m^sMs
zhNH;$DzF&ASSZZUgQ{y0Sp`0TfV2`nL}(c>cuSMo$3F}RTKPOr#7vH+Ns*};s@NO}
zcNwVwG0z70xyFE#mJ*G_$$Xx}`cDc=_6R&_b~vp7TLA@b%}>axsfVGG`e*_A_Fzp@
zEv$^kEWrfCI#*pY;2&L<Mrb{Tue}?0XuC8~(#ST<JCIsnGcCZ<$BnJ$RayLxa_E?9
zr;;(T7R;x?#qxv+;~IyI!K60Xhft`yY!L-0&8ad7CxlxdS^so9J3-{PtC60{K_Iy@
z9I}FZWO#MdePQ!bTXSQK-%yw<wcBlaOz73vR1fac$dsw;U{gF;Z<q<j@{~+qKTH}H
zq}Kq8#^QjY9M@t!Ez#D>CuG2k+jjipW;>Pn?2PSUu!n%yh2Ci)$&nKj!^RL06gz1n
zoG@oC(vsNZYME5ceM&rQn#JVtiAN2PRZaZNXN?B<^v%3i{wtE(Ho2Se4@I0oXZv$|
zYvSP@-WRQ$!mI>ydqORg7g9;L0f>D+b_2Ib`FWnvbFHQy@V)|1AtqgnO&?`S?9vq2
zh0vEG%V9O>8;z*sXi-7p>fg(u4Jn}nBX2!n76);+>v1g$*;UiBhA%UgWW0(y8}ZnU
zP(CHXfoHE>p#KgEUDVxj+#TwjAkFj!K3te>o8{b4W^b@laL0$1i-+ufB@b-3Lpo@_
z)cuEy*xrmz6yVwBGveMfF+fP0Zp12L3sz3GN@Xtn4&}{5N3TMdmqPZ$xgiV|YFX6D
zXEDhhr4q9&EfB6`%(DN}1kOPDC@a2B$K|2|S8!2Jdw?&1vN}RZ-U-`TFGpoj>uaK{
z)S;eL-M^PZb+~8jgk3CycLqH<6T3&^NF0kl9KIHR*yUl`f2BAde#g^;c#VttN~wjc
z?&R2y2cMu#nlFEou4Z0&$cog4XrLJHIc4G{-7I|8^>!VB&pBs&%qG^WbJf$keh-)4
zzc3O09?@u7fK|V7o>?S<%4cDZvF{6`*1<OMO4s<6nd)@D*`Q{YW+lR0EfHjD+3H_@
zuB!yH6X7PrtoW>ApR66(Cuny^t(J08!1X&4e2;}(-SW)Pr<Zdz?;9~;u<BC>BS~jj
z@q%Lk@-`ldXH~tKz4*+!qrhLM^1gZG1sj2aH*7?kWBs<tX5!^n!^iX_k}jb1`CnF~
zts0?5QdWrfb6H$Fnv_{m$7B7OWZ#5^fyADh9L1a61<72La5ogomts7Ik(7tlR`8JO
zjoQ(!gtxb)Sx9?pSbJWZu49>mtqnnL=x4WJAZx^l)rWd2>m<uvk`{^o?-azc6tA?B
zQ>g4wzS0{XWi*<`L6Gs}?)F?vGgX(9Dw%~8B?8P8XL_||qmBBKRb-=1{Dz$+O&T4q
zJ3}HJu7Li&m~>kFy$v6D3;E4Tr&NPgC+@F*is*PyvEZp@6n4*uJPhdwA>y(fP=1~R
zNQS<pXGQAi&_1IQLs;RHf)SeR?gpuUEBJZDeq--+0~06hS?R2ZP~^nl-;TT|dVs8|
zdX(7b#cKWpf}gEh&_e!$f6-%QlhKZxF$YXQ+la?{VqM?0ee)6{zor>2qyNIKc(GZq
zrZp>Pf`1@yG6neY`CA<Ow)+3Z2EDBr(a{dHkcd6U;5eB_Kbt2ZxVM1^15K(S$7L`7
zbgjfboXBEm(fba1O{DLjZX+;9K>vW@&{OI0p{|m?UO?z#6MhM9r$B-Xwk-JM1kepR
z_&&v7eYAo;diiwC&%g|&UzDk_z3qvQ_+D>Xs`{=h>yKid)KlYp1DvXSsRvoVK$H<K
zVGR@Zl8L?|5@0M@+|jjUVDwleJ9q=f^Ij5V6TXe$Jy=6?b85DNlDR2%Tc(jFV7zF@
z8089vZ$tU)#=L3zV@0EEfyqol=LEP{A&pd43rkcj&T%sI7j=mPx)SNMEdZ=NhASGv
z1+1;+_icm6%-1cmx-4r_-d0aAnm{mXK>JQ|Ri4?ga`WMUNUAY3^{`qLgs*&vuRflH
z3rsE5sLmabN-EW;%7%ztuy=BF^v9Fl4!$(bKF7$l0tr1_Np|UAp1p^Gfhe0Wg8Hde
z|3}953T*^P7@8>`ZQ&oqqRw)NI7td25vSVQLL8W;YoN`{w7FieBc!sHBeeLM;PGN2
z6gW0GU9Q^M(>+mEDatS#9zdLq7dekTHwctJey8r8Py?{Hwt9;K+-?^)14I~IifW;+
z!Uj-Pm!_tRIxRmHJ9{E66lTkPfbZTH1A1n0_9C~<2WcI<NDr75DMUj+ZfsHqM0u4=
z(xsVx1w`8Hc|OX7EcQTIVd+*rW)Oeag(7;!<FET&jgnkeL2TT|4u=zi^^Nc0OhI9+
z&VbINL@Gy_(pRPqhLPL+UXr6nON$YUd2a`HpqsM3(=7tdK8V)ag+^IawnKQWTa<Md
zn!dXOxVPo!<ylBIyziLp4vg`-R4&KZ<Um>1tNt0r7BaVui(@fYbtRLT0Z(HN)}u}+
zDpOF1UYs)u>B*O3ANu_M{8roz?hm+x?(qr{iNU2T7b;(xB<x`_deB=%foy{1=t0)+
zvSK1D%a?q7WPwNlC{NAHLg_+MNuaHNr(8pPj$3Ajv)>S(Qc_9r>aY5;d0AEP<#?fF
z`hQ;OveQD{fuuVs;T#Mq^v;eKd*Syjr0&e-6$W+T$LP7T;F*?dFi$FQa88p#oF1Qu
zH%ooDCf)1u;%0C}we4V3id2*ygG>FQQ0G(>_#`baW+OaWFFS(Jo9XG7WQCZ^N__vX
z7dIG*1KUnAn%Zh|UheDU^VR%TRzFbS>zOz`;!{$j5bH~*D_NRL$nTq1@-f2!PDXY1
z$maq@5rN~AP!IF6d|1qJU@*XHL}WsG!sOW_a;>DfJhx(4#?6^HQfpgZ$=cvo#)?M1
zCS7*7S!04;y`ZpXSBVR71S$;0KJwsgDL%i>v=S50Q7#nD8%Sscjl0z2p)AC+UQHH)
z)vi_jiM5K?i%L&rh8k(2v(&V#^hR`l|E|N?RrOH`_&R8ByT5;D!V3+eZchv>R<ij`
z*Y_7$l@RxYGnfHb6GU}c(A2%Zf2XK&EM%bB0O--IxUX{z@U-h1U~;fy;3UozDziwz
zs!tqLOi;BW$|B^HX~KlRML=3OIm?13DQX5?6yR1bWlEs!vuB}Ck95h2ct7Z3_%IQX
zV~OSGCBh^e#gL8l&<9(@w9Hc_lENnOd0QC)g)0i4%W9G2WijcAJG+}C_`KGa8&&Fl
zz`@iVX8H-^gc)>kAwP+$TMj#9t8XM<>)D+r2)i{?d_=J3XdpF_uVP>CIENIAQ&x!l
zZKk%tvU7lWbn}8cqKOc?uaZK|lS&pfMz}dWWpI9f8{iBf<noRh)$>prgttjS>WQ28
z_m^kl+<=dCyvHu)%=}PEy(DyZ&jE9!tPpy1TF!`tICfK{l5fhQOB1DgA%Rd9*Dq;g
zH+qMF$NK3lJ+v*2ASo^95+RoTXk-117To?&*2%$+|3cU$!RK1j)kj4!0R>=^RKsMV
zcep&qeGCz(Z%PR9NNRoNn3SK6(F&!WJ_Py#s~&giVO|1^Ii<?*xWF*(6$*K?s10VF
z?q^*kzp_>onIaTR#DQ`tQJ)$`%6^4w2PM<n^dhabrpiuz_GU32gLmZ@2l6{jibCe5
z&lhx%S8^ov(Gb*_n4v9jm)<9mT+9;KnEq`c7jlsOA~7-N>7{blCkq?mrR$0jWDX(}
zV9Zo{WwFNpHC`Lf*w&mMW=iTd30c$?p_WfZSI*#eIzx+FY+_@RAj=HwO5M8bTBpFG
zUL<+gsStV!0hPKvYMMM4pmaA)Yl4~90}YT75Oipkw%-4=%B*j#IP&1vD@N6FZev4B
z)PQCvnzjw^C8jj~oK^DeBB@fnO<dh7IqGn%ctA<8AL7CQJW)99pq0!}bW5iaIA`H7
z!aI4qJ6tDN%^p5d)(k=r31oIbf8FboQ=UFScL)em^Po8x6c9iLX{{cWaQK>DwyOB4
zNtPjX0oUr__UaB<9F^9uV(57A3PE^KP#kV&WCxBXO>P6)4n=PQ*A6e5g4@t_Z2K@R
zzplz0t)tWq7Vic@u?^S1FfYX&q)j;uA1MqkM(HIFlIXN-R9mpa;@s&$+j`WSfI7?l
z(yP4HP#@>w10OV0P7j(3$6}5;BGQ5)R|`vWyw@WJ7wDQM-dHyU;$TS&0~!m6TI>)R
zI~oGBne|%-(mC*Eru3lQxH?9BvLQa|jPgfOEUrfY==MFP`m-yJJiVc9K1_Rxf7C>x
z7ELs2sNvs2ns)p%Fx2dw5Q<v(Z0+n#kEk90Vs!2Jw}u(gE+E#OvDG2)S;P6mzk{*i
zKAy1u<DI#|7_@yDABUEa=)b+Zi3~+J82DOjG$P}HFGmJs)sSpBD3KmECvh?Y+*I}|
zJ?Y~EzteGnMyi2^0@xAonzgEIw)L{t+9DGo0x&*;y%7nRFhQVpy{|Fho8gXOBYRaa
z9xBnVYpLq8vTR?EvO;Ce+th_n583=jeCH?jN~0Sa?c^z~@udXnwIiv@^hr;sGRF78
zh0xWJ7Fn%iKK3`T5>;okl5&p<Xf2?3r3O^ez=uJNd!C#xlu?U+4R%ZOM^u(zX!Q%V
zW>)Wg$5iQfDcb~gt1=Iz&JtBOQpukuk~EI)JWmSwWXU}ME;G1gK@p3BIOeinSPbn(
zML5n+4x8u|Z#c2~X<8QQeUXP<&WS}mN>LHrDh!T6+w`{x25Ytqo>#tNEy2Y7!YS_f
z=OwzwD!&F)2DM)6?o|E)3;<=w3Z*MWI<t|U)R=)G6{)k3#p-rVgSWEX`mPi8;AkBs
z^oEsrXbSIA(+>BPth@D8cEcy#aanZ}{W;e|+Nf5a+<y*1==a=<A>6TufF<#c3{wZZ
zRmGV#{&5wx7;g*y`I;KNx1p-$le2tDUCqbU{SwMr0}drJ#@@Y2d7)QXZG$HK43C(g
zXXt$<OnF1aFWP(UyZ+1Ri2-0ZZwCk7vmsZJdiv887KurKx^0SGVI|q9fcD;RL^5wJ
zyIm{yr^WNnc#`znJLGxoH`DfiHPt#?&0by8q)rSaNLyX?I|F<tvK~Bh7?WyfIJ__7
z_AA$o%%Z-TK!xV;w^?LGAw~=Myta~wKpN=Sx|2!zbCuQdeK86v{G!JpwjXOlK(br)
z1N+hgZxh?;Q4G%S_pCyFIYqRAW%+yV#%(oGxBZ;=Teq805<7LxR}XRtODuS$|MS34
zNm?ja^>>4QPh6f0aP5?nDw$84z}B9u2f4gQ9RErs-PcEd`gV6kbp{J?SNLlYe+$9v
zK(hm__QPN|yi8Y<#8K$(g81+qoB{-aMK&E%kC(&4_D^)8L4|bd;nG-=-qY3Jd}qJE
z8UrP`QIRfg1{el`@eE-9r{ErgnX)f?lb-mqaV-MGPw&sxHSm|7dK~Td{%~;iXZ>{-
zzy1ql@f~z*$wAEwD7`B4M+u>SrYXZE#0_P|L@ee!`0wf#{jjF;Ml)=(vlucA0t^wy
zM?L-D@!5Ar-yL^6eZ0qAEV?c5&W>3r`jx(+ef^JM7{34hQXiA5HvGK|FKsOA(G+6;
zn>a!6%>}XTs(CgZn{dU*ID?}Q!*tMv>5iOK=5hkjD9JoCrbb0kHV#_|lA#A6=QgRQ
z6hjORK1A{A5Z>wOe{EL<3oO$toni9K=Xr+icHo9#CeOb01qD+U<gKf;eh2^GQgs$2
zS)+e-$1GLz!1`UkIZ|Hyi6IFQL}MZFLP^mlS8<LDM*WXcINZ0my0yH;2x|ank0|in
no2%RYHA(m{U;n=Tef|6T_x0}u|NdV900960T<xNX0JawZ1S_V4

literal 0
HcmV?d00001

diff --git a/vendor/github.com/cilium/charts/generate_helm_release.sh b/vendor/github.com/cilium/charts/generate_helm_release.sh
index a4efbe5137..de0df1dcb1 100644
--- a/vendor/github.com/cilium/charts/generate_helm_release.sh
+++ b/vendor/github.com/cilium/charts/generate_helm_release.sh
@@ -7,7 +7,7 @@ DOCKER=${DOCKER:-docker}
 ORG=${ORG:-cilium}
 
 cosign() {
-  "${DOCKER}" run --rm gcr.io/projectsigstore/cosign:v2.2.4 "$@"
+  "${DOCKER}" run --rm ghcr.io/sigstore/cosign/cosign:v2.2.4 "$@"
 }
 
 helm() {
diff --git a/vendor/github.com/cilium/charts/index.yaml b/vendor/github.com/cilium/charts/index.yaml
index 8c48e04022..f24c0d23a9 100644
--- a/vendor/github.com/cilium/charts/index.yaml
+++ b/vendor/github.com/cilium/charts/index.yaml
@@ -1,6 +1,112 @@
 apiVersion: v1
 entries:
   cilium:
+  - annotations:
+      artifacthub.io/crds: "- kind: CiliumNetworkPolicy\n  version: v2\n  name: ciliumnetworkpolicies.cilium.io\n
+        \ displayName: Cilium Network Policy\n  description: |\n    Cilium Network
+        Policies provide additional functionality beyond what\n    is provided by
+        standard Kubernetes NetworkPolicy such as the ability\n    to allow traffic
+        based on FQDNs, or to filter at Layer 7.\n- kind: CiliumClusterwideNetworkPolicy\n
+        \ version: v2\n  name: ciliumclusterwidenetworkpolicies.cilium.io\n  displayName:
+        Cilium Clusterwide Network Policy\n  description: |\n    Cilium Clusterwide
+        Network Policies support configuring network traffic\n    policiies across
+        the entire cluster, including applying node firewalls.\n- kind: CiliumExternalWorkload\n
+        \ version: v2\n  name: ciliumexternalworkloads.cilium.io\n  displayName: Cilium
+        External Workload\n  description: |\n    Cilium External Workload supports
+        configuring the ability for external\n    non-Kubernetes workloads to join
+        the cluster.\n- kind: CiliumLocalRedirectPolicy\n  version: v2\n  name: ciliumlocalredirectpolicies.cilium.io\n
+        \ displayName: Cilium Local Redirect Policy\n  description: |\n    Cilium
+        Local Redirect Policy allows local redirects to be configured\n    within
+        a node to support use cases like Node-Local DNS or KIAM.\n- kind: CiliumNode\n
+        \ version: v2\n  name: ciliumnodes.cilium.io\n  displayName: Cilium Node\n
+        \ description: |\n    Cilium Node represents a node managed by Cilium. It
+        contains a\n    specification to control various node specific configuration
+        aspects\n    and a status section to represent the status of the node.\n-
+        kind: CiliumIdentity\n  version: v2\n  name: ciliumidentities.cilium.io\n
+        \ displayName: Cilium Identity\n  description: |\n    Cilium Identity allows
+        introspection into security identities that\n    Cilium allocates which identify
+        sets of labels that are assigned to\n    individual endpoints in the cluster.\n-
+        kind: CiliumEndpoint\n  version: v2\n  name: ciliumendpoints.cilium.io\n  displayName:
+        Cilium Endpoint\n  description: |\n    Cilium Endpoint represents the status
+        of individual pods or nodes in\n    the cluster which are managed by Cilium,
+        including enforcement status,\n    IP addressing and whether the networking
+        is successfully operational.\n- kind: CiliumEndpointSlice\n  version: v2alpha1\n
+        \ name: ciliumendpointslices.cilium.io\n  displayName: Cilium Endpoint Slice\n
+        \ description: |\n    Cilium Endpoint Slice represents the status of groups
+        of pods or nodes\n    in the cluster which are managed by Cilium, including
+        enforcement status,\n    IP addressing and whether the networking is successfully
+        operational.\n- kind: CiliumEgressGatewayPolicy\n  version: v2\n  name: ciliumegressgatewaypolicies.cilium.io\n
+        \ displayName: Cilium Egress Gateway Policy\n  description: |\n    Cilium
+        Egress Gateway Policy provides control over the way that traffic\n    leaves
+        the cluster and which source addresses to use for that traffic.\n- kind: CiliumClusterwideEnvoyConfig\n
+        \ version: v2\n  name: ciliumclusterwideenvoyconfigs.cilium.io\n  displayName:
+        Cilium Clusterwide Envoy Config\n  description: |\n    Cilium Clusterwide
+        Envoy Config specifies Envoy resources and K8s service mappings\n    to be
+        provisioned into Cilium host proxy instances in cluster context.\n- kind:
+        CiliumEnvoyConfig\n  version: v2\n  name: ciliumenvoyconfigs.cilium.io\n  displayName:
+        Cilium Envoy Config\n  description: |\n    Cilium Envoy Config specifies Envoy
+        resources and K8s service mappings\n    to be provisioned into Cilium host
+        proxy instances in namespace context.\n- kind: CiliumBGPPeeringPolicy\n  version:
+        v2alpha1\n  name: ciliumbgppeeringpolicies.cilium.io\n  displayName: Cilium
+        BGP Peering Policy\n  description: |\n    Cilium BGP Peering Policy instructs
+        Cilium to create specific BGP peering\n    configurations.\n- kind: CiliumBGPClusterConfig\n
+        \ version: v2alpha1\n  name: ciliumbgpclusterconfigs.cilium.io\n  displayName:
+        Cilium BGP Cluster Config\n  description: |\n    Cilium BGP Cluster Config
+        instructs Cilium operator to create specific BGP cluster\n    configurations.\n-
+        kind: CiliumBGPPeerConfig\n  version: v2alpha1\n  name: ciliumbgppeerconfigs.cilium.io\n
+        \ displayName: Cilium BGP Peer Config\n  description: |\n    CiliumBGPPeerConfig
+        is a common set of BGP peer configurations. It can be referenced \n    by
+        multiple peers from CiliumBGPClusterConfig.\n- kind: CiliumBGPAdvertisement\n
+        \ version: v2alpha1\n  name: ciliumbgpadvertisements.cilium.io\n  displayName:
+        Cilium BGP Advertisement\n  description: |\n    CiliumBGPAdvertisement is
+        used to define source of BGP advertisement as well as BGP attributes \n    to
+        be advertised with those prefixes.\n- kind: CiliumBGPNodeConfig\n  version:
+        v2alpha1\n  name: ciliumbgpnodeconfigs.cilium.io\n  displayName: Cilium BGP
+        Node Config\n  description: |\n    CiliumBGPNodeConfig is read only node specific
+        BGP configuration. It is constructed by Cilium operator.\n    It will also
+        contain node local BGP state information.\n- kind: CiliumBGPNodeConfigOverride\n
+        \ version: v2alpha1\n  name: ciliumbgpnodeconfigoverrides.cilium.io\n  displayName:
+        Cilium BGP Node Config Override\n  description: |\n    CiliumBGPNodeConfigOverride
+        can be used to override node specific BGP configuration.\n- kind: CiliumLoadBalancerIPPool\n
+        \ version: v2alpha1\n  name: ciliumloadbalancerippools.cilium.io\n  displayName:
+        Cilium Load Balancer IP Pool\n  description: |\n    Defining a Cilium Load
+        Balancer IP Pool instructs Cilium to assign IPs to LoadBalancer Services.\n-
+        kind: CiliumNodeConfig\n  version: v2alpha1\n  name: ciliumnodeconfigs.cilium.io\n
+        \ displayName: Cilium Node Configuration\n  description: |\n    CiliumNodeConfig
+        is a list of configuration key-value pairs. It is applied to\n    nodes indicated
+        by a label selector.\n- kind: CiliumCIDRGroup\n  version: v2alpha1\n  name:
+        ciliumcidrgroups.cilium.io\n  displayName: Cilium CIDR Group\n  description:
+        |\n    CiliumCIDRGroup is a list of CIDRs that can be referenced as a single
+        entity from CiliumNetworkPolicies.\n- kind: CiliumL2AnnouncementPolicy\n  version:
+        v2alpha1\n  name: ciliuml2announcementpolicies.cilium.io\n  displayName: Cilium
+        L2 Announcement Policy\n  description: |\n    CiliumL2AnnouncementPolicy is
+        a policy which determines which service IPs will be announced to\n    the
+        local area network, by which nodes, and via which interfaces.\n- kind: CiliumPodIPPool\n
+        \ version: v2alpha1\n  name: ciliumpodippools.cilium.io\n  displayName: Cilium
+        Pod IP Pool\n  description: |\n    CiliumPodIPPool defines an IP pool that
+        can be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n"
+    apiVersion: v2
+    appVersion: 1.17.0-pre.1
+    created: "2024-10-01T08:15:06.105239065Z"
+    description: eBPF-based Networking, Security, and Observability
+    digest: 414555ed00b250bbaa9edff538d1da68504a557f1c0fd165edca313bfade2d3a
+    home: https://cilium.io/
+    icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg
+    keywords:
+    - BPF
+    - eBPF
+    - Kubernetes
+    - Networking
+    - Security
+    - Observability
+    - Troubleshooting
+    kubeVersion: '>= 1.21.0-0'
+    name: cilium
+    sources:
+    - https://github.com/cilium/cilium
+    urls:
+    - cilium-1.17.0-pre.1.tgz
+    version: 1.17.0-pre.1
   - annotations:
       artifacthub.io/crds: "- kind: CiliumNetworkPolicy\n  version: v2\n  name: ciliumnetworkpolicies.cilium.io\n
         \ displayName: Cilium Network Policy\n  description: |\n    Cilium Network
@@ -107,6 +213,112 @@ entries:
     urls:
     - cilium-1.17.0-pre.0.tgz
     version: 1.17.0-pre.0
+  - annotations:
+      artifacthub.io/crds: "- kind: CiliumNetworkPolicy\n  version: v2\n  name: ciliumnetworkpolicies.cilium.io\n
+        \ displayName: Cilium Network Policy\n  description: |\n    Cilium Network
+        Policies provide additional functionality beyond what\n    is provided by
+        standard Kubernetes NetworkPolicy such as the ability\n    to allow traffic
+        based on FQDNs, or to filter at Layer 7.\n- kind: CiliumClusterwideNetworkPolicy\n
+        \ version: v2\n  name: ciliumclusterwidenetworkpolicies.cilium.io\n  displayName:
+        Cilium Clusterwide Network Policy\n  description: |\n    Cilium Clusterwide
+        Network Policies support configuring network traffic\n    policiies across
+        the entire cluster, including applying node firewalls.\n- kind: CiliumExternalWorkload\n
+        \ version: v2\n  name: ciliumexternalworkloads.cilium.io\n  displayName: Cilium
+        External Workload\n  description: |\n    Cilium External Workload supports
+        configuring the ability for external\n    non-Kubernetes workloads to join
+        the cluster.\n- kind: CiliumLocalRedirectPolicy\n  version: v2\n  name: ciliumlocalredirectpolicies.cilium.io\n
+        \ displayName: Cilium Local Redirect Policy\n  description: |\n    Cilium
+        Local Redirect Policy allows local redirects to be configured\n    within
+        a node to support use cases like Node-Local DNS or KIAM.\n- kind: CiliumNode\n
+        \ version: v2\n  name: ciliumnodes.cilium.io\n  displayName: Cilium Node\n
+        \ description: |\n    Cilium Node represents a node managed by Cilium. It
+        contains a\n    specification to control various node specific configuration
+        aspects\n    and a status section to represent the status of the node.\n-
+        kind: CiliumIdentity\n  version: v2\n  name: ciliumidentities.cilium.io\n
+        \ displayName: Cilium Identity\n  description: |\n    Cilium Identity allows
+        introspection into security identities that\n    Cilium allocates which identify
+        sets of labels that are assigned to\n    individual endpoints in the cluster.\n-
+        kind: CiliumEndpoint\n  version: v2\n  name: ciliumendpoints.cilium.io\n  displayName:
+        Cilium Endpoint\n  description: |\n    Cilium Endpoint represents the status
+        of individual pods or nodes in\n    the cluster which are managed by Cilium,
+        including enforcement status,\n    IP addressing and whether the networking
+        is successfully operational.\n- kind: CiliumEndpointSlice\n  version: v2alpha1\n
+        \ name: ciliumendpointslices.cilium.io\n  displayName: Cilium Endpoint Slice\n
+        \ description: |\n    Cilium Endpoint Slice represents the status of groups
+        of pods or nodes\n    in the cluster which are managed by Cilium, including
+        enforcement status,\n    IP addressing and whether the networking is successfully
+        operational.\n- kind: CiliumEgressGatewayPolicy\n  version: v2\n  name: ciliumegressgatewaypolicies.cilium.io\n
+        \ displayName: Cilium Egress Gateway Policy\n  description: |\n    Cilium
+        Egress Gateway Policy provides control over the way that traffic\n    leaves
+        the cluster and which source addresses to use for that traffic.\n- kind: CiliumClusterwideEnvoyConfig\n
+        \ version: v2\n  name: ciliumclusterwideenvoyconfigs.cilium.io\n  displayName:
+        Cilium Clusterwide Envoy Config\n  description: |\n    Cilium Clusterwide
+        Envoy Config specifies Envoy resources and K8s service mappings\n    to be
+        provisioned into Cilium host proxy instances in cluster context.\n- kind:
+        CiliumEnvoyConfig\n  version: v2\n  name: ciliumenvoyconfigs.cilium.io\n  displayName:
+        Cilium Envoy Config\n  description: |\n    Cilium Envoy Config specifies Envoy
+        resources and K8s service mappings\n    to be provisioned into Cilium host
+        proxy instances in namespace context.\n- kind: CiliumBGPPeeringPolicy\n  version:
+        v2alpha1\n  name: ciliumbgppeeringpolicies.cilium.io\n  displayName: Cilium
+        BGP Peering Policy\n  description: |\n    Cilium BGP Peering Policy instructs
+        Cilium to create specific BGP peering\n    configurations.\n- kind: CiliumBGPClusterConfig\n
+        \ version: v2alpha1\n  name: ciliumbgpclusterconfigs.cilium.io\n  displayName:
+        Cilium BGP Cluster Config\n  description: |\n    Cilium BGP Cluster Config
+        instructs Cilium operator to create specific BGP cluster\n    configurations.\n-
+        kind: CiliumBGPPeerConfig\n  version: v2alpha1\n  name: ciliumbgppeerconfigs.cilium.io\n
+        \ displayName: Cilium BGP Peer Config\n  description: |\n    CiliumBGPPeerConfig
+        is a common set of BGP peer configurations. It can be referenced \n    by
+        multiple peers from CiliumBGPClusterConfig.\n- kind: CiliumBGPAdvertisement\n
+        \ version: v2alpha1\n  name: ciliumbgpadvertisements.cilium.io\n  displayName:
+        Cilium BGP Advertisement\n  description: |\n    CiliumBGPAdvertisement is
+        used to define source of BGP advertisement as well as BGP attributes \n    to
+        be advertised with those prefixes.\n- kind: CiliumBGPNodeConfig\n  version:
+        v2alpha1\n  name: ciliumbgpnodeconfigs.cilium.io\n  displayName: Cilium BGP
+        Node Config\n  description: |\n    CiliumBGPNodeConfig is read only node specific
+        BGP configuration. It is constructed by Cilium operator.\n    It will also
+        contain node local BGP state information.\n- kind: CiliumBGPNodeConfigOverride\n
+        \ version: v2alpha1\n  name: ciliumbgpnodeconfigoverrides.cilium.io\n  displayName:
+        Cilium BGP Node Config Override\n  description: |\n    CiliumBGPNodeConfigOverride
+        can be used to override node specific BGP configuration.\n- kind: CiliumLoadBalancerIPPool\n
+        \ version: v2alpha1\n  name: ciliumloadbalancerippools.cilium.io\n  displayName:
+        Cilium Load Balancer IP Pool\n  description: |\n    Defining a Cilium Load
+        Balancer IP Pool instructs Cilium to assign IPs to LoadBalancer Services.\n-
+        kind: CiliumNodeConfig\n  version: v2alpha1\n  name: ciliumnodeconfigs.cilium.io\n
+        \ displayName: Cilium Node Configuration\n  description: |\n    CiliumNodeConfig
+        is a list of configuration key-value pairs. It is applied to\n    nodes indicated
+        by a label selector.\n- kind: CiliumCIDRGroup\n  version: v2alpha1\n  name:
+        ciliumcidrgroups.cilium.io\n  displayName: Cilium CIDR Group\n  description:
+        |\n    CiliumCIDRGroup is a list of CIDRs that can be referenced as a single
+        entity from CiliumNetworkPolicies.\n- kind: CiliumL2AnnouncementPolicy\n  version:
+        v2alpha1\n  name: ciliuml2announcementpolicies.cilium.io\n  displayName: Cilium
+        L2 Announcement Policy\n  description: |\n    CiliumL2AnnouncementPolicy is
+        a policy which determines which service IPs will be announced to\n    the
+        local area network, by which nodes, and via which interfaces.\n- kind: CiliumPodIPPool\n
+        \ version: v2alpha1\n  name: ciliumpodippools.cilium.io\n  displayName: Cilium
+        Pod IP Pool\n  description: |\n    CiliumPodIPPool defines an IP pool that
+        can be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n"
+    apiVersion: v2
+    appVersion: 1.16.3
+    created: "2024-10-11T23:02:59.494005644Z"
+    description: eBPF-based Networking, Security, and Observability
+    digest: e1be328218c74bd2bed91f996d8c1b10e785715ce53299a392f79b0cef796805
+    home: https://cilium.io/
+    icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg
+    keywords:
+    - BPF
+    - eBPF
+    - Kubernetes
+    - Networking
+    - Security
+    - Observability
+    - Troubleshooting
+    kubeVersion: '>= 1.21.0-0'
+    name: cilium
+    sources:
+    - https://github.com/cilium/cilium
+    urls:
+    - cilium-1.16.3.tgz
+    version: 1.16.3
   - annotations:
       artifacthub.io/crds: "- kind: CiliumNetworkPolicy\n  version: v2\n  name: ciliumnetworkpolicies.cilium.io\n
         \ displayName: Cilium Network Policy\n  description: |\n    Cilium Network
@@ -1273,6 +1485,112 @@ entries:
     urls:
     - cilium-1.16.0-dev.tgz
     version: 1.16.0-dev
+  - annotations:
+      artifacthub.io/crds: "- kind: CiliumNetworkPolicy\n  version: v2\n  name: ciliumnetworkpolicies.cilium.io\n
+        \ displayName: Cilium Network Policy\n  description: |\n    Cilium Network
+        Policies provide additional functionality beyond what\n    is provided by
+        standard Kubernetes NetworkPolicy such as the ability\n    to allow traffic
+        based on FQDNs, or to filter at Layer 7.\n- kind: CiliumClusterwideNetworkPolicy\n
+        \ version: v2\n  name: ciliumclusterwidenetworkpolicies.cilium.io\n  displayName:
+        Cilium Clusterwide Network Policy\n  description: |\n    Cilium Clusterwide
+        Network Policies support configuring network traffic\n    policiies across
+        the entire cluster, including applying node firewalls.\n- kind: CiliumExternalWorkload\n
+        \ version: v2\n  name: ciliumexternalworkloads.cilium.io\n  displayName: Cilium
+        External Workload\n  description: |\n    Cilium External Workload supports
+        configuring the ability for external\n    non-Kubernetes workloads to join
+        the cluster.\n- kind: CiliumLocalRedirectPolicy\n  version: v2\n  name: ciliumlocalredirectpolicies.cilium.io\n
+        \ displayName: Cilium Local Redirect Policy\n  description: |\n    Cilium
+        Local Redirect Policy allows local redirects to be configured\n    within
+        a node to support use cases like Node-Local DNS or KIAM.\n- kind: CiliumNode\n
+        \ version: v2\n  name: ciliumnodes.cilium.io\n  displayName: Cilium Node\n
+        \ description: |\n    Cilium Node represents a node managed by Cilium. It
+        contains a\n    specification to control various node specific configuration
+        aspects\n    and a status section to represent the status of the node.\n-
+        kind: CiliumIdentity\n  version: v2\n  name: ciliumidentities.cilium.io\n
+        \ displayName: Cilium Identity\n  description: |\n    Cilium Identity allows
+        introspection into security identities that\n    Cilium allocates which identify
+        sets of labels that are assigned to\n    individual endpoints in the cluster.\n-
+        kind: CiliumEndpoint\n  version: v2\n  name: ciliumendpoints.cilium.io\n  displayName:
+        Cilium Endpoint\n  description: |\n    Cilium Endpoint represents the status
+        of individual pods or nodes in\n    the cluster which are managed by Cilium,
+        including enforcement status,\n    IP addressing and whether the networking
+        is successfully operational.\n- kind: CiliumEndpointSlice\n  version: v2alpha1\n
+        \ name: ciliumendpointslices.cilium.io\n  displayName: Cilium Endpoint Slice\n
+        \ description: |\n    Cilium Endpoint Slice represents the status of groups
+        of pods or nodes\n    in the cluster which are managed by Cilium, including
+        enforcement status,\n    IP addressing and whether the networking is successfully
+        operational.\n- kind: CiliumEgressGatewayPolicy\n  version: v2\n  name: ciliumegressgatewaypolicies.cilium.io\n
+        \ displayName: Cilium Egress Gateway Policy\n  description: |\n    Cilium
+        Egress Gateway Policy provides control over the way that traffic\n    leaves
+        the cluster and which source addresses to use for that traffic.\n- kind: CiliumClusterwideEnvoyConfig\n
+        \ version: v2\n  name: ciliumclusterwideenvoyconfigs.cilium.io\n  displayName:
+        Cilium Clusterwide Envoy Config\n  description: |\n    Cilium Clusterwide
+        Envoy Config specifies Envoy resources and K8s service mappings\n    to be
+        provisioned into Cilium host proxy instances in cluster context.\n- kind:
+        CiliumEnvoyConfig\n  version: v2\n  name: ciliumenvoyconfigs.cilium.io\n  displayName:
+        Cilium Envoy Config\n  description: |\n    Cilium Envoy Config specifies Envoy
+        resources and K8s service mappings\n    to be provisioned into Cilium host
+        proxy instances in namespace context.\n- kind: CiliumBGPPeeringPolicy\n  version:
+        v2alpha1\n  name: ciliumbgppeeringpolicies.cilium.io\n  displayName: Cilium
+        BGP Peering Policy\n  description: |\n    Cilium BGP Peering Policy instructs
+        Cilium to create specific BGP peering\n    configurations.\n- kind: CiliumBGPClusterConfig\n
+        \ version: v2alpha1\n  name: ciliumbgpclusterconfigs.cilium.io\n  displayName:
+        Cilium BGP Cluster Config\n  description: |\n    Cilium BGP Cluster Config
+        instructs Cilium operator to create specific BGP cluster\n    configurations.\n-
+        kind: CiliumBGPPeerConfig\n  version: v2alpha1\n  name: ciliumbgppeerconfigs.cilium.io\n
+        \ displayName: Cilium BGP Peer Config\n  description: |\n    CiliumBGPPeerConfig
+        is a common set of BGP peer configurations. It can be referenced \n    by
+        multiple peers from CiliumBGPClusterConfig.\n- kind: CiliumBGPAdvertisement\n
+        \ version: v2alpha1\n  name: ciliumbgpadvertisements.cilium.io\n  displayName:
+        Cilium BGP Advertisement\n  description: |\n    CiliumBGPAdvertisement is
+        used to define source of BGP advertisement as well as BGP attributes \n    to
+        be advertised with those prefixes.\n- kind: CiliumBGPNodeConfig\n  version:
+        v2alpha1\n  name: ciliumbgpnodeconfigs.cilium.io\n  displayName: Cilium BGP
+        Node Config\n  description: |\n    CiliumBGPNodeConfig is read only node specific
+        BGP configuration. It is constructed by Cilium operator.\n    It will also
+        contain node local BGP state information.\n- kind: CiliumBGPNodeConfigOverride\n
+        \ version: v2alpha1\n  name: ciliumbgpnodeconfigoverrides.cilium.io\n  displayName:
+        Cilium BGP Node Config Override\n  description: |\n    CiliumBGPNodeConfigOverride
+        can be used to override node specific BGP configuration.\n- kind: CiliumLoadBalancerIPPool\n
+        \ version: v2alpha1\n  name: ciliumloadbalancerippools.cilium.io\n  displayName:
+        Cilium Load Balancer IP Pool\n  description: |\n    Defining a Cilium Load
+        Balancer IP Pool instructs Cilium to assign IPs to LoadBalancer Services.\n-
+        kind: CiliumNodeConfig\n  version: v2alpha1\n  name: ciliumnodeconfigs.cilium.io\n
+        \ displayName: Cilium Node Configuration\n  description: |\n    CiliumNodeConfig
+        is a list of configuration key-value pairs. It is applied to\n    nodes indicated
+        by a label selector.\n- kind: CiliumCIDRGroup\n  version: v2alpha1\n  name:
+        ciliumcidrgroups.cilium.io\n  displayName: Cilium CIDR Group\n  description:
+        |\n    CiliumCIDRGroup is a list of CIDRs that can be referenced as a single
+        entity from CiliumNetworkPolicies.\n- kind: CiliumL2AnnouncementPolicy\n  version:
+        v2alpha1\n  name: ciliuml2announcementpolicies.cilium.io\n  displayName: Cilium
+        L2 Announcement Policy\n  description: |\n    CiliumL2AnnouncementPolicy is
+        a policy which determines which service IPs will be announced to\n    the
+        local area network, by which nodes, and via which interfaces.\n- kind: CiliumPodIPPool\n
+        \ version: v2alpha1\n  name: ciliumpodippools.cilium.io\n  displayName: Cilium
+        Pod IP Pool\n  description: |\n    CiliumPodIPPool defines an IP pool that
+        can be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n"
+    apiVersion: v2
+    appVersion: 1.15.10
+    created: "2024-10-11T23:00:04.066907249Z"
+    description: eBPF-based Networking, Security, and Observability
+    digest: c8bbcb8d5a7e566c05a9e827108f97b5baa9f74e28f16d551a983d42a57ff94f
+    home: https://cilium.io/
+    icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg
+    keywords:
+    - BPF
+    - eBPF
+    - Kubernetes
+    - Networking
+    - Security
+    - Observability
+    - Troubleshooting
+    kubeVersion: '>= 1.16.0-0'
+    name: cilium
+    sources:
+    - https://github.com/cilium/cilium
+    urls:
+    - cilium-1.15.10.tgz
+    version: 1.15.10
   - annotations:
       artifacthub.io/crds: "- kind: CiliumNetworkPolicy\n  version: v2\n  name: ciliumnetworkpolicies.cilium.io\n
         \ displayName: Cilium Network Policy\n  description: |\n    Cilium Network
@@ -3171,6 +3489,151 @@ entries:
           description: |
             CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).
     apiVersion: v2
+    appVersion: 1.14.16
+    created: "2024-10-11T21:38:37.489766156Z"
+    description: eBPF-based Networking, Security, and Observability
+    digest: b6b755176cb61d31b32d5107bedffef51b1d2936d6de5eed6036815fca6834e4
+    home: https://cilium.io/
+    icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg
+    keywords:
+    - BPF
+    - eBPF
+    - Kubernetes
+    - Networking
+    - Security
+    - Observability
+    - Troubleshooting
+    kubeVersion: '>= 1.16.0-0'
+    name: cilium
+    sources:
+    - https://github.com/cilium/cilium
+    urls:
+    - cilium-1.14.16.tgz
+    version: 1.14.16
+  - annotations:
+      artifacthub.io/crds: |
+        - kind: CiliumNetworkPolicy
+          version: v2
+          name: ciliumnetworkpolicies.cilium.io
+          displayName: Cilium Network Policy
+          description: |
+            Cilium Network Policies provide additional functionality beyond what
+            is provided by standard Kubernetes NetworkPolicy such as the ability
+            to allow traffic based on FQDNs, or to filter at Layer 7.
+        - kind: CiliumClusterwideNetworkPolicy
+          version: v2
+          name: ciliumclusterwidenetworkpolicies.cilium.io
+          displayName: Cilium Clusterwide Network Policy
+          description: |
+            Cilium Clusterwide Network Policies support configuring network traffic
+            policiies across the entire cluster, including applying node firewalls.
+        - kind: CiliumExternalWorkload
+          version: v2
+          name: ciliumexternalworkloads.cilium.io
+          displayName: Cilium External Workload
+          description: |
+            Cilium External Workload supports configuring the ability for external
+            non-Kubernetes workloads to join the cluster.
+        - kind: CiliumLocalRedirectPolicy
+          version: v2
+          name: ciliumlocalredirectpolicies.cilium.io
+          displayName: Cilium Local Redirect Policy
+          description: |
+            Cilium Local Redirect Policy allows local redirects to be configured
+            within a node to support use cases like Node-Local DNS or KIAM.
+        - kind: CiliumNode
+          version: v2
+          name: ciliumnodes.cilium.io
+          displayName: Cilium Node
+          description: |
+            Cilium Node represents a node managed by Cilium. It contains a
+            specification to control various node specific configuration aspects
+            and a status section to represent the status of the node.
+        - kind: CiliumIdentity
+          version: v2
+          name: ciliumidentities.cilium.io
+          displayName: Cilium Identity
+          description: |
+            Cilium Identity allows introspection into security identities that
+            Cilium allocates which identify sets of labels that are assigned to
+            individual endpoints in the cluster.
+        - kind: CiliumEndpoint
+          version: v2
+          name: ciliumendpoints.cilium.io
+          displayName: Cilium Endpoint
+          description: |
+            Cilium Endpoint represents the status of individual pods or nodes in
+            the cluster which are managed by Cilium, including enforcement status,
+            IP addressing and whether the networking is succesfully operational.
+        - kind: CiliumEndpointSlice
+          version: v2alpha1
+          name: ciliumendpointslices.cilium.io
+          displayName: Cilium Endpoint Slice
+          description: |
+            Cilium Endpoint Slice represents the status of groups of pods or nodes
+            in the cluster which are managed by Cilium, including enforcement status,
+            IP addressing and whether the networking is succesfully operational.
+        - kind: CiliumEgressGatewayPolicy
+          version: v2
+          name: ciliumegressgatewaypolicies.cilium.io
+          displayName: Cilium Egress Gateway Policy
+          description: |
+            Cilium Egress Gateway Policy provides control over the way that traffic
+            leaves the cluster and which source addresses to use for that traffic.
+        - kind: CiliumClusterwideEnvoyConfig
+          version: v2
+          name: ciliumclusterwideenvoyconfigs.cilium.io
+          displayName: Cilium Clusterwide Envoy Config
+          description: |
+            Cilium Clusterwide Envoy Config specifies Envoy resources and K8s service mappings
+            to be provisioned into Cilium host proxy instances in cluster context.
+        - kind: CiliumEnvoyConfig
+          version: v2
+          name: ciliumenvoyconfigs.cilium.io
+          displayName: Cilium Envoy Config
+          description: |
+            Cilium Envoy Config specifies Envoy resources and K8s service mappings
+            to be provisioned into Cilium host proxy instances in namespace context.
+        - kind: CiliumBGPPeeringPolicy
+          version: v2alpha1
+          name: ciliumbgppeeringpolicies.cilium.io
+          displayName: Cilium BGP Peering Policy
+          description: |
+            Cilium BGP Peering Policy instructs Cilium to create specific BGP peering
+            configurations.
+        - kind: CiliumLoadBalancerIPPool
+          version: v2alpha1
+          name: ciliumloadbalancerippools.cilium.io
+          displayName: Cilium Load Balancer IP Pool
+          description: |
+            Defining a Cilium Load Balancer IP Pool instructs Cilium to assign IPs to LoadBalancer Services.
+        - kind: CiliumNodeConfig
+          version: v2alpha1
+          name: ciliumnodeconfigs.cilium.io
+          displayName: Cilium Node Configuration
+          description: |
+            CiliumNodeConfig is a list of configuration key-value pairs. It is applied to
+            nodes indicated by a label selector.
+        - kind: CiliumCIDRGroup
+          version: v2alpha1
+          name: ciliumcidrgroups.cilium.io
+          displayName: Cilium CIDR Group
+          description: |
+            CiliumCIDRGroup is a list of CIDRs that can be referenced as a single entity from CiliumNetworkPolicies.
+        - kind: CiliumL2AnnouncementPolicy
+          version: v2alpha1
+          name: ciliuml2announcementpolicies.cilium.io
+          displayName: Cilium L2 Announcement Policy
+          description: |
+            CiliumL2AnnouncementPolicy is a policy which determines which service IPs will be announced to
+            the local area network, by which nodes, and via which interfaces.
+        - kind: CiliumPodIPPool
+          version: v2alpha1
+          name: ciliumpodippools.cilium.io
+          displayName: Cilium Pod IP Pool
+          description: |
+            CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).
+    apiVersion: v2
     appVersion: 1.14.15
     created: "2024-09-26T11:36:56.83422162Z"
     description: eBPF-based Networking, Security, and Observability
@@ -20091,4 +20554,4 @@ entries:
     urls:
     - tetragon-0.8.0.tgz
     version: 0.8.0
-generated: "2024-09-26T11:51:56.299230787Z"
+generated: "2024-10-11T23:02:59.483940884Z"
diff --git a/vendor/github.com/cilium/cilium/AUTHORS b/vendor/github.com/cilium/cilium/AUTHORS
index 58d66d52de..77b10f4780 100644
--- a/vendor/github.com/cilium/cilium/AUTHORS
+++ b/vendor/github.com/cilium/cilium/AUTHORS
@@ -13,6 +13,7 @@ Aditi Ghag                              aditi@cilium.io
 Aditya Kumar                            aditya.kumar60@infosys.com
 Aditya Purandare                        aditya.p1993@hotmail.com
 Aditya Sharma                           aditya.sharma@shopify.com
+Adrian Berger                           adrian.berger@bedag.ch
 Adrien Trouillaud                       adrienjt@users.noreply.github.com
 Ahmed Bebars                            1381372+abebars@users.noreply.github.com
 Akhil Velagapudi                        4@4khil.com
@@ -25,6 +26,7 @@ Alexander Alemayhu                      alexander@alemayhu.com
 Alexander Berger                        alex-berger@gmx.ch
 Alexander Block                         ablock84@gmail.com
 Alexander Demichev                      demichev.alexander@gmail.com
+Alexandre Barone                        abalexandrebarone@gmail.com
 Alexandre Perrin                        alex@isovalent.com
 Alexei Starovoitov                      alexei.starovoitov@gmail.com
 Alexey Grevtsev                         alexey.grevtcev@gmail.com
@@ -32,6 +34,7 @@ Alex Katsman                            alexkats@google.com
 Alex Romanov                            alex@romanov.ws
 Alex Szakaly                            alex.szakaly@gmail.com
 Alex Waring                             alex.waring@starlingbank.com
+alisdairbr                              alisdairbr@users.noreply.github.com
 Alkama Hasan                            gl3118@myamu.ac.in
 Alois Petutschnig                       alois@petutschnig.net
 Alvaro Uria                             alvaro.uria@isovalent.com
@@ -43,6 +46,7 @@ Amre Shakimov                           amre@covalent.io
 Anderson, David L                       david.l.anderson@intel.com
 Andor Nemeth                            andor_nemeth@swissre.com
 Andreas Mårtensson                      andreas@addem.se
+André Costa                             ancosta@gmail.com
 Andree Klattenhoff                      mail@andr.ee
 Andrei Kvapil                           kvapss@gmail.com
 André Martins                           andre@cilium.io
@@ -56,7 +60,7 @@ Andrey Devyatkin                        andrey.devyatkin@fivexl.io
 Andrey Klimentyev                       andrey.klimentyev@flant.com
 Andrey Maltsev                          maltsev.andrey@gmail.com
 Andrey Voronkov                         voronkovaa@gmail.com
-Andrii Iuspin                           andrii.iuspin@isovalent.com
+Andrii Iuspin                           57713382+ayuspin@users.noreply.github.com
 Andrzej Mamak                           nqaegg@gmail.com
 Andy Allred                             andy@punasusi.com
 andychuang                              andy.chuang@shoplineapp.com
@@ -83,8 +87,10 @@ Archana Shinde                          archana.m.shinde@intel.com
 Archer Wu                               archerwu9425@icloud.com
 Ardika Bagus                            me@ardikabs.com
 Arika Chen                              eaglesora@gmail.com
+Arkadiusz Kaliwoda (akaliwod)           akaliwod@cisco.com
 Arnaud Meukam                           ameukam@gmail.com
 Arseniy Belorukov                       a.belorukov@team.bumble.com
+Artem Tokarev                           enjoy1288@gmail.com
 Arthur Chiao                            arthurchiao@hotmail.com
 ArthurChiao                             arthurchiao@hotmail.com
 Arthur Evstifeev                        mail@ap4y.me
@@ -180,6 +186,7 @@ Cory Snyder                             csnyder@1111systems.com
 Craig Box                               craig.box@gmail.com
 crashiura                               crashiura@gmail.com
 cui fliter                              imcusg@gmail.com
+cx                                      1249843194@qq.com
 Cynthia Thomas                          cynthia@covalent.io
 Cyril Corbon                            corboncyril@gmail.com
 Cyril Scetbon                           cscetbon@gmail.com
@@ -258,6 +265,7 @@ Dylan Reimerink                         dylan.reimerink@isovalent.com
 Ekene Nwobodo                           nwobodoe71@gmail.com
 Electron                                alokaks601@gmail.com
 El-Fadel Bonfoh                         elfadel@accuknox.com
+Elias Hernandez                         elirayhernandez@gmail.com
 eliranw                                 39266788+eliranw@users.noreply.github.com
 Ellie Springsteen                       ellie.springsteen@appian.com
 Eloy Coto                               eloy.coto@acalustra.com
@@ -411,6 +419,7 @@ John Fastabend                          john.fastabend@gmail.com
 John Gardiner Myers                     jgmyers@proofpoint.com
 John Howard                             howardjohn@google.com
 John Karoyannis                         karoyannis@yahoo.com
+john-r-swyftx                           john.roche@swyftx.com.au
 John Watson                             johnw@planetscale.com
 John Zheng                              johnzhengaz@gmail.com
 Jomen Xiao                              jomenxiao@gmail.com
@@ -426,6 +435,7 @@ Joseph-Irving                           joseph.irving500@gmail.com
 Joseph Ligier                           joseph.ligier@accenture.com
 Joseph Sheng                            jiajun.sheng@microfocus.com
 Joseph Stevens                          thejosephstevens@gmail.com
+Josh Soref                              2119212+jsoref@users.noreply.github.com
 joshua                                  54235339+sujoshua@users.noreply.github.com
 Joshua Roppo                            joshroppo@gmail.com
 jshr-w                                  shjayaraman@microsoft.com
@@ -550,6 +560,7 @@ Matt Anderson                           matanderson@equinix.com
 Matthew Fenwick                         mfenwick100@gmail.com
 Matthew Gumport                         me@gum.pt
 Matthew Hembree                         47449406+matthewhembree@users.noreply.github.com
+Matthias Baur                           m.baur@syseleven.de
 Matthieu Antoine                        matthieu.antoine@jumo.world
 Matthieu MOREL                          matthieu.morel35@gmail.com
 Matt Layher                             mdlayher@gmail.com
@@ -613,6 +624,7 @@ Nick Young                              nick@isovalent.com
 Niclas Mietz                            solidnerd@users.noreply.github.com
 Nico Berlee                             nico.berlee@on2it.net
 Nicolas Busseneau                       nicolas@isovalent.com
+Nicolò Ciraci                           ciraci.nicolo@gmail.com
 Nico Vibert                             nicolas.vibert@isovalent.com
 Nikhil Jha                              nikhiljha@users.noreply.github.com
 Nikhil Sharma                           nikhilsharma230303@gmail.com
@@ -639,9 +651,10 @@ Oliver Wang                             a0924100192@gmail.com
 Omar Aloraini                           ooraini.dev@gmail.com
 Ondrej Blazek                           ondrej.blazek@firma.seznam.cz
 Ondrej Sika                             ondrej@ondrejsika.com
+oneumyvakin                             oneumyvaking@mail.ru
 Oshan Galwaduge                         oshan304@gmail.com
 Osthues                                 osthues.matthias@gmail.com
-Ovidiu Tirla                            ovi2022@gmail.com
+Ovidiu Tirla                            otirla@google.com
 Pablo Ruiz                              pablo.ruiz@gmail.com
 Paco Xu                                 paco.xu@daocloud.io
 Parth Patel                             parth.psu@gmail.com
@@ -660,11 +673,13 @@ Paulo Gomes                             pjbgf@linux.com
 Pavel Pavlov                            40396270+PavelPavlov46@users.noreply.github.com
 Pavel Tishkov                           pavel.tishkov@flant.com
 Paweł Prażak                            pawelprazak@users.noreply.github.com
+Pedro Ignacio                           pedroig100.pi@gmail.com
 Peiqi Shi                               uestc.shi@gmail.com
 Pelle van Gils                          pelle@vangils.dev
 pengbinbin1                             pengbiny@163.com
 Pengfei Song                            pengfei.song@daocloud.io
 Peter Jausovec                          peter.jausovec@solo.io
+Peter Matulis                           pmatulis@gmail.com
 Peter Slovak                            slovak.peto@gmail.com
 Petr Baloun                             petr.baloun@firma.seznam.cz
 Philippe Lafoucrière                    philippe.lafoucriere@gmail.com
@@ -672,6 +687,7 @@ Philipp Gniewosz                        philipp.gniewosz@daimlertruck.com
 Philip Schmid                           phisch@cisco.com
 Pierre-Yves Aillet                      pyaillet@gmail.com
 Pieter van der Giessen                  pieter@pionative.com
+Pooja Trivedi                           poojatrivedi@gmail.com
 Prabhakhar Kaliyamurthy (PK)            prabhakhar@gmail.com
 Pranavi Roy                             pranvyr@gmail.com
 Prashanth.B                             beeps@google.com
@@ -682,6 +698,7 @@ Priya Sharma                            Priya.Sharma6693@gmail.com
 Qasim Sarfraz                           qasim.sarfraz@esailors.de
 Qifeng Guo                              qifeng.guo@daocloud.io
 Qingchuan Hao                           qinhao@microsoft.com
+Quan Wei                                quanwei.153@bytedance.com
 Quentin Monnet                          qmo@qmon.net
 Raam                                    ram29@bskyb.com
 Rachid Zarouali                         rachid.zarouali@sevensphere.io
@@ -727,12 +744,15 @@ Roman Ptitcyn                           romanspb@yahoo.com
 Romuald Zdebskiy                        zdebskiy@hotmail.com
 Ronald van Zantvoort                    the.loeki@gmail.com
 Ross Guarino                            rssguar@gmail.com
+roykharman                              roykharman@gmail.com
 Rui Chen                                rui@chenrui.dev
 Rui Gu                                  rui@covalent.io
 Rushikesh Butley                        rushikeshbutley@gmail.com
 Russell Bryant                          russell@russellbryant.net
+rusttech                                gopher@before.tech
 Ryan Drew                               ryan.drew@isovalent.com
 Ryan McNamara                           rmcnamara@palantir.com
+ryebridge                               88094554+ryebridge@users.noreply.github.com
 Sachin Maurya                           sachin.maurya7666@gmail.com
 Sadik Kuzu                              sadikkuzu@hotmail.com
 Sahid Orentino Ferdjaoui                sahid.ferdjaoui@industrialdiscipline.com
@@ -773,6 +793,7 @@ Simone Magnani                          simone.magnani@isovalent.com
 Simone Sciarrati                        s.sciarrati@gmail.com
 Simon Felding                           45149055+simonfelding@users.noreply.github.com
 Simon Gerber                            simon.gerber@vshn.ch
+Simon Lackerbauer                       mail@ciil.io
 Simon Pasquier                          spasquier@mirantis.com
 Sjouke de Vries                         info@sdvservices.nl
 SkalaNetworks                           contact@skala.network
@@ -781,6 +802,7 @@ Smaine Kahlouch                         smainklh@gmail.com
 soggiest                                nicholas@isovalent.com
 Song                                    1120344670@qq.com
 spacewander                             spacewanderlzx@gmail.com
+Sridhar K N Rao                         sridharkn@u.nus.edu
 ssttehrani                              ssttehrani@gmail.com
 Stacy Kim                               stacy.kim@ucla.edu
 Stefan Zwanenburg                       stefan@zwanenburg.info
@@ -816,11 +838,13 @@ Thiago Navarro                          navarro@accuknox.com
 Thi Van Le                              vannnyle@gmail.com
 Thomas Bachman                          tbachman@yahoo.com
 Thomas Balthazar                        thomas@balthazar.info
+thomas.chen                             thomas.chen@trustasia.com
 Thomas Gosteli                          thomas.gosteli@protonmail.com
 Thomas Graf                             thomas@cilium.io
 Thorben von Hacht                       tvonhacht@apple.com
 Thorsten Pfister                        thorsten.pfister@form3.tech
 tigerK                                  yanru.lv@daocloud.io
+Tilusch                                 til.heini@swisscom.com
 Tim Horner                              timothy.horner@isovalent.com
 Timo Beckers                            timo@isovalent.com
 Timo Reimann                            ttr314@googlemail.com
@@ -842,6 +866,7 @@ Tony Lu                                 tonylu@linux.alibaba.com
 Tony Norlin                             tony.norlin@localdomain.se
 Torben Tretau                           torben@tretau.net
 Tore S. Loenoey                         tore.lonoy@gmail.com
+ToroNZ                                  tomas-github@maggio.nz
 toVersus                                toversus2357@gmail.com
 Travis Glenn Hansen                     travisghansen@yahoo.com
 Trevor Roberts Jr                       Trevor.Roberts.Jr@gmail.com
@@ -856,6 +881,7 @@ Vadim Ponomarev                         velizarx@gmail.com
 vakr                                    vakr@microsoft.com
 Valas Valancius                         valas@google.com
 Vance Li                                vanceli@tencent.com
+Vanilla                                 osu_Vanilla@126.com
 Vigneshwaren Sunder                     vickymailed@gmail.com
 Viktor Kurchenko                        viktor.kurchenko@isovalent.com
 Viktor Kuzmin                           kvaster@gmail.com
diff --git a/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go b/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go
index bedbb29a45..8dfda1ba61 100644
--- a/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go
+++ b/vendor/github.com/cilium/cilium/api/v1/flow/flow.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.34.2
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.35.1
+// 	protoc        v5.28.3
 // source: flow/flow.proto
 
 package flow
@@ -1475,11 +1475,9 @@ type Flow struct {
 
 func (x *Flow) Reset() {
 	*x = Flow{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Flow) String() string {
@@ -1490,7 +1488,7 @@ func (*Flow) ProtoMessage() {}
 
 func (x *Flow) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1799,11 +1797,9 @@ type FileInfo struct {
 
 func (x *FileInfo) Reset() {
 	*x = FileInfo{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FileInfo) String() string {
@@ -1814,7 +1810,7 @@ func (*FileInfo) ProtoMessage() {}
 
 func (x *FileInfo) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1860,11 +1856,9 @@ type Layer4 struct {
 
 func (x *Layer4) Reset() {
 	*x = Layer4{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Layer4) String() string {
@@ -1875,7 +1869,7 @@ func (*Layer4) ProtoMessage() {}
 
 func (x *Layer4) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1988,11 +1982,9 @@ type Layer7 struct {
 
 func (x *Layer7) Reset() {
 	*x = Layer7{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Layer7) String() string {
@@ -2003,7 +1995,7 @@ func (*Layer7) ProtoMessage() {}
 
 func (x *Layer7) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2096,11 +2088,9 @@ type TraceContext struct {
 
 func (x *TraceContext) Reset() {
 	*x = TraceContext{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *TraceContext) String() string {
@@ -2111,7 +2101,7 @@ func (*TraceContext) ProtoMessage() {}
 
 func (x *TraceContext) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2146,11 +2136,9 @@ type TraceParent struct {
 
 func (x *TraceParent) Reset() {
 	*x = TraceParent{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *TraceParent) String() string {
@@ -2161,7 +2149,7 @@ func (*TraceParent) ProtoMessage() {}
 
 func (x *TraceParent) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2200,11 +2188,9 @@ type Endpoint struct {
 
 func (x *Endpoint) Reset() {
 	*x = Endpoint{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Endpoint) String() string {
@@ -2215,7 +2201,7 @@ func (*Endpoint) ProtoMessage() {}
 
 func (x *Endpoint) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2290,11 +2276,9 @@ type Workload struct {
 
 func (x *Workload) Reset() {
 	*x = Workload{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Workload) String() string {
@@ -2305,7 +2289,7 @@ func (*Workload) ProtoMessage() {}
 
 func (x *Workload) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2346,11 +2330,9 @@ type TCP struct {
 
 func (x *TCP) Reset() {
 	*x = TCP{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *TCP) String() string {
@@ -2361,7 +2343,7 @@ func (*TCP) ProtoMessage() {}
 
 func (x *TCP) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2415,11 +2397,9 @@ type IP struct {
 
 func (x *IP) Reset() {
 	*x = IP{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *IP) String() string {
@@ -2430,7 +2410,7 @@ func (*IP) ProtoMessage() {}
 
 func (x *IP) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2491,11 +2471,9 @@ type Ethernet struct {
 
 func (x *Ethernet) Reset() {
 	*x = Ethernet{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Ethernet) String() string {
@@ -2506,7 +2484,7 @@ func (*Ethernet) ProtoMessage() {}
 
 func (x *Ethernet) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2553,11 +2531,9 @@ type TCPFlags struct {
 
 func (x *TCPFlags) Reset() {
 	*x = TCPFlags{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *TCPFlags) String() string {
@@ -2568,7 +2544,7 @@ func (*TCPFlags) ProtoMessage() {}
 
 func (x *TCPFlags) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2657,11 +2633,9 @@ type UDP struct {
 
 func (x *UDP) Reset() {
 	*x = UDP{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *UDP) String() string {
@@ -2672,7 +2646,7 @@ func (*UDP) ProtoMessage() {}
 
 func (x *UDP) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2712,11 +2686,9 @@ type SCTP struct {
 
 func (x *SCTP) Reset() {
 	*x = SCTP{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[13]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *SCTP) String() string {
@@ -2727,7 +2699,7 @@ func (*SCTP) ProtoMessage() {}
 
 func (x *SCTP) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[13]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2767,11 +2739,9 @@ type ICMPv4 struct {
 
 func (x *ICMPv4) Reset() {
 	*x = ICMPv4{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[14]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[14]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ICMPv4) String() string {
@@ -2782,7 +2752,7 @@ func (*ICMPv4) ProtoMessage() {}
 
 func (x *ICMPv4) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[14]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2822,11 +2792,9 @@ type ICMPv6 struct {
 
 func (x *ICMPv6) Reset() {
 	*x = ICMPv6{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[15]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[15]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ICMPv6) String() string {
@@ -2837,7 +2805,7 @@ func (*ICMPv6) ProtoMessage() {}
 
 func (x *ICMPv6) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[15]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2880,11 +2848,9 @@ type Policy struct {
 
 func (x *Policy) Reset() {
 	*x = Policy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[16]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[16]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Policy) String() string {
@@ -2895,7 +2861,7 @@ func (*Policy) ProtoMessage() {}
 
 func (x *Policy) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[16]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2964,11 +2930,9 @@ type EventTypeFilter struct {
 
 func (x *EventTypeFilter) Reset() {
 	*x = EventTypeFilter{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[17]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[17]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *EventTypeFilter) String() string {
@@ -2979,7 +2943,7 @@ func (*EventTypeFilter) ProtoMessage() {}
 
 func (x *EventTypeFilter) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[17]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3033,11 +2997,9 @@ type CiliumEventType struct {
 
 func (x *CiliumEventType) Reset() {
 	*x = CiliumEventType{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[18]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[18]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *CiliumEventType) String() string {
@@ -3048,7 +3010,7 @@ func (*CiliumEventType) ProtoMessage() {}
 
 func (x *CiliumEventType) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[18]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3180,11 +3142,9 @@ type FlowFilter struct {
 
 func (x *FlowFilter) Reset() {
 	*x = FlowFilter{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[19]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[19]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FlowFilter) String() string {
@@ -3195,7 +3155,7 @@ func (*FlowFilter) ProtoMessage() {}
 
 func (x *FlowFilter) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[19]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3502,11 +3462,9 @@ type DNS struct {
 
 func (x *DNS) Reset() {
 	*x = DNS{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[20]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[20]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *DNS) String() string {
@@ -3517,7 +3475,7 @@ func (*DNS) ProtoMessage() {}
 
 func (x *DNS) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[20]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3599,11 +3557,9 @@ type HTTPHeader struct {
 
 func (x *HTTPHeader) Reset() {
 	*x = HTTPHeader{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[21]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[21]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *HTTPHeader) String() string {
@@ -3614,7 +3570,7 @@ func (*HTTPHeader) ProtoMessage() {}
 
 func (x *HTTPHeader) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[21]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3658,11 +3614,9 @@ type HTTP struct {
 
 func (x *HTTP) Reset() {
 	*x = HTTP{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[22]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[22]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *HTTP) String() string {
@@ -3673,7 +3627,7 @@ func (*HTTP) ProtoMessage() {}
 
 func (x *HTTP) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[22]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3738,11 +3692,9 @@ type Kafka struct {
 
 func (x *Kafka) Reset() {
 	*x = Kafka{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[23]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[23]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Kafka) String() string {
@@ -3753,7 +3705,7 @@ func (*Kafka) ProtoMessage() {}
 
 func (x *Kafka) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[23]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3814,11 +3766,9 @@ type Service struct {
 
 func (x *Service) Reset() {
 	*x = Service{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[24]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[24]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Service) String() string {
@@ -3829,7 +3779,7 @@ func (*Service) ProtoMessage() {}
 
 func (x *Service) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[24]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3876,11 +3826,9 @@ type LostEvent struct {
 
 func (x *LostEvent) Reset() {
 	*x = LostEvent{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[25]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[25]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *LostEvent) String() string {
@@ -3891,7 +3839,7 @@ func (*LostEvent) ProtoMessage() {}
 
 func (x *LostEvent) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[25]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3948,11 +3896,9 @@ type AgentEvent struct {
 
 func (x *AgentEvent) Reset() {
 	*x = AgentEvent{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[26]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[26]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *AgentEvent) String() string {
@@ -3963,7 +3909,7 @@ func (*AgentEvent) ProtoMessage() {}
 
 func (x *AgentEvent) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[26]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4115,11 +4061,9 @@ type AgentEventUnknown struct {
 
 func (x *AgentEventUnknown) Reset() {
 	*x = AgentEventUnknown{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[27]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[27]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *AgentEventUnknown) String() string {
@@ -4130,7 +4074,7 @@ func (*AgentEventUnknown) ProtoMessage() {}
 
 func (x *AgentEventUnknown) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[27]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4169,11 +4113,9 @@ type TimeNotification struct {
 
 func (x *TimeNotification) Reset() {
 	*x = TimeNotification{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[28]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[28]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *TimeNotification) String() string {
@@ -4184,7 +4126,7 @@ func (*TimeNotification) ProtoMessage() {}
 
 func (x *TimeNotification) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[28]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4218,11 +4160,9 @@ type PolicyUpdateNotification struct {
 
 func (x *PolicyUpdateNotification) Reset() {
 	*x = PolicyUpdateNotification{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[29]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[29]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *PolicyUpdateNotification) String() string {
@@ -4233,7 +4173,7 @@ func (*PolicyUpdateNotification) ProtoMessage() {}
 
 func (x *PolicyUpdateNotification) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[29]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4281,11 +4221,9 @@ type EndpointRegenNotification struct {
 
 func (x *EndpointRegenNotification) Reset() {
 	*x = EndpointRegenNotification{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[30]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[30]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *EndpointRegenNotification) String() string {
@@ -4296,7 +4234,7 @@ func (*EndpointRegenNotification) ProtoMessage() {}
 
 func (x *EndpointRegenNotification) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[30]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4346,11 +4284,9 @@ type EndpointUpdateNotification struct {
 
 func (x *EndpointUpdateNotification) Reset() {
 	*x = EndpointUpdateNotification{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[31]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[31]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *EndpointUpdateNotification) String() string {
@@ -4361,7 +4297,7 @@ func (*EndpointUpdateNotification) ProtoMessage() {}
 
 func (x *EndpointUpdateNotification) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[31]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4428,11 +4364,9 @@ type IPCacheNotification struct {
 
 func (x *IPCacheNotification) Reset() {
 	*x = IPCacheNotification{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[32]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[32]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *IPCacheNotification) String() string {
@@ -4443,7 +4377,7 @@ func (*IPCacheNotification) ProtoMessage() {}
 
 func (x *IPCacheNotification) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[32]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4525,11 +4459,9 @@ type ServiceUpsertNotificationAddr struct {
 
 func (x *ServiceUpsertNotificationAddr) Reset() {
 	*x = ServiceUpsertNotificationAddr{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[33]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[33]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ServiceUpsertNotificationAddr) String() string {
@@ -4540,7 +4472,7 @@ func (*ServiceUpsertNotificationAddr) ProtoMessage() {}
 
 func (x *ServiceUpsertNotificationAddr) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[33]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4588,11 +4520,9 @@ type ServiceUpsertNotification struct {
 
 func (x *ServiceUpsertNotification) Reset() {
 	*x = ServiceUpsertNotification{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[34]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[34]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ServiceUpsertNotification) String() string {
@@ -4603,7 +4533,7 @@ func (*ServiceUpsertNotification) ProtoMessage() {}
 
 func (x *ServiceUpsertNotification) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[34]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4692,11 +4622,9 @@ type ServiceDeleteNotification struct {
 
 func (x *ServiceDeleteNotification) Reset() {
 	*x = ServiceDeleteNotification{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[35]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[35]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ServiceDeleteNotification) String() string {
@@ -4707,7 +4635,7 @@ func (*ServiceDeleteNotification) ProtoMessage() {}
 
 func (x *ServiceDeleteNotification) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[35]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4740,11 +4668,9 @@ type NetworkInterface struct {
 
 func (x *NetworkInterface) Reset() {
 	*x = NetworkInterface{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[36]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[36]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *NetworkInterface) String() string {
@@ -4755,7 +4681,7 @@ func (*NetworkInterface) ProtoMessage() {}
 
 func (x *NetworkInterface) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[36]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4801,11 +4727,9 @@ type DebugEvent struct {
 
 func (x *DebugEvent) Reset() {
 	*x = DebugEvent{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[37]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[37]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *DebugEvent) String() string {
@@ -4816,7 +4740,7 @@ func (*DebugEvent) ProtoMessage() {}
 
 func (x *DebugEvent) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[37]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4908,11 +4832,9 @@ type FlowFilter_Experimental struct {
 
 func (x *FlowFilter_Experimental) Reset() {
 	*x = FlowFilter_Experimental{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_flow_flow_proto_msgTypes[38]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_flow_flow_proto_msgTypes[38]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FlowFilter_Experimental) String() string {
@@ -4923,7 +4845,7 @@ func (*FlowFilter_Experimental) ProtoMessage() {}
 
 func (x *FlowFilter_Experimental) ProtoReflect() protoreflect.Message {
 	mi := &file_flow_flow_proto_msgTypes[38]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -6017,476 +5939,6 @@ func file_flow_flow_proto_init() {
 	if File_flow_flow_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_flow_flow_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*Flow); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[1].Exporter = func(v any, i int) any {
-			switch v := v.(*FileInfo); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[2].Exporter = func(v any, i int) any {
-			switch v := v.(*Layer4); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[3].Exporter = func(v any, i int) any {
-			switch v := v.(*Layer7); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[4].Exporter = func(v any, i int) any {
-			switch v := v.(*TraceContext); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[5].Exporter = func(v any, i int) any {
-			switch v := v.(*TraceParent); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[6].Exporter = func(v any, i int) any {
-			switch v := v.(*Endpoint); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[7].Exporter = func(v any, i int) any {
-			switch v := v.(*Workload); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[8].Exporter = func(v any, i int) any {
-			switch v := v.(*TCP); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[9].Exporter = func(v any, i int) any {
-			switch v := v.(*IP); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[10].Exporter = func(v any, i int) any {
-			switch v := v.(*Ethernet); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[11].Exporter = func(v any, i int) any {
-			switch v := v.(*TCPFlags); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[12].Exporter = func(v any, i int) any {
-			switch v := v.(*UDP); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[13].Exporter = func(v any, i int) any {
-			switch v := v.(*SCTP); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[14].Exporter = func(v any, i int) any {
-			switch v := v.(*ICMPv4); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[15].Exporter = func(v any, i int) any {
-			switch v := v.(*ICMPv6); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[16].Exporter = func(v any, i int) any {
-			switch v := v.(*Policy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[17].Exporter = func(v any, i int) any {
-			switch v := v.(*EventTypeFilter); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[18].Exporter = func(v any, i int) any {
-			switch v := v.(*CiliumEventType); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[19].Exporter = func(v any, i int) any {
-			switch v := v.(*FlowFilter); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[20].Exporter = func(v any, i int) any {
-			switch v := v.(*DNS); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[21].Exporter = func(v any, i int) any {
-			switch v := v.(*HTTPHeader); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[22].Exporter = func(v any, i int) any {
-			switch v := v.(*HTTP); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[23].Exporter = func(v any, i int) any {
-			switch v := v.(*Kafka); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[24].Exporter = func(v any, i int) any {
-			switch v := v.(*Service); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[25].Exporter = func(v any, i int) any {
-			switch v := v.(*LostEvent); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[26].Exporter = func(v any, i int) any {
-			switch v := v.(*AgentEvent); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[27].Exporter = func(v any, i int) any {
-			switch v := v.(*AgentEventUnknown); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[28].Exporter = func(v any, i int) any {
-			switch v := v.(*TimeNotification); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[29].Exporter = func(v any, i int) any {
-			switch v := v.(*PolicyUpdateNotification); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[30].Exporter = func(v any, i int) any {
-			switch v := v.(*EndpointRegenNotification); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[31].Exporter = func(v any, i int) any {
-			switch v := v.(*EndpointUpdateNotification); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[32].Exporter = func(v any, i int) any {
-			switch v := v.(*IPCacheNotification); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[33].Exporter = func(v any, i int) any {
-			switch v := v.(*ServiceUpsertNotificationAddr); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[34].Exporter = func(v any, i int) any {
-			switch v := v.(*ServiceUpsertNotification); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[35].Exporter = func(v any, i int) any {
-			switch v := v.(*ServiceDeleteNotification); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[36].Exporter = func(v any, i int) any {
-			switch v := v.(*NetworkInterface); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[37].Exporter = func(v any, i int) any {
-			switch v := v.(*DebugEvent); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_flow_flow_proto_msgTypes[38].Exporter = func(v any, i int) any {
-			switch v := v.(*FlowFilter_Experimental); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	file_flow_flow_proto_msgTypes[2].OneofWrappers = []any{
 		(*Layer4_TCP)(nil),
 		(*Layer4_UDP)(nil),
diff --git a/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go b/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go
index 09acc7a93e..cdcf09f39c 100644
--- a/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go
+++ b/vendor/github.com/cilium/cilium/api/v1/observer/observer.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.34.2
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.35.1
+// 	protoc        v5.28.3
 // source: observer/observer.proto
 
 package observer
@@ -407,11 +407,9 @@ type ServerStatusRequest struct {
 
 func (x *ServerStatusRequest) Reset() {
 	*x = ServerStatusRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ServerStatusRequest) String() string {
@@ -422,7 +420,7 @@ func (*ServerStatusRequest) ProtoMessage() {}
 
 func (x *ServerStatusRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -474,11 +472,9 @@ type ServerStatusResponse struct {
 
 func (x *ServerStatusResponse) Reset() {
 	*x = ServerStatusResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ServerStatusResponse) String() string {
@@ -489,7 +485,7 @@ func (*ServerStatusResponse) ProtoMessage() {}
 
 func (x *ServerStatusResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -613,11 +609,9 @@ type GetFlowsRequest struct {
 
 func (x *GetFlowsRequest) Reset() {
 	*x = GetFlowsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetFlowsRequest) String() string {
@@ -628,7 +622,7 @@ func (*GetFlowsRequest) ProtoMessage() {}
 
 func (x *GetFlowsRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -733,11 +727,9 @@ type GetFlowsResponse struct {
 
 func (x *GetFlowsResponse) Reset() {
 	*x = GetFlowsResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetFlowsResponse) String() string {
@@ -748,7 +740,7 @@ func (*GetFlowsResponse) ProtoMessage() {}
 
 func (x *GetFlowsResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -854,11 +846,9 @@ type GetAgentEventsRequest struct {
 
 func (x *GetAgentEventsRequest) Reset() {
 	*x = GetAgentEventsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetAgentEventsRequest) String() string {
@@ -869,7 +859,7 @@ func (*GetAgentEventsRequest) ProtoMessage() {}
 
 func (x *GetAgentEventsRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -934,11 +924,9 @@ type GetAgentEventsResponse struct {
 
 func (x *GetAgentEventsResponse) Reset() {
 	*x = GetAgentEventsResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetAgentEventsResponse) String() string {
@@ -949,7 +937,7 @@ func (*GetAgentEventsResponse) ProtoMessage() {}
 
 func (x *GetAgentEventsResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1008,11 +996,9 @@ type GetDebugEventsRequest struct {
 
 func (x *GetDebugEventsRequest) Reset() {
 	*x = GetDebugEventsRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetDebugEventsRequest) String() string {
@@ -1023,7 +1009,7 @@ func (*GetDebugEventsRequest) ProtoMessage() {}
 
 func (x *GetDebugEventsRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1088,11 +1074,9 @@ type GetDebugEventsResponse struct {
 
 func (x *GetDebugEventsResponse) Reset() {
 	*x = GetDebugEventsResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetDebugEventsResponse) String() string {
@@ -1103,7 +1087,7 @@ func (*GetDebugEventsResponse) ProtoMessage() {}
 
 func (x *GetDebugEventsResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1147,11 +1131,9 @@ type GetNodesRequest struct {
 
 func (x *GetNodesRequest) Reset() {
 	*x = GetNodesRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetNodesRequest) String() string {
@@ -1162,7 +1144,7 @@ func (*GetNodesRequest) ProtoMessage() {}
 
 func (x *GetNodesRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1189,11 +1171,9 @@ type GetNodesResponse struct {
 
 func (x *GetNodesResponse) Reset() {
 	*x = GetNodesResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetNodesResponse) String() string {
@@ -1204,7 +1184,7 @@ func (*GetNodesResponse) ProtoMessage() {}
 
 func (x *GetNodesResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1254,11 +1234,9 @@ type Node struct {
 
 func (x *Node) Reset() {
 	*x = Node{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Node) String() string {
@@ -1269,7 +1247,7 @@ func (*Node) ProtoMessage() {}
 
 func (x *Node) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1362,11 +1340,9 @@ type TLS struct {
 
 func (x *TLS) Reset() {
 	*x = TLS{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *TLS) String() string {
@@ -1377,7 +1353,7 @@ func (*TLS) ProtoMessage() {}
 
 func (x *TLS) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1414,11 +1390,9 @@ type GetNamespacesRequest struct {
 
 func (x *GetNamespacesRequest) Reset() {
 	*x = GetNamespacesRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetNamespacesRequest) String() string {
@@ -1429,7 +1403,7 @@ func (*GetNamespacesRequest) ProtoMessage() {}
 
 func (x *GetNamespacesRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1456,11 +1430,9 @@ type GetNamespacesResponse struct {
 
 func (x *GetNamespacesResponse) Reset() {
 	*x = GetNamespacesResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[13]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetNamespacesResponse) String() string {
@@ -1471,7 +1443,7 @@ func (*GetNamespacesResponse) ProtoMessage() {}
 
 func (x *GetNamespacesResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[13]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1504,11 +1476,9 @@ type Namespace struct {
 
 func (x *Namespace) Reset() {
 	*x = Namespace{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[14]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[14]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Namespace) String() string {
@@ -1519,7 +1489,7 @@ func (*Namespace) ProtoMessage() {}
 
 func (x *Namespace) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[14]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1571,11 +1541,9 @@ type ExportEvent struct {
 
 func (x *ExportEvent) Reset() {
 	*x = ExportEvent{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[15]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[15]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ExportEvent) String() string {
@@ -1586,7 +1554,7 @@ func (*ExportEvent) ProtoMessage() {}
 
 func (x *ExportEvent) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[15]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1717,11 +1685,9 @@ type GetFlowsRequest_Experimental struct {
 
 func (x *GetFlowsRequest_Experimental) Reset() {
 	*x = GetFlowsRequest_Experimental{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_observer_observer_proto_msgTypes[16]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_observer_observer_proto_msgTypes[16]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GetFlowsRequest_Experimental) String() string {
@@ -1732,7 +1698,7 @@ func (*GetFlowsRequest_Experimental) ProtoMessage() {}
 
 func (x *GetFlowsRequest_Experimental) ProtoReflect() protoreflect.Message {
 	mi := &file_observer_observer_proto_msgTypes[16]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2089,212 +2055,6 @@ func file_observer_observer_proto_init() {
 	if File_observer_observer_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_observer_observer_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*ServerStatusRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[1].Exporter = func(v any, i int) any {
-			switch v := v.(*ServerStatusResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[2].Exporter = func(v any, i int) any {
-			switch v := v.(*GetFlowsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[3].Exporter = func(v any, i int) any {
-			switch v := v.(*GetFlowsResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[4].Exporter = func(v any, i int) any {
-			switch v := v.(*GetAgentEventsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[5].Exporter = func(v any, i int) any {
-			switch v := v.(*GetAgentEventsResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[6].Exporter = func(v any, i int) any {
-			switch v := v.(*GetDebugEventsRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[7].Exporter = func(v any, i int) any {
-			switch v := v.(*GetDebugEventsResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[8].Exporter = func(v any, i int) any {
-			switch v := v.(*GetNodesRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[9].Exporter = func(v any, i int) any {
-			switch v := v.(*GetNodesResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[10].Exporter = func(v any, i int) any {
-			switch v := v.(*Node); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[11].Exporter = func(v any, i int) any {
-			switch v := v.(*TLS); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[12].Exporter = func(v any, i int) any {
-			switch v := v.(*GetNamespacesRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[13].Exporter = func(v any, i int) any {
-			switch v := v.(*GetNamespacesResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[14].Exporter = func(v any, i int) any {
-			switch v := v.(*Namespace); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[15].Exporter = func(v any, i int) any {
-			switch v := v.(*ExportEvent); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_observer_observer_proto_msgTypes[16].Exporter = func(v any, i int) any {
-			switch v := v.(*GetFlowsRequest_Experimental); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	file_observer_observer_proto_msgTypes[3].OneofWrappers = []any{
 		(*GetFlowsResponse_Flow)(nil),
 		(*GetFlowsResponse_NodeStatus)(nil),
diff --git a/vendor/github.com/cilium/cilium/api/v1/observer/observer_grpc.pb.go b/vendor/github.com/cilium/cilium/api/v1/observer/observer_grpc.pb.go
index a6838e8843..1cda804916 100644
--- a/vendor/github.com/cilium/cilium/api/v1/observer/observer_grpc.pb.go
+++ b/vendor/github.com/cilium/cilium/api/v1/observer/observer_grpc.pb.go
@@ -4,7 +4,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.5.1
-// - protoc             v5.28.2
+// - protoc             v5.28.3
 // source: observer/observer.proto
 
 package observer
diff --git a/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go b/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go
index 3bd1ec8491..cba6fcf319 100644
--- a/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go
+++ b/vendor/github.com/cilium/cilium/api/v1/relay/relay.pb.go
@@ -3,8 +3,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.34.2
-// 	protoc        v5.28.2
+// 	protoc-gen-go v1.35.1
+// 	protoc        v5.28.3
 // source: relay/relay.proto
 
 package relay
@@ -107,11 +107,9 @@ type NodeStatusEvent struct {
 
 func (x *NodeStatusEvent) Reset() {
 	*x = NodeStatusEvent{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_relay_relay_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_relay_relay_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *NodeStatusEvent) String() string {
@@ -122,7 +120,7 @@ func (*NodeStatusEvent) ProtoMessage() {}
 
 func (x *NodeStatusEvent) ProtoReflect() protoreflect.Message {
 	mi := &file_relay_relay_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -215,20 +213,6 @@ func file_relay_relay_proto_init() {
 	if File_relay_relay_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_relay_relay_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*NodeStatusEvent); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/cli/clustermesh.go b/vendor/github.com/cilium/cilium/cilium-cli/cli/clustermesh.go
index 4677c1e938..adf3cf08a2 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/cli/clustermesh.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/cli/clustermesh.go
@@ -337,4 +337,5 @@ func addCommonConnectFlags(cmd *cobra.Command, params *clustermesh.Parameters) {
 	cmd.Flags().StringSliceVar(&params.DestinationContext, "destination-context", []string{}, "Comma separated list of Kubernetes configuration contexts of destination cluster")
 	cmd.Flags().StringSliceVar(&params.DestinationEndpoints, "destination-endpoint", []string{}, "IP of ClusterMesh service of destination cluster")
 	cmd.Flags().StringSliceVar(&params.SourceEndpoints, "source-endpoint", []string{}, "IP of ClusterMesh service of source cluster")
+	cmd.Flags().IntVar(&params.Parallel, "parallel", 1, "Number of parallel connection of destination cluster")
 }
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/cli/cmd.go b/vendor/github.com/cilium/cilium/cilium-cli/cli/cmd.go
index 4159f3cd28..592c64de81 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/cli/cmd.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/cli/cmd.go
@@ -18,6 +18,7 @@ var (
 	contextName     string
 	namespace       string
 	helmReleaseName string
+	kubeConfig      string
 
 	k8sClient *k8s.Client
 )
@@ -44,7 +45,7 @@ func NewCiliumCommand(hooks api.Hooks) *cobra.Command {
 				}
 			}
 
-			c, err := k8s.NewClient(contextName, "", namespace)
+			c, err := k8s.NewClient(contextName, kubeConfig, namespace)
 			if err != nil {
 				return fmt.Errorf("unable to create Kubernetes client: %w", err)
 			}
@@ -84,6 +85,7 @@ cilium connectivity test`,
 	cmd.PersistentFlags().StringVar(&contextName, "context", "", "Kubernetes configuration context")
 	cmd.PersistentFlags().StringVarP(&namespace, "namespace", "n", "kube-system", "Namespace Cilium is running in")
 	cmd.PersistentFlags().StringVar(&helmReleaseName, "helm-release-name", "cilium", "Helm release name")
+	cmd.PersistentFlags().StringVar(&kubeConfig, "kubeconfig", "", "Path to the kubeconfig file")
 
 	cmd.AddCommand(
 		newCmdBgp(),
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/cli/connectivity.go b/vendor/github.com/cilium/cilium/cilium-cli/cli/connectivity.go
index 9565b07bfc..a7214c9009 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/cli/connectivity.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/cli/connectivity.go
@@ -152,6 +152,7 @@ func newCmdConnectivityTest(hooks api.Hooks) *cobra.Command {
 	cmd.Flags().StringVar(&params.DNSTestServerImage, "dns-test-server-image", defaults.ConnectivityDNSTestServerImage, "Image path to use for CoreDNS")
 	cmd.Flags().StringVar(&params.TestConnDisruptImage, "test-conn-disrupt-image", defaults.ConnectivityTestConnDisruptImage, "Image path to use for connection disruption tests")
 	cmd.Flags().StringVar(&params.FRRImage, "frr-image", defaults.ConnectivityTestFRRImage, "Image path to use for FRR")
+	cmd.Flags().StringVar(&params.SocatImage, "socat-image", defaults.ConnectivityTestSocatImage, "Image path to use for multicast tests")
 
 	cmd.Flags().UintVar(&params.Retry, "retry", defaults.ConnectRetry, "Number of retries on connection failure to external targets")
 	cmd.Flags().DurationVar(&params.RetryDelay, "retry-delay", defaults.ConnectRetryDelay, "Delay between retries for external targets")
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/cli/hubble.go b/vendor/github.com/cilium/cilium/cilium-cli/cli/hubble.go
index a22d835832..3d8d6333e2 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/cli/hubble.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/cli/hubble.go
@@ -6,6 +6,7 @@ package cli
 import (
 	"context"
 	"os"
+	"os/signal"
 
 	"github.com/spf13/cobra"
 
@@ -37,11 +38,11 @@ func newCmdPortForwardCommand() *cobra.Command {
 		Use:   "port-forward",
 		Short: "Forward the relay port to the local machine",
 		Long:  ``,
-		RunE: func(_ *cobra.Command, _ []string) error {
-			params.Context = contextName
-			params.Namespace = namespace
-			ctx := context.Background()
+		RunE: func(cmd *cobra.Command, _ []string) error {
+			ctx, cancel := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill)
+			defer cancel()
 
+			params.Namespace = namespace
 			if err := params.RelayPortForwardCommand(ctx, k8sClient); err != nil {
 				fatalf("Unable to port forward: %s", err)
 			}
@@ -49,7 +50,7 @@ func newCmdPortForwardCommand() *cobra.Command {
 		},
 	}
 
-	cmd.Flags().IntVar(&params.PortForward, "port-forward", 4245, "Local port to forward to")
+	cmd.Flags().IntVar(&params.PortForward, "port-forward", 4245, "Local port to forward to. 0 will select a random port.")
 
 	return cmd
 }
@@ -62,18 +63,19 @@ func newCmdUI() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "ui",
 		Short: "Open the Hubble UI",
-		RunE: func(_ *cobra.Command, _ []string) error {
-			params.Context = contextName
-			params.Namespace = namespace
+		RunE: func(cmd *cobra.Command, _ []string) error {
+			ctx, cancel := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill)
+			defer cancel()
 
-			if err := params.UIPortForwardCommand(); err != nil {
+			params.Namespace = namespace
+			if err := params.UIPortForwardCommand(ctx, k8sClient); err != nil {
 				fatalf("Unable to port forward: %s", err)
 			}
 			return nil
 		},
 	}
 
-	cmd.Flags().IntVar(&params.UIPortForward, "port-forward", 12000, "Local port to use for the port forward")
+	cmd.Flags().IntVar(&params.UIPortForward, "port-forward", 12000, "Local port to forward to. 0 will select a random port.")
 	cmd.Flags().BoolVar(&params.UIOpenBrowser, "open-browser", true, "When --open-browser=false is supplied, cilium Hubble UI will not open the browser")
 
 	return cmd
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/cli/install.go b/vendor/github.com/cilium/cilium/cilium-cli/cli/install.go
index 0c0f73c27e..3e53ab095b 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/cli/install.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/cli/install.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"time"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -17,7 +18,6 @@ import (
 	"github.com/cilium/cilium/cilium-cli/defaults"
 	"github.com/cilium/cilium/cilium-cli/hubble"
 	"github.com/cilium/cilium/cilium-cli/install"
-	"github.com/cilium/cilium/pkg/inctimer"
 )
 
 // addCommonInstallFlags adds install command flags that are shared between install and upgrade commands.
@@ -137,7 +137,7 @@ func newCmdUninstallWithHelm() *cobra.Command {
 						break
 					}
 					select {
-					case <-inctimer.After(defaults.WaitRetryInterval):
+					case <-time.After(defaults.WaitRetryInterval):
 					case <-ctx.Done():
 						fatalf("Timed out waiting for Hubble Pods to terminate")
 					}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/clustermesh/clustermesh.go b/vendor/github.com/cilium/cilium/cilium-cli/clustermesh/clustermesh.go
index 2ff1798373..37a71be38f 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/clustermesh/clustermesh.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/clustermesh/clustermesh.go
@@ -20,6 +20,7 @@ import (
 	"slices"
 	"strconv"
 	"strings"
+	"sync"
 	"text/tabwriter"
 	"time"
 
@@ -37,6 +38,7 @@ import (
 	"github.com/cilium/cilium/cilium-cli/status"
 	"github.com/cilium/cilium/cilium-cli/utils/wait"
 	ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
+	"github.com/cilium/cilium/pkg/lock"
 )
 
 const (
@@ -78,7 +80,7 @@ type k8sClusterMeshImplementation interface {
 	CreateCiliumExternalWorkload(ctx context.Context, cew *ciliumv2.CiliumExternalWorkload, opts metav1.CreateOptions) (*ciliumv2.CiliumExternalWorkload, error)
 	DeleteCiliumExternalWorkload(ctx context.Context, name string, opts metav1.DeleteOptions) error
 	ListCiliumEndpoints(ctx context.Context, namespace string, options metav1.ListOptions) (*ciliumv2.CiliumEndpointList, error)
-	CiliumLogs(ctx context.Context, namespace, pod string, since time.Time) (string, error)
+	CiliumLogs(ctx context.Context, namespace, pod string, since time.Time, previous bool) (string, error)
 }
 
 type K8sClusterMesh struct {
@@ -100,6 +102,7 @@ type Parameters struct {
 	WaitDuration         time.Duration
 	DestinationEndpoints []string
 	SourceEndpoints      []string
+	Parallel             int
 	Writer               io.Writer
 	Labels               map[string]string
 	IPv4AllocCIDR        string
@@ -1823,13 +1826,35 @@ func (k *K8sClusterMesh) connectRemoteWithHelm(ctx context.Context, localCluster
 		cn = append(state.remoteClusterNames, localClusterName)
 	}
 
+	maxGoroutines := k.params.Parallel
+
+	sem := make(chan struct{}, maxGoroutines)
+	var wg sync.WaitGroup
+	var mu lock.Mutex
+	var firstErr error
+
 	for aiClusterName, remoteClient := range rc {
-		err := k.connectSingleRemoteWithHelm(ctx, remoteClient, cn, helmValues[aiClusterName])
-		if err != nil {
-			return err
-		}
+		wg.Add(1)
+
+		sem <- struct{}{}
+
+		go func(cn []string, rc *k8s.Client, helmVals map[string]interface{}) {
+			defer wg.Done()
+			defer func() { <-sem }()
+
+			if err := k.connectSingleRemoteWithHelm(ctx, rc, cn, helmVals); err != nil {
+				mu.Lock()
+				if firstErr == nil {
+					firstErr = err
+				}
+				mu.Unlock()
+			}
+		}(cn, remoteClient, helmValues[aiClusterName])
 	}
-	return nil
+
+	wg.Wait()
+
+	return firstErr
 }
 
 func (k *K8sClusterMesh) connectSingleRemoteWithHelm(ctx context.Context, remoteClient *k8s.Client, clusterNames []string, helmValues map[string]interface{}) error {
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/builder.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/builder.go
index ce55bfef20..685159ec05 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/builder.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/builder.go
@@ -54,6 +54,9 @@ var (
 	//go:embed manifests/client-egress-to-cidr-external-deny.yaml
 	clientEgressToCIDRExternalDenyPolicyYAML string
 
+	//go:embed manifests/client-egress-to-cidrgroup-external-deny.yaml
+	clientEgressToCIDRGroupExternalDenyPolicyYAML string
+
 	//go:embed manifests/client-egress-l7-http.yaml
 	clientEgressL7HTTPPolicyYAML string
 
@@ -210,6 +213,7 @@ func concurrentTests(connTests []*check.ConnectivityTest) error {
 		clientWithServiceAccountEgressToEchoDeny{},
 		clientEgressToEchoServiceAccountDeny{},
 		clientEgressToCidrDeny{},
+		clientEgressToCidrgroupDeny{},
 		clientEgressToCidrDenyDefault{},
 		clusterMeshEndpointSliceSync{},
 		health{},
@@ -250,6 +254,8 @@ func concurrentTests(connTests []*check.ConnectivityTest) error {
 		localRedirectPolicyWithNodeDNS{},
 		noFragmentation{},
 		bgpControlPlane{},
+		multicast{},
+		strictModeEncryption{},
 	}
 	return injectTests(tests, connTests...)
 }
@@ -274,6 +280,7 @@ func renderTemplates(param check.Parameters) (map[string]string, error) {
 		"clientEgressToCIDRExternalPolicyKNPYAML":          clientEgressToCIDRExternalPolicyKNPYAML,
 		"clientEgressToCIDRNodeKNPYAML":                    clientEgressToCIDRNodeKNPYAML,
 		"clientEgressToCIDRExternalDenyPolicyYAML":         clientEgressToCIDRExternalDenyPolicyYAML,
+		"clientEgressToCIDRGroupExternalDenyPolicyYAML":    clientEgressToCIDRGroupExternalDenyPolicyYAML,
 		"clientEgressL7HTTPPolicyYAML":                     clientEgressL7HTTPPolicyYAML,
 		"clientEgressL7HTTPPolicyPortRangeYAML":            clientEgressL7HTTPPolicyPortRangeYAML,
 		"clientEgressL7HTTPNamedPortPolicyYAML":            clientEgressL7HTTPNamedPortPolicyYAML,
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/client_egress_to_cidrgroup_deny.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/client_egress_to_cidrgroup_deny.go
new file mode 100644
index 0000000000..bd89f2b5c7
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/client_egress_to_cidrgroup_deny.go
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package builder
+
+import (
+	"github.com/cilium/cilium/cilium-cli/connectivity/check"
+	"github.com/cilium/cilium/cilium-cli/connectivity/tests"
+	"github.com/cilium/cilium/cilium-cli/utils/features"
+)
+
+type clientEgressToCidrgroupDeny struct{}
+
+func (t clientEgressToCidrgroupDeny) build(ct *check.ConnectivityTest, templates map[string]string) {
+	// This policy denies L3 traffic to ExternalCIDR except ExternalIP/32
+	// It does so using a CiliumCIDRGroup
+	newTest("client-egress-to-cidrgroup-deny", ct).
+		WithCiliumPolicy(allowAllEgressPolicyYAML). // Allow all egress traffic
+		WithCiliumPolicy(templates["clientEgressToCIDRGroupExternalDenyPolicyYAML"]).
+		WithScenarios(
+			tests.PodToCIDR(tests.WithRetryDestIP(ct.Params().ExternalIP)), // Denies all traffic to ExternalOtherIP, but allow ExternalIP
+		).
+		WithExpectations(func(a *check.Action) (egress, ingress check.Result) {
+			if a.Destination().Address(features.GetIPFamily(ct.Params().ExternalOtherIP)) == ct.Params().ExternalOtherIP {
+				return check.ResultPolicyDenyEgressDrop, check.ResultNone
+			}
+			if a.Destination().Address(features.GetIPFamily(ct.Params().ExternalIP)) == ct.Params().ExternalIP {
+				return check.ResultOK, check.ResultNone
+			}
+			return check.ResultDrop, check.ResultDrop
+		})
+}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/egress_gateway.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/egress_gateway.go
index d505dea9f6..3925cd4c58 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/egress_gateway.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/egress_gateway.go
@@ -12,7 +12,8 @@ import (
 type egressGateway struct{}
 
 func (t egressGateway) build(ct *check.ConnectivityTest, _ map[string]string) {
-	newTest("egress-gateway", ct).
+	// Prefix the test name with `seq-` to run it sequentially.
+	newTest("seq-egress-gateway", ct).
 		WithCondition(func() bool { return ct.Params().IncludeUnsafeTests }).
 		WithCiliumEgressGatewayPolicy(check.CiliumEgressGatewayPolicyParams{
 			Name:            "cegp-sample-client",
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/egress_gateway_with_l7_policy.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/egress_gateway_with_l7_policy.go
index 8a63e048b1..79433fb31b 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/egress_gateway_with_l7_policy.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/egress_gateway_with_l7_policy.go
@@ -21,7 +21,8 @@ var clientEgressL7HTTPExternalYAML string
 type egressGatewayWithL7Policy struct{}
 
 func (t egressGatewayWithL7Policy) build(ct *check.ConnectivityTest, templates map[string]string) {
-	newTest("egress-gateway-with-l7-policy", ct).
+	// Prefix the test name with `seq-` to run it sequentially.
+	newTest("seq-egress-gateway-with-l7-policy", ct).
 		WithCondition(func() bool {
 			return versioncheck.MustCompile(">=1.16.0")(ct.CiliumVersion) && ct.Params().IncludeUnsafeTests
 		}).
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/from_cidr_host_netns.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/from_cidr_host_netns.go
index f865469f6d..429e37d3e1 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/from_cidr_host_netns.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/from_cidr_host_netns.go
@@ -12,7 +12,8 @@ import (
 type fromCidrHostNetns struct{}
 
 func (t fromCidrHostNetns) build(ct *check.ConnectivityTest, templates map[string]string) {
-	newTest("from-cidr-host-netns", ct).
+	// Prefix the test name with `seq-` to run it sequentially.
+	newTest("seq-from-cidr-host-netns", ct).
 		WithCondition(func() bool { return ct.Params().IncludeUnsafeTests }).
 		WithFeatureRequirements(features.RequireEnabled(features.NodeWithoutCilium)).
 		WithCiliumPolicy(templates["echoIngressFromCIDRYAML"]).
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidrgroup-external-deny.yaml b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidrgroup-external-deny.yaml
new file mode 100644
index 0000000000..361589271a
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/manifests/client-egress-to-cidrgroup-external-deny.yaml
@@ -0,0 +1,27 @@
+# This policy denies packets towards {{.ExternalOtherIP}}, but not {{.ExternalIP}}
+# Please note that if there is no other allowed rule, the policy
+# will be automatically denied {{.ExternalIP}} as well.
+
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumCIDRGroup
+metadata:
+  name: cilium-test-external-cidr
+spec:
+  externalCIDRs:
+    - "{{.ExternalCIDR}}"
+
+---
+
+apiVersion: "cilium.io/v2"
+kind: CiliumNetworkPolicy
+metadata:
+  name: client-egress-to-cidrgroup-deny
+spec:
+  endpointSelector:
+    matchLabels:
+      kind: client
+  egressDeny:
+  - toCIDRSet:
+    - cidrGroupRef: cilium-test-external-cidr
+      except:
+        - "{{.ExternalIP}}/32"
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/multicast.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/multicast.go
new file mode 100644
index 0000000000..6753a3ccf3
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/multicast.go
@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package builder
+
+import (
+	"github.com/cilium/cilium/cilium-cli/connectivity/check"
+	"github.com/cilium/cilium/cilium-cli/connectivity/tests"
+	"github.com/cilium/cilium/cilium-cli/utils/features"
+
+	"github.com/cilium/cilium/pkg/versioncheck"
+)
+
+type multicast struct{}
+
+func (t multicast) build(ct *check.ConnectivityTest, _ map[string]string) {
+	newTest("multicast", ct).
+		WithCondition(func() bool {
+			return versioncheck.MustCompile(">=1.16.0")(ct.CiliumVersion)
+		}).
+		WithCondition(func() bool {
+			return ct.Params().IncludeUnsafeTests
+		}).
+		WithFeatureRequirements(
+			features.RequireEnabled(features.Multicast),
+		).
+		WithScenarios(tests.SocatMulticast())
+}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/pod_to_pod_encryption.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/pod_to_pod_encryption.go
index 2231a12f13..33fa5fedaa 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/pod_to_pod_encryption.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/pod_to_pod_encryption.go
@@ -29,13 +29,11 @@ func (t podToPodEncryption) build(ct *check.ConnectivityTest, _ map[string]strin
 		WithCondition(func() bool { return !ct.Params().SingleNode }).
 		WithFeatureRequirements(
 			features.RequireEnabled(features.L7Proxy),
-			// Once https://github.com/cilium/cilium/issues/33168 is fixed, we
-			// can enable for IPsec too.
-			features.RequireMode(features.EncryptionPod, "wireguard"),
+			features.RequireEnabled(features.EncryptionPod),
 		).
 		WithCiliumPolicy(clientsEgressL7HTTPFromAnyPolicyYAML).
 		WithCiliumPolicy(echoIngressL7HTTPFromAnywherePolicyYAML).
 		WithScenarios(
-			tests.PodToPodEncryption(features.RequireEnabled(features.EncryptionPod)),
+			tests.PodToPodEncryption(),
 		)
 }
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/strict_mode_encryption.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/strict_mode_encryption.go
new file mode 100644
index 0000000000..4a06db3b3e
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/builder/strict_mode_encryption.go
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package builder
+
+import (
+	"github.com/cilium/cilium/cilium-cli/connectivity/check"
+	"github.com/cilium/cilium/cilium-cli/connectivity/tests"
+	"github.com/cilium/cilium/cilium-cli/utils/features"
+)
+
+type strictModeEncryption struct{}
+
+func (t strictModeEncryption) build(ct *check.ConnectivityTest, _ map[string]string) {
+	newTest("strict-mode-encryption", ct).
+		WithCondition(func() bool { return ct.Params().IncludeUnsafeTests }).
+		// Until https://github.com/cilium/cilium/pull/35454 is backported to <1.17.0
+		WithCiliumVersion(">=1.17.0").
+		WithFeatureRequirements(
+			features.RequireEnabled(features.EncryptionStrictMode),
+			// Strict mode is only supported with WireGuard
+			features.RequireMode(features.EncryptionPod, "wireguard"),
+			// Strict mode always allows host-to-host tunnel traffic
+			features.RequireDisabled(features.Tunnel),
+		).
+		WithScenarios(tests.PodToPodMissingIPCache()).
+		WithExpectations(func(_ *check.Action) (egress, ingress check.Result) {
+			return check.ResultEgressUnencryptedDrop, check.ResultEgressUnencryptedDrop
+		})
+}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/action.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/action.go
index c1da052b74..ef12bce90d 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/action.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/action.go
@@ -28,7 +28,6 @@ import (
 	"github.com/cilium/cilium/cilium-cli/defaults"
 	"github.com/cilium/cilium/cilium-cli/utils/features"
 	hubprinter "github.com/cilium/cilium/hubble/pkg/printer"
-	"github.com/cilium/cilium/pkg/inctimer"
 	"github.com/cilium/cilium/pkg/lock"
 )
 
@@ -802,7 +801,7 @@ func (a *Action) waitForRelay(ctx context.Context, client observer.ObserverClien
 		select {
 		case <-ctx.Done():
 			return fmt.Errorf("hubble server status failure: %w", ctx.Err())
-		case <-inctimer.After(time.Second):
+		case <-time.After(time.Second):
 			a.Debug("retrying hubble relay server status request")
 		}
 	}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/check.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/check.go
index 28de1d9d4d..8ad92d0b03 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/check.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/check.go
@@ -63,6 +63,7 @@ type Parameters struct {
 	JSONMockImage          string
 	TestConnDisruptImage   string
 	FRRImage               string
+	SocatImage             string
 	AgentDaemonSetName     string
 	DNSTestServerImage     string
 	IncludeUnsafeTests     bool
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/context.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/context.go
index 35e3d0de7f..c57892d1f3 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/context.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/context.go
@@ -31,6 +31,10 @@ import (
 	"github.com/cilium/cilium/pkg/lock"
 )
 
+const (
+	socatMulticastTestMsg = "Multicast test message"
+)
+
 // ConnectivityTest is the root context of the connectivity test suite
 // and holds all resources belonging to it. It implements interface
 // ConnectivityTest and is instantiated once at the start of the program,
@@ -71,6 +75,8 @@ type ConnectivityTest struct {
 	lrpClientPods        map[string]Pod
 	lrpBackendPods       map[string]Pod
 	frrPods              []Pod
+	socatServerPods      []Pod
+	socatClientPods      []Pod
 
 	hostNetNSPodsByNode      map[string]Pod
 	secondaryNetworkNodeIPv4 map[string]string // node name => secondary ip
@@ -211,6 +217,8 @@ func NewConnectivityTest(
 		clientCPPods:             make(map[string]Pod),
 		lrpClientPods:            make(map[string]Pod),
 		lrpBackendPods:           make(map[string]Pod),
+		socatServerPods:          []Pod{},
+		socatClientPods:          []Pod{},
 		perfClientPods:           []Pod{},
 		perfServerPod:            []Pod{},
 		PerfResults:              []common.PerfSummary{},
@@ -1076,6 +1084,14 @@ func (ct *ConnectivityTest) PerfClientPods() []Pod {
 	return ct.perfClientPods
 }
 
+func (ct *ConnectivityTest) SocatServerPods() []Pod {
+	return ct.socatServerPods
+}
+
+func (ct *ConnectivityTest) SocatClientPods() []Pod {
+	return ct.socatClientPods
+}
+
 func (ct *ConnectivityTest) EchoPods() map[string]Pod {
 	return ct.echoPods
 }
@@ -1210,3 +1226,26 @@ func (ct *ConnectivityTest) EchoServicePrefixes(ipFamily features.IPFamily) []ne
 	}
 	return res
 }
+
+// Multicast packet sender
+// This command exits with exit code 0
+// WITHOUT waiting for a second after receiving a packet.
+func (ct *ConnectivityTest) SocatServer1secCommand(peer TestPeer, port int, group string) []string {
+	addr := peer.Address(features.IPFamilyV4)
+	cmdStr := fmt.Sprintf("timeout 5 socat STDIO UDP4-RECVFROM:%d,ip-add-membership=%s:%s", port, group, addr)
+	cmd := strings.Fields(cmdStr)
+	return cmd
+}
+
+// Multicast packet receiver
+func (ct *ConnectivityTest) SocatClientCommand(port int, group string) []string {
+	portStr := fmt.Sprintf("%d", port)
+	cmdStr := fmt.Sprintf(`for i in $(seq 1 10000); do echo "%s" | socat - UDP-DATAGRAM:%s:%s; sleep 0.1; done`, socatMulticastTestMsg, group, portStr)
+	cmd := []string{"/bin/sh", "-c", cmdStr}
+	return cmd
+}
+
+func (ct *ConnectivityTest) KillMulticastTestSender() []string {
+	cmd := []string{"pkill", "-f", socatMulticastTestMsg}
+	return cmd
+}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/deployment.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/deployment.go
index 8ada6a1ed9..70a1828f71 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/deployment.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/deployment.go
@@ -395,6 +395,30 @@ func (ct *ConnectivityTest) ingresses() map[string]string {
 	return ingresses
 }
 
+// maybeNodeToNodeEncryptionAffinity returns a node affinity term to prefer nodes
+// not being part of the control plane when node to node encryption is enabled,
+// because they are excluded by default from node to node encryption. This logic
+// is currently suboptimal as it only accounts for the default selector, for the
+// sake of simplicity, but it should cover all common use cases.
+func (ct *ConnectivityTest) maybeNodeToNodeEncryptionAffinity() *corev1.NodeAffinity {
+	encryptNode, _ := ct.Feature(features.EncryptionNode)
+	if !encryptNode.Enabled || encryptNode.Mode == "" {
+		return nil
+	}
+
+	return &corev1.NodeAffinity{
+		PreferredDuringSchedulingIgnoredDuringExecution: []corev1.PreferredSchedulingTerm{{
+			Weight: 100,
+			Preference: corev1.NodeSelectorTerm{
+				MatchExpressions: []corev1.NodeSelectorRequirement{{
+					Key:      "node-role.kubernetes.io/control-plane",
+					Operator: corev1.NodeSelectorOpDoesNotExist,
+				}},
+			},
+		}},
+	}
+}
+
 // deploy ensures the test Namespace, Services and Deployments are running on the cluster.
 func (ct *ConnectivityTest) deploy(ctx context.Context) error {
 	var err error
@@ -633,6 +657,7 @@ func (ct *ConnectivityTest) deploy(ctx context.Context) error {
 						},
 					},
 				},
+				NodeAffinity: ct.maybeNodeToNodeEncryptionAffinity(),
 			},
 			ReadinessProbe: newLocalReadinessProbe(containerPort, "/"),
 		}, ct.params.DNSTestServerImage)
@@ -655,6 +680,7 @@ func (ct *ConnectivityTest) deploy(ctx context.Context) error {
 			Image:        ct.params.CurlImage,
 			Command:      []string{"/usr/bin/pause"},
 			Annotations:  ct.params.DeploymentAnnotations.Match(clientDeploymentName),
+			Affinity:     &corev1.Affinity{NodeAffinity: ct.maybeNodeToNodeEncryptionAffinity()},
 			NodeSelector: ct.params.NodeSelector,
 		})
 		_, err = ct.clients.src.CreateServiceAccount(ctx, ct.params.TestNamespace, k8s.NewServiceAccount(clientDeploymentName), metav1.CreateOptions{})
@@ -691,6 +717,7 @@ func (ct *ConnectivityTest) deploy(ctx context.Context) error {
 						},
 					},
 				},
+				NodeAffinity: ct.maybeNodeToNodeEncryptionAffinity(),
 			},
 			NodeSelector: ct.params.NodeSelector,
 		})
@@ -729,6 +756,7 @@ func (ct *ConnectivityTest) deploy(ctx context.Context) error {
 							},
 						},
 					},
+					NodeAffinity: ct.maybeNodeToNodeEncryptionAffinity(),
 				},
 				NodeSelector: ct.params.NodeSelector,
 			})
@@ -832,6 +860,7 @@ func (ct *ConnectivityTest) deploy(ctx context.Context) error {
 							},
 						},
 					},
+					NodeAffinity: ct.maybeNodeToNodeEncryptionAffinity(),
 				},
 				NodeSelector:   ct.params.NodeSelector,
 				ReadinessProbe: newLocalReadinessProbe(containerPort, "/"),
@@ -1042,6 +1071,34 @@ func (ct *ConnectivityTest) deploy(ctx context.Context) error {
 		}
 	}
 
+	if ct.Features[features.Multicast].Enabled {
+		_, err = ct.clients.src.GetDeployment(ctx, ct.params.TestNamespace, socatClientDeploymentName, metav1.GetOptions{})
+		if err != nil {
+			ct.Logf("✨ [%s] Deploying %s deployment...", ct.clients.src.ClusterName(), socatClientDeploymentName)
+			ds := NewSocatClientDeployment(ct.params)
+			_, err = ct.clients.src.CreateServiceAccount(ctx, ct.params.TestNamespace, k8s.NewServiceAccount(socatClientDeploymentName), metav1.CreateOptions{})
+			if err != nil {
+				return fmt.Errorf("unable to create service account %s: %w", socatClientDeploymentName, err)
+			}
+			_, err = ct.clients.src.CreateDeployment(ctx, ct.params.TestNamespace, ds, metav1.CreateOptions{})
+			if err != nil {
+				return fmt.Errorf("unable to create deployment %s: %w", socatClientDeploymentName, err)
+			}
+		}
+	}
+
+	if ct.Features[features.Multicast].Enabled {
+		_, err = ct.clients.src.GetDaemonSet(ctx, ct.params.TestNamespace, socatServerDaemonsetName, metav1.GetOptions{})
+		if err != nil {
+			ct.Logf("✨ [%s] Deploying %s daemonset...", ct.clients.src.ClusterName(), socatServerDaemonsetName)
+			ds := NewSocatServerDaemonSet(ct.params)
+			_, err = ct.clients.src.CreateDaemonSet(ctx, ct.params.TestNamespace, ds, metav1.CreateOptions{})
+			if err != nil {
+				return fmt.Errorf("unable to create daemonset %s: %w", socatServerDaemonsetName, err)
+			}
+		}
+	}
+
 	return nil
 }
 
@@ -1202,6 +1259,10 @@ func (ct *ConnectivityTest) deploymentList() (srcList []string, dstList []string
 		srcList = append(srcList, lrpBackendDeploymentName)
 	}
 
+	if ct.Features[features.Multicast].Enabled {
+		srcList = append(srcList, socatClientDeploymentName)
+	}
+
 	return srcList, dstList
 }
 
@@ -1212,6 +1273,8 @@ func (ct *ConnectivityTest) deleteDeployments(ctx context.Context, client *k8s.C
 	_ = client.DeleteDeployment(ctx, ct.params.TestNamespace, clientDeploymentName, metav1.DeleteOptions{})
 	_ = client.DeleteDeployment(ctx, ct.params.TestNamespace, client2DeploymentName, metav1.DeleteOptions{})
 	_ = client.DeleteDeployment(ctx, ct.params.TestNamespace, client3DeploymentName, metav1.DeleteOptions{})
+	_ = client.DeleteDeployment(ctx, ct.params.TestNamespace, socatClientDeploymentName, metav1.DeleteOptions{})
+	_ = client.DeleteDeployment(ctx, ct.params.TestNamespace, socatServerDaemonsetName, metav1.DeleteOptions{}) // Q:Daemonset in here is OK?
 	_ = client.DeleteServiceAccount(ctx, ct.params.TestNamespace, echoSameNodeDeploymentName, metav1.DeleteOptions{})
 	_ = client.DeleteServiceAccount(ctx, ct.params.TestNamespace, echoOtherNodeDeploymentName, metav1.DeleteOptions{})
 	_ = client.DeleteServiceAccount(ctx, ct.params.TestNamespace, clientDeploymentName, metav1.DeleteOptions{})
@@ -1419,6 +1482,35 @@ func (ct *ConnectivityTest) validateDeployment(ctx context.Context) error {
 		}
 	}
 
+	if ct.Features[features.Multicast].Enabled {
+		// socat client pods
+		socatCilentPods, err := ct.clients.src.ListPods(ctx, ct.params.TestNamespace, metav1.ListOptions{LabelSelector: "name=" + socatClientDeploymentName})
+		if err != nil {
+			return fmt.Errorf("unable to list socat client pods: %w", err)
+		}
+		for _, pod := range socatCilentPods.Items {
+			ct.socatClientPods = append(ct.socatClientPods, Pod{
+				K8sClient: ct.client,
+				Pod:       pod.DeepCopy(),
+			})
+		}
+
+		// socat server pods
+		if err := WaitForDaemonSet(ctx, ct, ct.clients.src, ct.Params().TestNamespace, socatServerDaemonsetName); err != nil {
+			return err
+		}
+		socatServerPods, err := ct.clients.src.ListPods(ctx, ct.params.TestNamespace, metav1.ListOptions{LabelSelector: "name=" + socatServerDaemonsetName})
+		if err != nil {
+			return fmt.Errorf("unable to list socat server pods: %w", err)
+		}
+		for _, pod := range socatServerPods.Items {
+			ct.socatServerPods = append(ct.socatServerPods, Pod{
+				K8sClient: ct.client,
+				Pod:       pod.DeepCopy(),
+			})
+		}
+	}
+
 	for _, cp := range ct.clientPods {
 		if err := WaitForCoreDNS(ctx, ct, cp); err != nil {
 			return err
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/features.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/features.go
index 30063d0c2e..a5ed68c62c 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/features.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/features.go
@@ -66,6 +66,7 @@ func (ct *ConnectivityTest) extractFeaturesFromRuntimeConfig(ctx context.Context
 
 	result[features.EncryptionNode] = features.Status{
 		Enabled: cfg.EncryptNode,
+		Mode:    cfg.NodeEncryptionOptOutLabelsString,
 	}
 
 	isFeatureKNPEnabled, err := ct.isFeatureKNPEnabled(cfg.EnableK8sNetworkPolicy)
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/metrics.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/metrics.go
index 6ef5089681..89d677ba3f 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/metrics.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/metrics.go
@@ -12,7 +12,7 @@ import (
 	dto "github.com/prometheus/client_model/go"
 	"github.com/prometheus/common/expfmt"
 
-	"github.com/cilium/cilium/cilium-cli/k8s"
+	"github.com/cilium/cilium/pkg/k8s"
 )
 
 // metricsURLFormat is the path format to retrieve the metrics on the
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/netshoot.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/netshoot.go
new file mode 100644
index 0000000000..60360b7e1b
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/netshoot.go
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package check
+
+import appsv1 "k8s.io/api/apps/v1"
+
+const (
+	// SocatServerPort is the port on which the socat server listens.
+	socatServerDaemonsetName  = "socat-server-daemonset"
+	socatClientDeploymentName = "socat-client"
+)
+
+func NewSocatServerDaemonSet(params Parameters) *appsv1.DaemonSet {
+	ds := newDaemonSet(daemonSetParameters{
+		Name:    socatServerDaemonsetName,
+		Kind:    socatServerDaemonsetName,
+		Image:   params.SocatImage,
+		Command: []string{"/bin/sh", "-c", "sleep 10000000"},
+	})
+	return ds
+}
+
+func NewSocatClientDeployment(params Parameters) *appsv1.Deployment {
+	dep := newDeployment(deploymentParameters{
+		Name:     socatClientDeploymentName,
+		Kind:     socatClientDeploymentName,
+		Image:    params.SocatImage,
+		Replicas: 1,
+		Command:  []string{"/bin/sh", "-c", "sleep 10000000"},
+	})
+	return dep
+}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/policy.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/policy.go
index f8d9ae1483..c78ee971a5 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/policy.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/policy.go
@@ -5,9 +5,8 @@ package check
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
-	"maps"
-	"reflect"
 	"strconv"
 	"strings"
 	"time"
@@ -15,16 +14,20 @@ import (
 	networkingv1 "k8s.io/api/networking/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
-	clientsetscheme "k8s.io/client-go/kubernetes/scheme"
 
 	flowpb "github.com/cilium/cilium/api/v1/flow"
 	"github.com/cilium/cilium/cilium-cli/defaults"
 	"github.com/cilium/cilium/cilium-cli/k8s"
+	"github.com/cilium/cilium/cilium-cli/utils/features"
+	k8sConst "github.com/cilium/cilium/pkg/k8s/apis/cilium.io"
 	ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
 	"github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/scheme"
 	"github.com/cilium/cilium/pkg/lock"
+	"github.com/cilium/cilium/pkg/policy/api"
 )
 
 /* How many times we should retry getting the policy revisions before
@@ -106,6 +109,25 @@ type client[T policy] interface {
 	Update(ctx context.Context, networkPolicy T, opts metav1.UpdateOptions) (T, error)
 }
 
+// createOrUpdate applies a generic object to the cluster, returning true if it was updated
+func createOrUpdate(ctx context.Context, client *k8s.Client, obj k8s.Object) (bool, error) {
+	existing, err := client.GetGeneric(ctx, obj.GetNamespace(), obj.GetName(), obj)
+	if err != nil && !k8serrors.IsNotFound(err) {
+		return false, fmt.Errorf("failed to retrieve %s/%s: %w", obj.GetNamespace(), obj.GetName(), err)
+	}
+
+	created, err := client.ApplyGeneric(ctx, obj)
+	if err != nil {
+		return false, fmt.Errorf("failed to create / update %s %s/%s: %w", obj.GetObjectKind().GroupVersionKind().Kind, obj.GetNamespace(), obj.GetName(), err)
+	}
+
+	if existing == nil {
+		return true, nil
+	}
+
+	return existing.GetGeneration() != created.GetGeneration(), nil
+}
+
 // CreateOrUpdatePolicy implements the generic logic to create or update a policy.
 func CreateOrUpdatePolicy[T policy](ctx context.Context, client client[T], obj T, mutator func(obj T) bool) (bool, error) {
 	// Let's attempt to create the policy. We optimize the creation path
@@ -141,137 +163,6 @@ func CreateOrUpdatePolicy[T policy](ctx context.Context, client client[T], obj T
 	return true, nil
 }
 
-// createOrUpdateCNP creates the CNP and updates it if it already exists.
-func createOrUpdateCNP(ctx context.Context, client *k8s.Client, cnp *ciliumv2.CiliumNetworkPolicy) (bool, error) {
-	return CreateOrUpdatePolicy(ctx, client.CiliumClientset.CiliumV2().CiliumNetworkPolicies(cnp.GetNamespace()),
-		cnp, func(current *ciliumv2.CiliumNetworkPolicy) bool {
-			if maps.Equal(current.GetLabels(), cnp.GetLabels()) &&
-				current.Spec.DeepEqual(cnp.Spec) &&
-				current.Specs.DeepEqual(&cnp.Specs) {
-				return false
-			}
-
-			current.ObjectMeta.Labels = cnp.ObjectMeta.Labels
-			current.Spec = cnp.Spec
-			current.Specs = cnp.Specs
-			return true
-		},
-	)
-}
-
-// createOrUpdateCCNP creates the CCNP and updates it if it already exists.
-func createOrUpdateCCNP(ctx context.Context, client *k8s.Client, ccnp *ciliumv2.CiliumClusterwideNetworkPolicy) (bool, error) {
-	return CreateOrUpdatePolicy(ctx, client.CiliumClientset.CiliumV2().CiliumClusterwideNetworkPolicies(),
-		ccnp, func(current *ciliumv2.CiliumClusterwideNetworkPolicy) bool {
-			if maps.Equal(current.GetLabels(), ccnp.GetLabels()) &&
-				current.Spec.DeepEqual(ccnp.Spec) &&
-				current.Specs.DeepEqual(&ccnp.Specs) {
-				return false
-			}
-
-			current.ObjectMeta.Labels = ccnp.ObjectMeta.Labels
-			current.Spec = ccnp.Spec
-			current.Specs = ccnp.Specs
-			return true
-		},
-	)
-}
-
-// createOrUpdateKNP creates the KNP and updates it if it already exists.
-func createOrUpdateKNP(ctx context.Context, client *k8s.Client, knp *networkingv1.NetworkPolicy) (bool, error) {
-	return CreateOrUpdatePolicy(ctx, client.Clientset.NetworkingV1().NetworkPolicies(knp.GetNamespace()),
-		knp, func(current *networkingv1.NetworkPolicy) bool {
-			if maps.Equal(current.GetLabels(), knp.GetLabels()) &&
-				reflect.DeepEqual(current.Spec, knp.Spec) {
-				return false
-			}
-
-			current.ObjectMeta.Labels = knp.ObjectMeta.Labels
-			current.Spec = knp.Spec
-			return true
-		},
-	)
-}
-
-// createOrUpdateCEGP creates the CEGP and updates it if it already exists.
-func createOrUpdateCEGP(ctx context.Context, client *k8s.Client, cegp *ciliumv2.CiliumEgressGatewayPolicy) error {
-	_, err := CreateOrUpdatePolicy(ctx, client.CiliumClientset.CiliumV2().CiliumEgressGatewayPolicies(),
-		cegp, func(current *ciliumv2.CiliumEgressGatewayPolicy) bool {
-			if maps.Equal(current.GetLabels(), cegp.GetLabels()) &&
-				current.Spec.DeepEqual(&cegp.Spec) {
-				return false
-			}
-
-			current.ObjectMeta.Labels = cegp.ObjectMeta.Labels
-			current.Spec = cegp.Spec
-			return true
-		},
-	)
-	return err
-}
-
-// createOrUpdateCLRP creates the CLRP and updates it if it already exists.
-func createOrUpdateCLRP(ctx context.Context, client *k8s.Client, clrp *ciliumv2.CiliumLocalRedirectPolicy) error {
-	_, err := CreateOrUpdatePolicy(ctx, client.CiliumClientset.CiliumV2().CiliumLocalRedirectPolicies(clrp.Namespace),
-		clrp, func(current *ciliumv2.CiliumLocalRedirectPolicy) bool {
-			if maps.Equal(current.GetLabels(), clrp.GetLabels()) &&
-				current.Spec.DeepEqual(&clrp.Spec) {
-				return false
-			}
-
-			current.ObjectMeta.Labels = clrp.ObjectMeta.Labels
-			current.Spec = clrp.Spec
-			return true
-		},
-	)
-	return err
-}
-
-// deleteCNP deletes a CiliumNetworkPolicy from the cluster.
-func deleteCNP(ctx context.Context, client *k8s.Client, cnp *ciliumv2.CiliumNetworkPolicy) error {
-	if err := client.DeleteCiliumNetworkPolicy(ctx, cnp.Namespace, cnp.Name, metav1.DeleteOptions{}); err != nil {
-		return fmt.Errorf("%s/%s/%s policy delete failed: %w", client.ClusterName(), cnp.Namespace, cnp.Name, err)
-	}
-
-	return nil
-}
-
-// deleteCNP deletes a CiliumNetworkPolicy from the cluster.
-func deleteCCNP(ctx context.Context, client *k8s.Client, ccnp *ciliumv2.CiliumClusterwideNetworkPolicy) error {
-	if err := client.DeleteCiliumClusterwideNetworkPolicy(ctx, ccnp.Name, metav1.DeleteOptions{}); err != nil {
-		return fmt.Errorf("%s/%s policy delete failed: %w", client.ClusterName(), ccnp.Name, err)
-	}
-
-	return nil
-}
-
-// deleteKNP deletes a Kubernetes NetworkPolicy from the cluster.
-func deleteKNP(ctx context.Context, client *k8s.Client, knp *networkingv1.NetworkPolicy) error {
-	if err := client.DeleteKubernetesNetworkPolicy(ctx, knp.Namespace, knp.Name, metav1.DeleteOptions{}); err != nil {
-		return fmt.Errorf("%s/%s/%s policy delete failed: %w", client.ClusterName(), knp.Namespace, knp.Name, err)
-	}
-
-	return nil
-}
-
-// deleteCEGP deletes a CiliumEgressGatewayPolicy from the cluster.
-func deleteCEGP(ctx context.Context, client *k8s.Client, cegp *ciliumv2.CiliumEgressGatewayPolicy) error {
-	if err := client.DeleteCiliumEgressGatewayPolicy(ctx, cegp.Name, metav1.DeleteOptions{}); err != nil {
-		return fmt.Errorf("%s/%s policy delete failed: %w", client.ClusterName(), cegp.Name, err)
-	}
-
-	return nil
-}
-
-// deleteCLRP deletes a CiliumLocalRedirectPolicy from the cluster.
-func deleteCLRP(ctx context.Context, client *k8s.Client, clrp *ciliumv2.CiliumLocalRedirectPolicy) error {
-	if err := client.DeleteCiliumLocalRedirectPolicy(ctx, clrp.Namespace, clrp.Name, metav1.DeleteOptions{}); err != nil {
-		return fmt.Errorf("%s/%s/%s policy delete failed: %w", client.ClusterName(), clrp.Namespace, clrp.Name, err)
-	}
-
-	return nil
-}
-
 func defaultDropReason(flow *flowpb.Flow) bool {
 	return flow.GetDropReasonDesc() != flowpb.DropReason_DROP_REASON_UNKNOWN
 }
@@ -288,6 +179,10 @@ func authRequiredDropReason(flow *flowpb.Flow) bool {
 	return flow.GetDropReasonDesc() == flowpb.DropReason_AUTH_REQUIRED
 }
 
+func unencryptedDropReason(flow *flowpb.Flow) bool {
+	return flow.GetDropReasonDesc() == flowpb.DropReason_UNENCRYPTED_TRAFFIC
+}
+
 type ExpectationsFunc func(a *Action) (egress, ingress Result)
 
 // WithExpectations sets the getExpectations test result function to use during tests
@@ -335,35 +230,6 @@ func RegisterPolicy[T policy](current map[string]T, policies ...T) (map[string]T
 	return current, nil
 }
 
-// addCNPs adds one or more CiliumNetworkPolicy resources to the Test.
-func (t *Test) addCNPs(cnps ...*ciliumv2.CiliumNetworkPolicy) (err error) {
-	t.cnps, err = RegisterPolicy(t.cnps, cnps...)
-	return err
-}
-
-// addCNPs adds one or more CiliumClusterwideNetworkPolicy resources to the Test.
-func (t *Test) addCCNPs(ccnps ...*ciliumv2.CiliumClusterwideNetworkPolicy) (err error) {
-	t.ccnps, err = RegisterPolicy(t.ccnps, ccnps...)
-	return err
-}
-
-// addKNPs adds one or more K8S NetworkPolicy resources to the Test.
-func (t *Test) addKNPs(policies ...*networkingv1.NetworkPolicy) (err error) {
-	t.knps, err = RegisterPolicy(t.knps, policies...)
-	return err
-}
-
-// addCEGPs adds one or more CiliumEgressGatewayPolicy resources to the Test.
-func (t *Test) addCEGPs(cegps ...*ciliumv2.CiliumEgressGatewayPolicy) (err error) {
-	t.cegps, err = RegisterPolicy(t.cegps, cegps...)
-	return err
-}
-
-func (t *Test) addCLRPs(clrps ...*ciliumv2.CiliumLocalRedirectPolicy) (err error) {
-	t.clrps, err = RegisterPolicy(t.clrps, clrps...)
-	return err
-}
-
 func sumMap(m map[string]int) int {
 	sum := 0
 	for _, v := range m {
@@ -376,9 +242,18 @@ func sumMap(m map[string]int) int {
 // can apply or delete policies in case of connectivity test concurrency > 1
 var policyApplyDeleteLock = lock.Mutex{}
 
-// applyPolicies applies all the Test's registered network policies.
-func (t *Test) applyPolicies(ctx context.Context) error {
-	if len(t.cnps) == 0 && len(t.ccnps) == 0 && len(t.knps) == 0 && len(t.cegps) == 0 && len(t.clrps) == 0 {
+// isPolicy returns true if the object is a network policy, and thus
+// should bump the policy revision.
+func isPolicy(obj k8s.Object) bool {
+	gk := obj.GetObjectKind().GroupVersionKind().GroupKind()
+	return (gk == schema.GroupKind{Group: ciliumv2.CustomResourceDefinitionGroup, Kind: ciliumv2.CNPKindDefinition} ||
+		gk == schema.GroupKind{Group: ciliumv2.CustomResourceDefinitionGroup, Kind: ciliumv2.CCNPKindDefinition} ||
+		gk == schema.GroupKind{Group: networkingv1.GroupName, Kind: "NetworkPolicy"})
+}
+
+// applyResources applies all the Test's registered additional resources
+func (t *Test) applyResources(ctx context.Context) error {
+	if len(t.resources) == 0 {
 		return nil
 	}
 
@@ -397,73 +272,28 @@ func (t *Test) applyPolicies(ctx context.Context) error {
 
 	// Incremented, by cluster, for every expected revision.
 	revDeltas := map[string]int{}
-	// Apply all given CiliumNetworkPolicies.
-	for _, cnp := range t.cnps {
-		for _, client := range t.Context().clients.clients() {
-			t.Infof("📜 Applying CiliumNetworkPolicy '%s' to namespace '%s'..", cnp.Name, cnp.Namespace)
-			changed, err := createOrUpdateCNP(ctx, client, cnp)
-			if err != nil {
-				return fmt.Errorf("policy application failed: %w", err)
-			}
-			if changed {
-				revDeltas[client.ClusterName()]++
-			}
-		}
-	}
 
-	// Apply all given CiliumClusterwideNetworkPolicy.
-	for _, ccnp := range t.ccnps {
+	// apply resources to all clusters
+	for _, obj := range t.resources {
+		kind := obj.GetObjectKind().GroupVersionKind().Kind
 		for _, client := range t.Context().clients.clients() {
-			t.Infof("📜 Applying CiliumClusterwideNetworkPolicy '%s'..", ccnp.Name)
-			changed, err := createOrUpdateCCNP(ctx, client, ccnp)
+			t.Infof("📜 Applying %s '%s' to namespace '%s' on cluster %s..", kind, obj.GetName(), obj.GetNamespace(), client.ClusterName())
+			changed, err := createOrUpdate(ctx, client, obj)
 			if err != nil {
-				return fmt.Errorf("policy application failed: %w", err)
-			}
-			if changed {
-				revDeltas[client.ClusterName()]++
+				return fmt.Errorf("failed to apply %s '%s' to namespace '%s' on cluster %s: %w", kind, obj.GetName(), obj.GetNamespace(), client.ClusterName(), err)
 			}
-		}
-	}
 
-	// Apply all given Kubernetes Network Policies.
-	for _, knp := range t.knps {
-		for _, client := range t.Context().clients.clients() {
-			t.Infof("📜 Applying KubernetesNetworkPolicy '%s' to namespace '%s'..", knp.Name, knp.Namespace)
-			changed, err := createOrUpdateKNP(ctx, client, knp)
-			if err != nil {
-				return fmt.Errorf("policy application failed: %w", err)
-			}
-			if changed {
+			if changed && isPolicy(obj) {
 				revDeltas[client.ClusterName()]++
 			}
 		}
 	}
 
-	// Apply all given Cilium Egress Gateway Policies.
-	for _, cegp := range t.cegps {
-		for _, client := range t.Context().clients.clients() {
-			t.Infof("📜 Applying CiliumEgressGatewayPolicy '%s' to namespace '%s'..", cegp.Name, cegp.Namespace)
-			if err := createOrUpdateCEGP(ctx, client, cegp); err != nil {
-				return fmt.Errorf("policy application failed: %w", err)
-			}
-		}
-	}
-
-	// Apply all given Cilium Local Redirect Policies.
-	for _, clrp := range t.clrps {
-		for _, client := range t.Context().clients.clients() {
-			t.Infof("📜 Applying CiliumLocalRedirectPolicy '%s' to namespace '%s'..", clrp.Name, clrp.Namespace)
-			if err := createOrUpdateCLRP(ctx, client, clrp); err != nil {
-				return fmt.Errorf("policy application failed: %w", err)
-			}
-		}
-	}
-
 	// Register a finalizer with the Test immediately to enable cleanup.
 	// If we return a cleanup closure from this function, cleanup cannot be
 	// performed if the user cancels during the policy revision wait time.
 	t.finalizers = append(t.finalizers, func(ctx context.Context) error {
-		if err := t.deletePolicies(ctx); err != nil {
+		if err := t.deleteResources(ctx); err != nil {
 			t.CiliumLogs(ctx)
 			return err
 		}
@@ -484,29 +314,17 @@ func (t *Test) applyPolicies(ctx context.Context) error {
 		}
 	}
 
-	if len(t.cnps) > 0 {
-		t.Debugf("📜 Successfully applied %d CiliumNetworkPolicies", len(t.cnps))
-	}
-	if len(t.ccnps) > 0 {
-		t.Debugf("📜 Successfully applied %d CiliumClusterwideNetworkPolicies", len(t.ccnps))
-	}
-	if len(t.knps) > 0 {
-		t.Debugf("📜 Successfully applied %d K8S NetworkPolicies", len(t.knps))
-	}
-	if len(t.cegps) > 0 {
-		t.Debugf("📜 Successfully applied %d CiliumEgressGatewayPolicies", len(t.cegps))
-	}
-
-	if len(t.clrps) > 0 {
-		t.Debugf("📜 Successfully applied %d CiliumLocalRedirectPolicies", len(t.clrps))
+	if len(t.resources) > 0 {
+		t.Debugf("📜 Successfully applied %d additional resources", len(t.resources))
 	}
 
 	return nil
 }
 
-// deletePolicies deletes a given set of network policies from the cluster.
-func (t *Test) deletePolicies(ctx context.Context) error {
-	if len(t.cnps) == 0 && len(t.ccnps) == 0 && len(t.knps) == 0 && len(t.cegps) == 0 && len(t.clrps) == 0 {
+// deleteResources deletes the previously-created set of resources that
+// belong to this test.
+func (t *Test) deleteResources(ctx context.Context) error {
+	if len(t.resources) == 0 {
 		return nil
 	}
 
@@ -523,84 +341,30 @@ func (t *Test) deletePolicies(ctx context.Context) error {
 	}
 
 	revDeltas := map[string]int{}
-	// Delete all the Test's CNPs from all clients.
-	for _, cnp := range t.cnps {
-		t.Infof("📜 Deleting CiliumNetworkPolicy '%s' from namespace '%s'..", cnp.Name, cnp.Namespace)
-		for _, client := range t.Context().clients.clients() {
-			if err := deleteCNP(ctx, client, cnp); err != nil {
-				return fmt.Errorf("deleting CiliumNetworkPolicy: %w", err)
-			}
-			revDeltas[client.ClusterName()]++
-		}
-	}
-
-	// Delete all the Test's CCNPs from all clients.
-	for _, ccnp := range t.ccnps {
-		t.Infof("📜 Deleting CiliumClusterwideNetworkPolicy '%s'..", ccnp.Name)
-		for _, client := range t.Context().clients.clients() {
-			if err := deleteCCNP(ctx, client, ccnp); err != nil {
-				return fmt.Errorf("deleting CiliumClusterwideNetworkPolicy: %w", err)
-			}
-			revDeltas[client.ClusterName()]++
-		}
-	}
-
-	// Delete all the Test's KNPs from all clients.
-	for _, knp := range t.knps {
-		t.Infof("📜 Deleting K8S NetworkPolicy '%s' from namespace '%s'..", knp.Name, knp.Namespace)
-		for _, client := range t.Context().clients.clients() {
-			if err := deleteKNP(ctx, client, knp); err != nil {
-				return fmt.Errorf("deleting K8S NetworkPolicy: %w", err)
-			}
-			revDeltas[client.ClusterName()]++
-		}
-	}
-
-	// Delete all the Test's CEGPs from all clients.
-	for _, cegp := range t.cegps {
-		t.Infof("📜 Deleting CiliumEgressGatewayPolicy '%s' from namespace '%s'..", cegp.Name, cegp.Namespace)
+	for _, obj := range t.resources {
+		kind := obj.GetObjectKind().GroupVersionKind().Kind
 		for _, client := range t.Context().clients.clients() {
-			if err := deleteCEGP(ctx, client, cegp); err != nil {
-				return fmt.Errorf("deleting CiliumEgressGatewayPolicy: %w", err)
+			t.Infof("📜 Deleting %s '%s' in namespace '%s' on cluster %s..", kind, obj.GetName(), obj.GetNamespace(), client.ClusterName())
+			err := client.DeleteGeneric(ctx, obj)
+			if err != nil {
+				return fmt.Errorf("failed to delete %s '%s' in namespace '%s' on cluster %s: %w", kind, obj.GetName(), obj.GetNamespace(), client.ClusterName(), err)
 			}
-		}
-	}
 
-	// Delete all the Test's CLRPs from all clients.
-	for _, clrp := range t.clrps {
-		t.Infof("📜 Deleting CiliumLocalRedirectPolicy '%s' from namespace '%s'..", clrp.Name, clrp.Namespace)
-		for _, client := range t.Context().clients.clients() {
-			if err := deleteCLRP(ctx, client, clrp); err != nil {
-				return fmt.Errorf("deleting CiliumLocalRedirectPolicy: %w", err)
+			if isPolicy(obj) {
+				revDeltas[client.ClusterName()]++
 			}
 		}
 	}
 
-	if len(t.cnps) != 0 || len(t.ccnps) != 0 || len(t.knps) != 0 || len(t.clrps) != 0 {
+	if len(revDeltas) > 0 {
 		// Wait for policies to be deleted on all Cilium nodes.
 		if err := t.waitCiliumPolicyRevisions(ctx, revs, revDeltas); err != nil {
-			return fmt.Errorf("timed out removing policies on Cilium agents: %w", err)
+			return fmt.Errorf("timed out waiting for policy updates to be processed on Cilium agents: %w", err)
 		}
 	}
 
-	if len(t.cnps) > 0 {
-		t.Debugf("📜 Successfully deleted %d CiliumNetworkPolicies", len(t.cnps))
-	}
-
-	if len(t.ccnps) > 0 {
-		t.Debugf("📜 Successfully deleted %d CiliumClusterwideNetworkPolicies", len(t.ccnps))
-	}
-
-	if len(t.knps) > 0 {
-		t.Debugf("📜 Successfully deleted %d K8S NetworkPolicy", len(t.knps))
-	}
-
-	if len(t.cegps) > 0 {
-		t.Debugf("📜 Successfully deleted %d CiliumEgressGatewayPolicies", len(t.cegps))
-	}
-
-	if len(t.clrps) > 0 {
-		t.Debugf("📜 Successfully deleted %d CiliumLocalRedirectPolicies", len(t.clrps))
+	if len(t.resources) > 0 {
+		t.Debugf("📜 Successfully deleted %d resources", len(t.resources))
 	}
 
 	return nil
@@ -610,7 +374,7 @@ func (t *Test) deletePolicies(ctx context.Context) error {
 // filter is applied on each line of output.
 func (t *Test) CiliumLogs(ctx context.Context) {
 	for _, pod := range t.Context().ciliumPods {
-		log, err := pod.K8sClient.CiliumLogs(ctx, pod.Pod.Namespace, pod.Pod.Name, t.startTime)
+		log, err := pod.K8sClient.CiliumLogs(ctx, pod.Pod.Namespace, pod.Pod.Name, t.startTime, false)
 		if err != nil {
 			t.Fatalf("Error reading Cilium logs: %s", err)
 		}
@@ -618,58 +382,155 @@ func (t *Test) CiliumLogs(ctx context.Context) {
 	}
 }
 
-// ParsePolicyYAML decodes a yaml file into a slice of policies.
-func ParsePolicyYAML[T runtime.Object](input string, scheme *runtime.Scheme) (output []T, err error) {
-	if input == "" {
-		return nil, nil
-	}
-
-	yamls := strings.Split(input, "\n---")
+// tweakPolicy adjusts a test-dependent resource to insert the namespace
+// in known objects.
+func (t *Test) tweakPolicy(in *unstructured.Unstructured) *unstructured.Unstructured {
+	group := in.GroupVersionKind().Group
+	kind := in.GroupVersionKind().Kind
 
-	for _, yaml := range yamls {
-		if strings.TrimSpace(yaml) == "" {
-			continue
+	var tweaked runtime.Object
+	if group == ciliumv2.CustomResourceDefinitionGroup && kind == ciliumv2.CNPKindDefinition {
+		t.WithFeatureRequirements(features.RequireEnabled(features.CNP))
+		cnp := ciliumv2.CiliumNetworkPolicy{}
+		if err := convertInto(in, &cnp); err != nil {
+			t.Fatalf("could not parse CiliumNetworkPolicy: %v", err)
+			return nil
+		}
+		if cnp.Namespace == "" {
+			cnp.Namespace = t.ctx.params.TestNamespace
 		}
+		configureNamespaceInPolicySpec(cnp.Spec, t.ctx.params.TestNamespace)
+		tweaked = &cnp
+	}
 
-		obj, kind, err := serializer.NewCodecFactory(scheme, serializer.EnableStrict).UniversalDeserializer().Decode([]byte(yaml), nil, nil)
-		if err != nil {
-			return nil, fmt.Errorf("decoding yaml file: %s\nerror: %w", yaml, err)
+	if group == ciliumv2.CustomResourceDefinitionGroup && kind == ciliumv2.CCNPKindDefinition {
+		t.WithFeatureRequirements(features.RequireEnabled(features.CCNP))
+		ccnp := ciliumv2.CiliumClusterwideNetworkPolicy{}
+		if err := convertInto(in, &ccnp); err != nil {
+			t.Fatalf("could not parse CiliumClusterwideNetworkPolicy: %v", err)
+			return nil
 		}
+		configureNamespaceInPolicySpec(ccnp.Spec, t.ctx.params.TestNamespace)
+		tweaked = &ccnp
+	}
 
-		switch policy := obj.(type) {
-		case T:
-			output = append(output, policy)
-		default:
-			return nil, fmt.Errorf("unknown type '%s' in: %s", kind.Kind, yaml)
+	if group == networkingv1.GroupName && kind == "NetworkPolicy" {
+		t.WithFeatureRequirements(features.RequireEnabled(features.KNP))
+		knp := networkingv1.NetworkPolicy{}
+		if err := convertInto(in, &knp); err != nil {
+			t.Fatalf("could not parse NetworkPolicy: %v", err)
+			return nil
 		}
+		configureNamespaceInKNP(&knp, t.ctx.params.TestNamespace)
+		tweaked = &knp
 	}
 
-	return output, nil
-}
+	if tweaked == nil {
+		return in
+	}
 
-// parseCiliumPolicyYAML decodes policy yaml into a slice of CiliumNetworkPolicies.
-func parseCiliumPolicyYAML(policy string) (cnps []*ciliumv2.CiliumNetworkPolicy, err error) {
-	return ParsePolicyYAML[*ciliumv2.CiliumNetworkPolicy](policy, scheme.Scheme)
+	out := unstructured.Unstructured{}
+	if err := convertInto(tweaked, &out); err != nil {
+		t.Fatalf("could not convert tweaked object") // unreachable
+		return nil
+	}
+	return &out
 }
 
-// parseCiliumClusterwidePolicyYAML decodes policy yaml into a slice of CiliumClusterwideNetworkPolicy.
-func parseCiliumClusterwidePolicyYAML(policy string) (cnps []*ciliumv2.CiliumClusterwideNetworkPolicy, err error) {
-	return ParsePolicyYAML[*ciliumv2.CiliumClusterwideNetworkPolicy](policy, scheme.Scheme)
+func configureNamespaceInPolicySpec(spec *api.Rule, namespace string) {
+	if spec == nil {
+		return
+	}
+
+	for _, k := range []string{
+		k8sConst.PodNamespaceLabel,
+		KubernetesSourcedLabelPrefix + k8sConst.PodNamespaceLabel,
+		AnySourceLabelPrefix + k8sConst.PodNamespaceLabel,
+	} {
+		for _, e := range spec.Egress {
+			for _, es := range e.ToEndpoints {
+				if n, ok := es.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
+					es.MatchLabels[k] = namespace
+				}
+			}
+		}
+		for _, e := range spec.Ingress {
+			for _, es := range e.FromEndpoints {
+				if n, ok := es.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
+					es.MatchLabels[k] = namespace
+				}
+			}
+		}
+
+		for _, e := range spec.EgressDeny {
+			for _, es := range e.ToEndpoints {
+				if n, ok := es.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
+					es.MatchLabels[k] = namespace
+				}
+			}
+		}
+
+		for _, e := range spec.IngressDeny {
+			for _, es := range e.FromEndpoints {
+				if n, ok := es.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
+					es.MatchLabels[k] = namespace
+				}
+			}
+		}
+	}
 }
 
-// parseK8SPolicyYAML decodes policy yaml into a slice of K8S NetworkPolicies.
-func parseK8SPolicyYAML(policy string) (policies []*networkingv1.NetworkPolicy, err error) {
-	return ParsePolicyYAML[*networkingv1.NetworkPolicy](policy, clientsetscheme.Scheme)
+func configureNamespaceInKNP(pol *networkingv1.NetworkPolicy, namespace string) {
+	pol.Namespace = namespace
+
+	if pol.Spec.Size() != 0 {
+		for _, k := range []string{
+			k8sConst.PodNamespaceLabel,
+			KubernetesSourcedLabelPrefix + k8sConst.PodNamespaceLabel,
+			AnySourceLabelPrefix + k8sConst.PodNamespaceLabel,
+		} {
+			for _, e := range pol.Spec.Egress {
+				for _, es := range e.To {
+					if es.PodSelector != nil {
+						if n, ok := es.PodSelector.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
+							es.PodSelector.MatchLabels[k] = namespace
+						}
+					}
+					if es.NamespaceSelector != nil {
+						if n, ok := es.NamespaceSelector.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
+							es.NamespaceSelector.MatchLabels[k] = namespace
+						}
+					}
+				}
+			}
+			for _, e := range pol.Spec.Ingress {
+				for _, es := range e.From {
+					if es.PodSelector != nil {
+						if n, ok := es.PodSelector.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
+							es.PodSelector.MatchLabels[k] = namespace
+						}
+					}
+					if es.NamespaceSelector != nil {
+						if n, ok := es.NamespaceSelector.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
+							es.NamespaceSelector.MatchLabels[k] = namespace
+						}
+					}
+				}
+			}
+		}
+	}
 }
 
-// parseCiliumEgressGatewayPolicyYAML decodes policy yaml into a slice of
-// CiliumEgressGatewayPolicies.
-func parseCiliumEgressGatewayPolicyYAML(policy string) (cegps []*ciliumv2.CiliumEgressGatewayPolicy, err error) {
-	return ParsePolicyYAML[*ciliumv2.CiliumEgressGatewayPolicy](policy, scheme.Scheme)
+// convertInto converts an object using JSON
+func convertInto(input, output runtime.Object) error {
+	b, err := json.Marshal(input)
+	if err != nil {
+		return err // unreachable
+	}
+	return parseInto(b, output)
 }
 
-// parseCiliumLocalRedirectPolicyYAML decodes policy yaml into a slice of
-// CiliumLocalRedirectPolicies.
-func parseCiliumLocalRedirectPolicyYAML(policy string) (clrp []*ciliumv2.CiliumLocalRedirectPolicy, err error) {
-	return ParsePolicyYAML[*ciliumv2.CiliumLocalRedirectPolicy](policy, scheme.Scheme)
+func parseInto(b []byte, output runtime.Object) error {
+	_, _, err := serializer.NewCodecFactory(scheme.Scheme, serializer.EnableStrict).UniversalDeserializer().Decode(b, nil, output)
+	return err
 }
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/result.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/result.go
index d295c40d0d..de94e6b555 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/result.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/result.go
@@ -181,6 +181,13 @@ var (
 		ExitCode:       ExitAnyError,
 	}
 
+	ResultEgressUnencryptedDrop = Result{
+		Drop:           true,
+		EgressDrop:     true,
+		DropReasonFunc: unencryptedDropReason,
+		ExitCode:       ExitCurlTimeout,
+	}
+
 	// ResultDropCurlTimeout expects a dropped flow and a failed command.
 	ResultDropCurlTimeout = Result{
 		Drop:     true,
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/test.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/test.go
index a89c3af020..c6a5f54961 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/test.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/test.go
@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"context"
 	_ "embed"
+	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -21,16 +22,17 @@ import (
 	"github.com/cloudflare/cfssl/signer"
 	"github.com/cloudflare/cfssl/signer/local"
 	corev1 "k8s.io/api/core/v1"
-	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/util/yaml"
 
 	"github.com/cilium/cilium/cilium-cli/defaults"
+	"github.com/cilium/cilium/cilium-cli/k8s"
 	"github.com/cilium/cilium/cilium-cli/sysdump"
 	"github.com/cilium/cilium/cilium-cli/utils/features"
 	k8sConst "github.com/cilium/cilium/pkg/k8s/apis/cilium.io"
 	ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
 	"github.com/cilium/cilium/pkg/lock"
-	"github.com/cilium/cilium/pkg/policy/api"
 	"github.com/cilium/cilium/pkg/versioncheck"
 )
 
@@ -62,10 +64,7 @@ func NewTest(name string, verbose bool, debug bool) *Test {
 	test := &Test{
 		name:        name,
 		scenarios:   make(map[Scenario][]*Action),
-		cnps:        make(map[string]*ciliumv2.CiliumNetworkPolicy),
-		ccnps:       make(map[string]*ciliumv2.CiliumClusterwideNetworkPolicy),
-		knps:        make(map[string]*networkingv1.NetworkPolicy),
-		cegps:       make(map[string]*ciliumv2.CiliumEgressGatewayPolicy),
+		resources:   []k8s.Object{},
 		clrps:       make(map[string]*ciliumv2.CiliumLocalRedirectPolicy),
 		logBuf:      &bytes.Buffer{}, // maintain internal buffer by default
 		conditionFn: nil,
@@ -110,21 +109,14 @@ type Test struct {
 	// Needs to be stored as a list, these are implemented in another package.
 	scenariosSkipped []Scenario
 
-	// Policies active during this test.
-	cnps map[string]*ciliumv2.CiliumNetworkPolicy
-
-	// Cilium Clusterwide Network Policies active during this test.
-	ccnps map[string]*ciliumv2.CiliumClusterwideNetworkPolicy
-
-	// Kubernetes Network Policies active during this test.
-	knps map[string]*networkingv1.NetworkPolicy
-
-	// Cilium Egress Gateway Policies active during this test.
-	cegps map[string]*ciliumv2.CiliumEgressGatewayPolicy
-
 	// Cilium Local Redirect Policies active during this test.
 	clrps map[string]*ciliumv2.CiliumLocalRedirectPolicy
 
+	// k8s resources that should be created before the test run, and removed afterwards.
+	// If any of these correspond to a network policy, this will wait for the policy revision
+	// to be incremented.
+	resources []k8s.Object
+
 	// Secrets that have to be present during the test.
 	secrets map[string]*corev1.Secret
 
@@ -160,8 +152,8 @@ type Test struct {
 }
 
 func (t *Test) String() string {
-	return fmt.Sprintf("<Test %s, %d scenarios, %d CNPs, %d CCNPs, expectFunc %v>",
-		t.name, len(t.scenarios), len(t.cnps), len(t.ccnps), t.expectFunc)
+	return fmt.Sprintf("<Test %s, %d scenarios, %d resources, expectFunc %v>",
+		t.name, len(t.scenarios), len(t.resources), t.expectFunc)
 }
 
 // Name returns the name of the test.
@@ -211,7 +203,7 @@ func (t *Test) setup(ctx context.Context) error {
 	}
 
 	// Apply CNPs & KNPs to the cluster.
-	if err := t.applyPolicies(ctx); err != nil {
+	if err := t.applyResources(ctx); err != nil {
 		t.CiliumLogs(ctx)
 		return fmt.Errorf("applying network policies: %w", err)
 	}
@@ -393,49 +385,6 @@ func (t *Test) Run(ctx context.Context, index int) error {
 	return nil
 }
 
-func configureNamespaceInPolicySpec(spec *api.Rule, namespace string) {
-	if spec == nil {
-		return
-	}
-
-	for _, k := range []string{
-		k8sConst.PodNamespaceLabel,
-		KubernetesSourcedLabelPrefix + k8sConst.PodNamespaceLabel,
-		AnySourceLabelPrefix + k8sConst.PodNamespaceLabel,
-	} {
-		for _, e := range spec.Egress {
-			for _, es := range e.ToEndpoints {
-				if n, ok := es.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
-					es.MatchLabels[k] = namespace
-				}
-			}
-		}
-		for _, e := range spec.Ingress {
-			for _, es := range e.FromEndpoints {
-				if n, ok := es.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
-					es.MatchLabels[k] = namespace
-				}
-			}
-		}
-
-		for _, e := range spec.EgressDeny {
-			for _, es := range e.ToEndpoints {
-				if n, ok := es.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
-					es.MatchLabels[k] = namespace
-				}
-			}
-		}
-
-		for _, e := range spec.IngressDeny {
-			for _, es := range e.FromEndpoints {
-				if n, ok := es.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
-					es.MatchLabels[k] = namespace
-				}
-			}
-		}
-	}
-}
-
 // WithCondition takes a function containing condition check logic that
 // returns true if the test needs to be run, and false otherwise. If
 // WithCondition gets called multiple times, all the conditions need to be
@@ -445,29 +394,41 @@ func (t *Test) WithCondition(fn func() bool) *Test {
 	return t
 }
 
+// WithResources registers the list of one or more YAML-defined
+// Kubernetes resources (e.g. NetworkPolicy, etc.)
+//
+// # For certain well-known types, known references to the namespace are mutated
+//
+// If the resource has a namepace of "cilium-test", that is mutated
+// to the (serialized) namespace of the individual scenario.
+func (t *Test) WithResources(spec string) *Test {
+	buf := bytes.Buffer{}
+	buf.WriteString(spec)
+	decoder := yaml.NewYAMLOrJSONDecoder(&buf, 4096)
+
+	for {
+		u := unstructured.Unstructured{}
+		if err := decoder.Decode(&u); err != nil {
+			if errors.Is(err, io.EOF) {
+				break
+			}
+			t.Fatalf("Parsing resource YAML: %s", err)
+		}
+
+		if u.GetNamespace() == defaults.ConnectivityCheckNamespace {
+			u.SetNamespace(t.ctx.params.TestNamespace)
+		}
+		t.resources = append(t.resources, t.tweakPolicy(&u))
+	}
+	return t
+}
+
 // WithCiliumPolicy takes a string containing a YAML policy document and adds
 // the polic(y)(ies) to the scope of the Test, to be applied when the test
 // starts running. When calling this method, note that the CNP enabled feature
 // // requirement is applied directly here.
 func (t *Test) WithCiliumPolicy(policy string) *Test {
-	pl, err := parseCiliumPolicyYAML(policy)
-	if err != nil {
-		t.Fatalf("Parsing policy YAML: %s", err)
-	}
-
-	// Change the default test namespace as required.
-	for i := range pl {
-		pl[i].Namespace = t.ctx.params.TestNamespace
-		configureNamespaceInPolicySpec(pl[i].Spec, t.ctx.params.TestNamespace)
-	}
-
-	if err := t.addCNPs(pl...); err != nil {
-		t.Fatalf("Adding CNPs to policy context: %s", err)
-	}
-
-	t.WithFeatureRequirements(features.RequireEnabled(features.CNP))
-
-	return t
+	return t.WithResources(policy)
 }
 
 // WithCiliumClusterwidePolicy takes a string containing a YAML policy document
@@ -475,23 +436,7 @@ func (t *Test) WithCiliumPolicy(policy string) *Test {
 // when the test starts running. When calling this method, note that the CCNP
 // enabled feature requirement is applied directly here.
 func (t *Test) WithCiliumClusterwidePolicy(policy string) *Test {
-	pl, err := parseCiliumClusterwidePolicyYAML(policy)
-	if err != nil {
-		t.Fatalf("Parsing policy YAML: %s", err)
-	}
-
-	// Change the default test namespace as required.
-	for i := range pl {
-		configureNamespaceInPolicySpec(pl[i].Spec, t.ctx.params.TestNamespace)
-	}
-
-	if err := t.addCCNPs(pl...); err != nil {
-		t.Fatalf("Adding CCNPs to policy context: %s", err)
-	}
-
-	t.WithFeatureRequirements(features.RequireEnabled(features.CCNP))
-
-	return t
+	return t.WithResources(policy)
 }
 
 // WithK8SPolicy takes a string containing a YAML policy document and adds
@@ -499,61 +444,7 @@ func (t *Test) WithCiliumClusterwidePolicy(policy string) *Test {
 // starts running. When calling this method, note that the KNP enabled feature
 // requirement is applied directly here.
 func (t *Test) WithK8SPolicy(policy string) *Test {
-	pl, err := parseK8SPolicyYAML(policy)
-	if err != nil {
-		t.Fatalf("Parsing K8S policy YAML: %s", err)
-	}
-
-	// Change the default test namespace as required.
-	for i := range pl {
-		pl[i].Namespace = t.ctx.params.TestNamespace
-
-		if pl[i].Spec.Size() != 0 {
-			for _, k := range []string{
-				k8sConst.PodNamespaceLabel,
-				KubernetesSourcedLabelPrefix + k8sConst.PodNamespaceLabel,
-				AnySourceLabelPrefix + k8sConst.PodNamespaceLabel,
-			} {
-				for _, e := range pl[i].Spec.Egress {
-					for _, es := range e.To {
-						if es.PodSelector != nil {
-							if n, ok := es.PodSelector.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
-								es.PodSelector.MatchLabels[k] = t.ctx.params.TestNamespace
-							}
-						}
-						if es.NamespaceSelector != nil {
-							if n, ok := es.NamespaceSelector.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
-								es.NamespaceSelector.MatchLabels[k] = t.ctx.params.TestNamespace
-							}
-						}
-					}
-				}
-				for _, e := range pl[i].Spec.Ingress {
-					for _, es := range e.From {
-						if es.PodSelector != nil {
-							if n, ok := es.PodSelector.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
-								es.PodSelector.MatchLabels[k] = t.ctx.params.TestNamespace
-							}
-						}
-						if es.NamespaceSelector != nil {
-							if n, ok := es.NamespaceSelector.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
-								es.NamespaceSelector.MatchLabels[k] = t.ctx.params.TestNamespace
-							}
-						}
-					}
-				}
-			}
-		}
-	}
-
-	if err := t.addKNPs(pl...); err != nil {
-		t.Fatalf("Adding K8S Network Policies to policy context: %s", err)
-	}
-
-	// It is implicit that KNP should be enabled.
-	t.WithFeatureRequirements(features.RequireEnabled(features.KNP))
-
-	return t
+	return t.WithResources(policy)
 }
 
 // CiliumLocalRedirectPolicyParams is used to configure a CiliumLocalRedirectPolicy template.
@@ -572,21 +463,18 @@ type CiliumLocalRedirectPolicyParams struct {
 }
 
 func (t *Test) WithCiliumLocalRedirectPolicy(params CiliumLocalRedirectPolicyParams) *Test {
-	pl, err := parseCiliumLocalRedirectPolicyYAML(params.Policy)
-	if err != nil {
+	pl := ciliumv2.CiliumLocalRedirectPolicy{}
+	if err := parseInto([]byte(params.Policy), &pl); err != nil {
 		t.Fatalf("Parsing local redirect policy YAML: %s", err)
 	}
 
-	for i := range pl {
-		pl[i].Namespace = t.ctx.params.TestNamespace
-		pl[i].Name = params.Name
-		pl[i].Spec.RedirectFrontend.AddressMatcher.IP = params.FrontendIP
-		pl[i].Spec.SkipRedirectFromBackend = params.SkipRedirectFromBackend
-	}
+	pl.Namespace = t.ctx.params.TestNamespace
+	pl.Name = params.Name
+	pl.Spec.RedirectFrontend.AddressMatcher.IP = params.FrontendIP
+	pl.Spec.SkipRedirectFromBackend = params.SkipRedirectFromBackend
 
-	if err := t.addCLRPs(pl...); err != nil {
-		t.Fatalf("Adding CLRPs to cilium local redirect policy context: %s", err)
-	}
+	t.resources = append(t.resources, &pl)
+	t.clrps[params.Name] = &pl
 
 	t.WithFeatureRequirements(features.RequireEnabled(features.LocalRedirectPolicy))
 
@@ -622,59 +510,55 @@ type CiliumEgressGatewayPolicyParams struct {
 // note that the egress gateway enabled feature requirement is applied directly
 // here.
 func (t *Test) WithCiliumEgressGatewayPolicy(params CiliumEgressGatewayPolicyParams) *Test {
-	pl, err := parseCiliumEgressGatewayPolicyYAML(egressGatewayPolicyYAML)
-	if err != nil {
-		t.Fatalf("Parsing policy YAML: %s", err)
-	}
-
-	for i := range pl {
-		// Change the default test namespace as required.
-		for _, k := range []string{
-			k8sConst.PodNamespaceLabel,
-			KubernetesSourcedLabelPrefix + k8sConst.PodNamespaceLabel,
-			AnySourceLabelPrefix + k8sConst.PodNamespaceLabel,
-		} {
-			for _, e := range pl[i].Spec.Selectors {
-				ps := e.PodSelector
-				if n, ok := ps.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
-					ps.MatchLabels[k] = t.ctx.params.TestNamespace
-				}
+	pl := ciliumv2.CiliumEgressGatewayPolicy{}
+	if err := parseInto([]byte(egressGatewayPolicyYAML), &pl); err != nil {
+		t.Fatalf("Parsing EgressGatewayPolicy: %s", err)
+	}
+
+	// Change the default test namespace as required.
+	for _, k := range []string{
+		k8sConst.PodNamespaceLabel,
+		KubernetesSourcedLabelPrefix + k8sConst.PodNamespaceLabel,
+		AnySourceLabelPrefix + k8sConst.PodNamespaceLabel,
+	} {
+		for _, e := range pl.Spec.Selectors {
+			ps := e.PodSelector
+			if n, ok := ps.MatchLabels[k]; ok && n == defaults.ConnectivityCheckNamespace {
+				ps.MatchLabels[k] = t.ctx.params.TestNamespace
 			}
 		}
+	}
 
-		// Set the policy name
-		pl[i].Name = params.Name
-
-		// Set the pod selector
-		pl[i].Spec.Selectors[0].PodSelector.MatchLabels["kind"] = params.PodSelectorKind
+	// Set the policy name
+	pl.Name = params.Name
 
-		// Set the egress gateway node
-		egressGatewayNode := t.EgressGatewayNode()
-		if egressGatewayNode == "" {
-			t.Fatalf("Cannot find egress gateway node")
-		}
+	// Set the pod selector
+	pl.Spec.Selectors[0].PodSelector.MatchLabels["kind"] = params.PodSelectorKind
 
-		pl[i].Spec.EgressGateway.NodeSelector.MatchLabels["kubernetes.io/hostname"] = egressGatewayNode
+	// Set the egress gateway node
+	egressGatewayNode := t.EgressGatewayNode()
+	if egressGatewayNode == "" {
+		t.Fatalf("Cannot find egress gateway node")
+	}
 
-		// Set the excluded CIDRs
-		pl[i].Spec.ExcludedCIDRs = []ciliumv2.IPv4CIDR{}
+	pl.Spec.EgressGateway.NodeSelector.MatchLabels["kubernetes.io/hostname"] = egressGatewayNode
 
-		switch params.ExcludedCIDRsConf {
-		case ExternalNodeExcludedCIDRs:
-			for _, nodeWithoutCiliumIP := range t.Context().params.NodesWithoutCiliumIPs {
-				if parsedIP := net.ParseIP(nodeWithoutCiliumIP.IP); parsedIP.To4() == nil {
-					continue
-				}
+	// Set the excluded CIDRs
+	pl.Spec.ExcludedCIDRs = []ciliumv2.IPv4CIDR{}
 
-				cidr := ciliumv2.IPv4CIDR(fmt.Sprintf("%s/32", nodeWithoutCiliumIP.IP))
-				pl[i].Spec.ExcludedCIDRs = append(pl[i].Spec.ExcludedCIDRs, cidr)
+	switch params.ExcludedCIDRsConf {
+	case ExternalNodeExcludedCIDRs:
+		for _, nodeWithoutCiliumIP := range t.Context().params.NodesWithoutCiliumIPs {
+			if parsedIP := net.ParseIP(nodeWithoutCiliumIP.IP); parsedIP.To4() == nil {
+				continue
 			}
+
+			cidr := ciliumv2.IPv4CIDR(fmt.Sprintf("%s/32", nodeWithoutCiliumIP.IP))
+			pl.Spec.ExcludedCIDRs = append(pl.Spec.ExcludedCIDRs, cidr)
 		}
 	}
 
-	if err := t.addCEGPs(pl...); err != nil {
-		t.Fatalf("Adding CEGPs to cilium egress gateway policy context: %s", err)
-	}
+	t.resources = append(t.resources, &pl)
 
 	t.WithFeatureRequirements(features.RequireEnabled(features.EgressGateway))
 
@@ -949,16 +833,6 @@ func (t *Test) collectSysdump() {
 func (t *Test) ForEachIPFamily(do func(features.IPFamily)) {
 	ipFams := []features.IPFamily{features.IPFamilyV4, features.IPFamilyV6}
 
-	// The per-endpoint routes feature is broken with IPv6 on < v1.14 when there
-	// are any netpols installed (https://github.com/cilium/cilium/issues/23852
-	// and https://github.com/cilium/cilium/issues/23910).
-	if f, ok := t.Context().Feature(features.EndpointRoutes); ok &&
-		f.Enabled && (len(t.cnps) > 0 || len(t.knps) > 0) &&
-		versioncheck.MustCompile("<1.14.0")(t.Context().CiliumVersion) {
-
-		ipFams = []features.IPFamily{features.IPFamilyV4}
-	}
-
 	for _, ipFam := range ipFams {
 		switch ipFam {
 		case features.IPFamilyV4:
@@ -979,18 +853,6 @@ func (t *Test) CertificateCAs() map[string][]byte {
 	return t.certificateCAs
 }
 
-func (t *Test) CiliumNetworkPolicies() map[string]*ciliumv2.CiliumNetworkPolicy {
-	return t.cnps
-}
-
-func (t *Test) CiliumClusterwideNetworkPolicies() map[string]*ciliumv2.CiliumClusterwideNetworkPolicy {
-	return t.ccnps
-}
-
-func (t *Test) KubernetesNetworkPolicies() map[string]*networkingv1.NetworkPolicy {
-	return t.knps
-}
-
 func (t *Test) CiliumLocalRedirectPolicies() map[string]*ciliumv2.CiliumLocalRedirectPolicy {
 	return t.clrps
 }
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/wait.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/wait.go
index 74c4a8f628..e0c80839cd 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/wait.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/check/wait.go
@@ -23,7 +23,6 @@ import (
 	"github.com/cilium/cilium/cilium-cli/k8s"
 	"github.com/cilium/cilium/cilium-cli/utils/features"
 	"github.com/cilium/cilium/cilium-cli/utils/wait"
-	"github.com/cilium/cilium/pkg/inctimer"
 )
 
 const (
@@ -48,7 +47,7 @@ func WaitForDeployment(ctx context.Context, log Logger, client *k8s.Client, name
 		log.Debugf("[%s] Deployment %s/%s is not yet ready: %s", client.ClusterName(), namespace, name, err)
 
 		select {
-		case <-inctimer.After(PollInterval):
+		case <-time.After(PollInterval):
 		case <-ctx.Done():
 			return fmt.Errorf("timeout reached waiting for deployment %s/%s to become ready (last error: %w)",
 				namespace, name, err)
@@ -71,7 +70,7 @@ func WaitForDaemonSet(ctx context.Context, log Logger, client *k8s.Client, names
 		log.Debugf("[%s] DaemonSet %s/%s is not yet ready: %s", client.ClusterName(), namespace, name, err)
 
 		select {
-		case <-inctimer.After(PollInterval):
+		case <-time.After(PollInterval):
 		case <-ctx.Done():
 			return fmt.Errorf("timeout reached waiting for DaemonSet %s/%s to become ready (last error: %w)",
 				namespace, name, err)
@@ -103,7 +102,7 @@ func WaitForPodDNS(ctx context.Context, log Logger, src, dst Pod) error {
 			src.K8sClient.ClusterName(), target, src.Name(), dst.Name(), err, stdout.String())
 
 		select {
-		case <-inctimer.After(PollInterval):
+		case <-time.After(PollInterval):
 		case <-ctx.Done():
 			return fmt.Errorf("timeout reached waiting for lookup for %s from pod %s to server on pod %s to succeed (last error: %w)",
 				target, src.Name(), dst.Name(), err,
@@ -131,7 +130,7 @@ func WaitForCoreDNS(ctx context.Context, log Logger, client Pod) error {
 			client.K8sClient.ClusterName(), target, client.Name(), err, stdout.String())
 
 		select {
-		case <-inctimer.After(PollInterval):
+		case <-time.After(PollInterval):
 		case <-ctx.Done():
 			return fmt.Errorf("timeout reached waiting for lookup for %s from pod %s to succeed (last error: %w)",
 				target, client.Name(), err)
@@ -154,7 +153,7 @@ func WaitForServiceRetrieval(ctx context.Context, log Logger, client *k8s.Client
 		log.Debugf("[%s] Failed to retrieve Service %s/%s: %s", client.ClusterName(), namespace, name, err)
 
 		select {
-		case <-inctimer.After(PollInterval):
+		case <-time.After(PollInterval):
 		case <-ctx.Done():
 			return Service{}, fmt.Errorf("timeout reached waiting for service %s/%s to be retrieved (last error: %w)",
 				namespace, name, err)
@@ -166,7 +165,7 @@ func WaitForServiceRetrieval(ctx context.Context, log Logger, client *k8s.Client
 func WaitForService(ctx context.Context, log Logger, client Pod, service Service) error {
 	log.Logf("⌛ [%s] Waiting for Service %s to become ready...", client.K8sClient.ClusterName(), service.Name())
 
-	ctx, cancel := context.WithTimeout(ctx, ShortTimeout)
+	ctx, cancel := context.WithTimeout(ctx, 2*ShortTimeout)
 	defer cancel()
 
 	if service.Service.Spec.ClusterIP == corev1.ClusterIPNone {
@@ -197,7 +196,7 @@ func WaitForService(ctx context.Context, log Logger, client Pod, service Service
 			client.K8sClient.ClusterName(), service.Name(), err, stdout.String())
 
 		select {
-		case <-inctimer.After(PollInterval):
+		case <-time.After(PollInterval):
 		case <-ctx.Done():
 			return fmt.Errorf("timeout reached waiting for service %s (last error: %w)", service.Name(), err)
 		}
@@ -228,7 +227,7 @@ func WaitForServiceEndpoints(ctx context.Context, log Logger, agent Pod, service
 			agent.K8sClient.ClusterName(), service.Name(), agent.Name(), err)
 
 		select {
-		case <-inctimer.After(PollInterval):
+		case <-time.After(PollInterval):
 		case <-ctx.Done():
 			return fmt.Errorf("timeout reached waiting for service %s to appear in Cilium pod %s (last error: %w)",
 				service.Name(), agent.Name(), err)
@@ -308,7 +307,7 @@ func WaitForNodePorts(ctx context.Context, log Logger, client Pod, nodeIP string
 				client.K8sClient.ClusterName(), nodeIP, nodePort, service.Name(), err, stdout.String())
 
 			select {
-			case <-inctimer.After(PollInterval):
+			case <-time.After(PollInterval):
 			case <-ctx.Done():
 				return fmt.Errorf("timeout reached waiting for NodePort %s:%d (%s) (last error: %w)",
 					nodeIP, nodePort, service.Name(), err)
@@ -336,7 +335,7 @@ func WaitForIPCache(ctx context.Context, log Logger, agent Pod, pods []Pod) erro
 		log.Debugf("[%s] Error checking pod IPs in IPCache: %s", agent.K8sClient.ClusterName(), err)
 
 		select {
-		case <-inctimer.After(PollInterval):
+		case <-time.After(PollInterval):
 		case <-ctx.Done():
 			return fmt.Errorf("timeout reached waiting for pod IPs to be in IPCache of Cilium pod %s (last error: %w)",
 				agent.Name(), err)
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/sniff/sniffer.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/sniff/sniffer.go
index bcba0dc1f3..f035d74a02 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/sniff/sniffer.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/sniff/sniffer.go
@@ -13,7 +13,6 @@ import (
 
 	"github.com/cilium/cilium/cilium-cli/connectivity/check"
 	"github.com/cilium/cilium/cilium-cli/utils/lock"
-	"github.com/cilium/cilium/pkg/inctimer"
 )
 
 // Mode configures the Sniffer validation mode.
@@ -99,7 +98,7 @@ func Sniff(ctx context.Context, name string, target *check.Pod,
 			}
 
 			return nil, fmt.Errorf("Failed to execute tcpdump: %w", err)
-		case <-inctimer.After(100 * time.Millisecond):
+		case <-time.After(100 * time.Millisecond):
 			line, err := sniffer.stdout.ReadString('\n')
 			if err != nil && !errors.Is(err, io.EOF) {
 				return nil, fmt.Errorf("Failed to read kubectl exec's stdout: %w", err)
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/encryption.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/encryption.go
index 819f2e0e40..f42a4c0fba 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/encryption.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/encryption.go
@@ -6,12 +6,18 @@ package tests
 import (
 	"context"
 	"fmt"
+	"maps"
+	"slices"
 	"strings"
 
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/util/sets"
+
 	"github.com/cilium/cilium/cilium-cli/connectivity/check"
 	"github.com/cilium/cilium/cilium-cli/connectivity/sniff"
 	"github.com/cilium/cilium/cilium-cli/utils/features"
 	"github.com/cilium/cilium/pkg/defaults"
+	ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
 	"github.com/cilium/cilium/pkg/versioncheck"
 )
 
@@ -197,6 +203,26 @@ func isWgEncap(t *check.Test) bool {
 	return true
 }
 
+// checkIPSecPodToPod checks whether in case of IPSec being enabled and used
+// during the podToPodEncryption test it should be executed or skipped due to:
+//
+// 1. missing backporting of the commit in previous versions;
+// 2. usage of IPv6, for which the test is flaky (see https://github.com/cilium/cilium/issues/35485).
+//
+// Once the above reasons are fixed, this function can be removed.
+func checkIPSecPodToPod(t *check.Test, ipFam features.IPFamily) error {
+	if e, ok := t.Context().Feature(features.EncryptionPod); !(ok && e.Enabled && e.Mode == "ipsec") {
+		return nil
+	}
+	if !versioncheck.MustCompile(">=1.17.0")(t.Context().CiliumVersion) {
+		return fmt.Errorf("enabling test for IPSec requires backporting")
+	}
+	if ipFam == features.IPFamilyV6 {
+		return fmt.Errorf("inactive IPv6 test with IPSec, see https://github.com/cilium/cilium/issues/35485")
+	}
+	return nil
+}
+
 // PodToPodEncryption is a test case which checks the following:
 //   - There is a connectivity between pods on different nodes when any
 //     encryption mode is on (either WireGuard or IPsec).
@@ -246,6 +272,10 @@ func (s *podToPodEncryption) Run(ctx context.Context, t *check.Test) {
 	}
 
 	t.ForEachIPFamily(func(ipFam features.IPFamily) {
+		if err := checkIPSecPodToPod(t, ipFam); err != nil {
+			t.Debugf("Skipping test: %v", err)
+			return
+		}
 		testNoTrafficLeak(ctx, t, s, client, &server, &clientHost, &serverHost, requestHTTP, ipFam, assertNoLeaks, true, wgEncap)
 	})
 }
@@ -300,6 +330,65 @@ func testNoTrafficLeak(ctx context.Context, t *check.Test, s check.Scenario,
 	}
 }
 
+func nodeToNodeEncTestPods(nodes map[check.NodeIdentity]*ciliumv2.CiliumNode, excludeSelector labels.Selector, clients, servers []check.Pod) (client, server *check.Pod) {
+	nodeKey := func(pod *check.Pod) check.NodeIdentity {
+		if pod != nil {
+			return check.NodeIdentity{Cluster: pod.K8sClient.ClusterName(), Name: pod.NodeName()}
+		}
+		return check.NodeIdentity{}
+	}
+
+	acceptableNodes := func(pods []check.Pod) sets.Set[check.NodeIdentity] {
+		keys := sets.New[check.NodeIdentity]()
+		for _, pod := range pods {
+			node := nodes[nodeKey(&pod)]
+			if node == nil {
+				continue
+			}
+
+			if excludeSelector.Matches(labels.Set(node.Labels)) {
+				continue
+			}
+
+			keys.Insert(nodeKey(&pod))
+		}
+		return keys
+	}
+
+	getRandomPod := func(pods []check.Pod, nodes sets.Set[check.NodeIdentity]) *check.Pod {
+		for _, pod := range pods {
+			if nodes.Has(nodeKey(&pod)) {
+				return &pod
+			}
+		}
+
+		return nil
+	}
+
+	clientNodes := acceptableNodes(clients)
+	serverNodes := acceptableNodes(servers)
+
+	// Prefer selecting a client (server) running on a node which does not
+	// host a server (client) as well, to maximize the possibilities of finding
+	// a valid combination.
+	clientNodesOnly := clientNodes.Difference(serverNodes)
+	serverNodesOnly := serverNodes.Difference(clientNodes)
+
+	client = getRandomPod(clients, clientNodesOnly)
+	if client == nil {
+		client = getRandomPod(clients, clientNodes)
+	}
+
+	server = getRandomPod(servers, serverNodesOnly)
+	if server == nil {
+		// Make sure to not pick a server hosted on the same node of the client.
+		serverNodes.Delete(nodeKey(client))
+		server = getRandomPod(servers, serverNodes)
+	}
+
+	return client, server
+}
+
 func NodeToNodeEncryption(reqs ...features.Requirement) check.Scenario {
 	return &nodeToNodeEncryption{reqs}
 }
@@ -311,17 +400,28 @@ func (s *nodeToNodeEncryption) Name() string {
 }
 
 func (s *nodeToNodeEncryption) Run(ctx context.Context, t *check.Test) {
-	client := t.Context().RandomClientPod()
-
-	var server check.Pod
-	for _, pod := range t.Context().EchoPods() {
-		// Make sure that the server pod is on another node than client
-		if pod.Pod.Status.HostIP != client.Pod.Status.HostIP {
-			server = pod
-			break
+	ct := t.Context()
+	encryptNode, _ := ct.Feature(features.EncryptionNode)
+
+	// Node to node encryption can be disabled on specific nodes (e.g.,
+	// control plane ones) to prevent e.g., losing connectivity to the
+	// Kubernetes API Server. Let's take that into account when selecting
+	// the target pods/nodes.
+	excludeNodes := labels.Nothing()
+	if encryptNode.Enabled {
+		var err error
+		if excludeNodes, err = labels.Parse(encryptNode.Mode); err != nil {
+			t.Fatalf("unable to parse label selector %s: %s", encryptNode.Mode, err)
 		}
 	}
 
+	client, server := nodeToNodeEncTestPods(ct.CiliumNodes(), excludeNodes,
+		slices.Collect(maps.Values(ct.ClientPods())),
+		slices.Collect(maps.Values(ct.EchoPods())))
+	if client == nil || server == nil {
+		t.Fatal("Could not find matching pods: is node to node encryption disabled on all nodes hosting test pods?")
+	}
+
 	// clientHost is a pod running on the same node as the client pod, just in
 	// the host netns.
 	clientHost := t.Context().HostNetNSPodsByNode()[client.Pod.Spec.NodeName]
@@ -362,6 +462,6 @@ func (s *nodeToNodeEncryption) Run(ctx context.Context, t *check.Test) {
 		if onlyPodToPodWGWithTunnel {
 			hostToPodAssertNoLeaks = true
 		}
-		testNoTrafficLeak(ctx, t, s, &clientHost, &server, &clientHost, &serverHost, requestHTTP, ipFam, hostToPodAssertNoLeaks, false, wgEncap)
+		testNoTrafficLeak(ctx, t, s, &clientHost, server, &clientHost, &serverHost, requestHTTP, ipFam, hostToPodAssertNoLeaks, false, wgEncap)
 	})
 }
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/health.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/health.go
index 3de33302e6..058ed288d4 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/health.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/health.go
@@ -17,7 +17,6 @@ import (
 
 	"github.com/cilium/cilium/cilium-cli/connectivity/check"
 	"github.com/cilium/cilium/cilium-cli/defaults"
-	"github.com/cilium/cilium/pkg/inctimer"
 )
 
 func CiliumHealth() check.Scenario {
@@ -44,8 +43,6 @@ func runHealthProbe(ctx context.Context, t *check.Test, pod *check.Pod) {
 
 	// Probe health status until it passes checks or timeout is reached.
 	for {
-		retryTimer := inctimer.After(time.Second)
-
 		if _, err := pod.K8sClient.GetPod(ctx, pod.Pod.Namespace, pod.Pod.Name, metav1.GetOptions{}); k8serrors.IsNotFound(err) {
 			t.Failf("cilium-health validation failed. Cilium Agent Pod %s/%s no longer exists", pod.Pod.Namespace, pod.Pod.Name)
 			return
@@ -66,7 +63,7 @@ func runHealthProbe(ctx context.Context, t *check.Test, pod *check.Pod) {
 		case <-done:
 			t.Context().Fatalf("cilium-health probe on '%s' failed: %s", pod.Name(), err)
 			return
-		case <-retryTimer:
+		case <-time.After(time.Second):
 		}
 	}
 }
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/multicast.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/multicast.go
new file mode 100644
index 0000000000..76a377f2c0
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/multicast.go
@@ -0,0 +1,363 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package tests
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/netip"
+	"strings"
+	"sync"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/cilium/ebpf"
+
+	v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
+	"github.com/cilium/cilium/pkg/lock"
+	"github.com/cilium/cilium/pkg/node/addressing"
+
+	"github.com/cilium/cilium/cilium-cli/connectivity/check"
+	"github.com/cilium/cilium/cilium-cli/defaults"
+	"github.com/cilium/cilium/cilium-cli/utils/features"
+)
+
+const (
+	testMulticastGroupIP = "239.255.9.9"
+	testSocatPort        = 6666
+)
+
+// Having data to restore group and subscriber status after testing
+var NodeWithoutGroup []string
+var NotSubscribePodAddress map[string][]v2.NodeAddress
+var ipToPodMap lock.Map[v2.NodeAddress, string]
+var NodeWithoutGroupMu lock.RWMutex
+var NotSubscribePodAddressMu lock.RWMutex
+
+type socatMulticast struct {
+}
+
+func SocatMulticast() check.Scenario {
+	return &socatMulticast{}
+}
+
+func (s *socatMulticast) Name() string {
+	return "multicast"
+}
+
+func (s *socatMulticast) Run(ctx context.Context, t *check.Test) {
+	ct := t.Context()
+	defer func() {
+		s.cleanup(ctx, t)
+	}()
+	NotSubscribePodAddress = make(map[string][]v2.NodeAddress)
+
+	// Add all cilium nodes to the multicast group
+	if err := s.addAllNodes(ctx, t); err != nil {
+		t.Fatalf("Fatal error occurred while adding all cilium nodes to multicast group: %v", err)
+	}
+
+	bgCtx, cancelBg := context.WithCancel(ctx)
+	defer cancelBg()
+
+	var wg sync.WaitGroup
+
+	// Sender: Start repeated socat multicast client in the background)
+	for _, clientPod := range ct.SocatClientPods() {
+		wg.Add(1)
+		go func(pod check.Pod) {
+			defer wg.Done()
+			cmd := ct.SocatClientCommand(testSocatPort, testMulticastGroupIP)
+			doneCh := make(chan struct{})
+			go func() {
+				_, stdErr, err := pod.K8sClient.ExecInPodWithStderr(bgCtx, pod.Pod.Namespace, pod.Pod.Name, pod.Pod.Labels["name"], cmd)
+				if err != nil && !strings.Contains(err.Error(), "context canceled") {
+					errMsg := fmt.Sprintf("Error: %v, Stderr: %s", err, stdErr.String())
+					t.Logf("Error in background task for pod %s: %v", pod.Name(), errMsg)
+				}
+				close(doneCh)
+			}()
+			select {
+			case <-doneCh:
+				// Task finished normally
+			case <-bgCtx.Done():
+				// Context was cancelled, handle cleanup
+				cancelCmd := ct.KillMulticastTestSender()
+				_, _, err := pod.K8sClient.ExecInPodWithStderr(ctx, pod.Pod.Namespace, pod.Pod.Name, pod.Pod.Labels["name"], cancelCmd)
+				if err != nil {
+					t.Logf("Error cancelling command for pod %s: %v", pod.Name(), err)
+				}
+			}
+		}(clientPod)
+	}
+
+	// Receiver: Execute socat multicast server and check if multicast packets are coming in.
+	for _, socatServerPod := range ct.SocatServerPods() {
+		t.NewAction(s, "socat multicast", &socatServerPod, nil, features.IPFamilyV4).Run(func(a *check.Action) {
+			cmd := ct.SocatServer1secCommand(socatServerPod, testSocatPort, testMulticastGroupIP)
+			// The exit code of socat server command with timeout is 0 if a packet is received,
+			// and 124 if no packet is received.
+			a.ExecInPod(ctx, cmd)
+		})
+	}
+
+	cancelBg()
+	wg.Wait()
+}
+
+// Restore the state of the multicast group and subscriber after the test
+func (s *socatMulticast) cleanup(ctx context.Context, t *check.Test) {
+	ct := t.Context()
+	client := ct.K8sClient()
+	ciliumNodesList, err := client.ListCiliumNodes(ctx)
+	if err != nil {
+		t.Fatalf("Fatal error occurred while listing cilium nodes: %v", err)
+	}
+	ciliumNodes := ciliumNodesList.Items
+	for _, ciliumNode := range ciliumNodes {
+		if s.isNodeWithoutGroup(ciliumNode.Name) {
+			if err := s.delGroup(ctx, t, ciliumNode.Name); err != nil {
+				t.Fatalf("Fatal error occurred while deleting multicast group: %v", err)
+			}
+		} else {
+			for _, podAddress := range NotSubscribePodAddress[ciliumNode.Name] {
+				if s.isNotSubscribePodAddress(ciliumNode.Name, podAddress) {
+					if err := s.delSubscriber(ctx, t, ciliumNode.Name, podAddress.IP); err != nil {
+						t.Fatalf("Fatal error occurred while deleting subscriber: %v", err)
+					}
+				}
+			}
+		}
+	}
+}
+
+func (s *socatMulticast) addNodeWithoutGroup(nodeName string) {
+	NodeWithoutGroupMu.Lock()
+	defer NodeWithoutGroupMu.Unlock()
+	NodeWithoutGroup = append(NodeWithoutGroup, nodeName)
+}
+
+func (s *socatMulticast) isNodeWithoutGroup(nodeName string) bool {
+	NodeWithoutGroupMu.RLock()
+	defer NodeWithoutGroupMu.RUnlock()
+	for _, node := range NodeWithoutGroup {
+		if node == nodeName {
+			return true
+		}
+	}
+	return false
+}
+
+func (s *socatMulticast) addNotSubscribePodAddress(nodeName string, podAddress v2.NodeAddress) {
+	NotSubscribePodAddressMu.Lock()
+	defer NotSubscribePodAddressMu.Unlock()
+	NotSubscribePodAddress[nodeName] = append(NotSubscribePodAddress[nodeName], podAddress)
+}
+
+func (s *socatMulticast) isNotSubscribePodAddress(nodeName string, podAddress v2.NodeAddress) bool {
+	NotSubscribePodAddressMu.RLock()
+	defer NotSubscribePodAddressMu.RUnlock()
+	for _, address := range NotSubscribePodAddress[nodeName] {
+		if address.IP == podAddress.IP {
+			return true
+		}
+	}
+	return false
+}
+
+func (s *socatMulticast) getCiliumNode(ctx context.Context, t *check.Test, nodeName string) (v2.CiliumNode, error) {
+	ct := t.Context()
+	client := ct.K8sClient()
+	ciliumNodes, err := client.ListCiliumNodes(ctx)
+	if err != nil {
+		return v2.CiliumNode{}, err
+	}
+	var ciliumNode v2.CiliumNode
+	for _, node := range ciliumNodes.Items {
+		if node.Name == nodeName {
+			ciliumNode = node
+		}
+	}
+	return ciliumNode, nil
+}
+
+func (s *socatMulticast) getCiliumInternalIP(ctx context.Context, t *check.Test, nodeName string) (v2.NodeAddress, error) {
+	ciliumNode, err := s.getCiliumNode(ctx, t, nodeName)
+	if err != nil {
+		return v2.NodeAddress{}, fmt.Errorf("unable to get cilium node: %w", err)
+	}
+	addrs := ciliumNode.Spec.Addresses
+	var ciliumInternalIP v2.NodeAddress
+	for _, addr := range addrs {
+		if addr.AddrType() == addressing.NodeCiliumInternalIP {
+			ip, err := netip.ParseAddr(addr.IP)
+			if err != nil {
+				continue
+			}
+			if ip.Is4() {
+				ciliumInternalIP = addr
+			}
+		}
+	}
+	if ciliumInternalIP.IP == "" {
+		return v2.NodeAddress{}, fmt.Errorf("ciliumInternalIP not found")
+	}
+	return ciliumInternalIP, nil
+}
+
+// To record the correspondence between CiliumInternalIp and cilium-agent
+func (s *socatMulticast) populateMaps(ctx context.Context, t *check.Test, ciliumPods []corev1.Pod) error {
+	var wg sync.WaitGroup
+	errCh := make(chan error, len(ciliumPods))
+	wg.Add(len(ciliumPods))
+
+	for _, ciliumPod := range ciliumPods {
+		go func(pod corev1.Pod) {
+			defer wg.Done()
+			ciliumInternalIP, err := s.getCiliumInternalIP(ctx, t, pod.Spec.NodeName)
+			if err != nil {
+				errCh <- err
+				return
+			}
+			ipToPodMap.Store(ciliumInternalIP, pod.Name)
+		}(ciliumPod)
+	}
+
+	wg.Wait()
+	close(errCh)
+
+	var errRet error
+	for fetchData := range errCh {
+		errRet = errors.Join(errRet, fetchData)
+	}
+	return errRet
+}
+
+// create multicast group and add all cilium nodes to the multicast group for testing
+func (s *socatMulticast) addAllNodes(ctx context.Context, t *check.Test) error {
+	ct := t.Context()
+	client := ct.K8sClient()
+
+	ciliumPodsList, err := client.ListPods(ctx, ct.Params().CiliumNamespace, metav1.ListOptions{LabelSelector: defaults.AgentPodSelector})
+	if err != nil {
+		return err
+	}
+	ciliumPods := ciliumPodsList.Items
+
+	// Create a map of ciliumInternalIPs of all nodes
+	if err := s.populateMaps(ctx, t, ciliumPods); err != nil {
+		return err
+	}
+
+	var wg sync.WaitGroup
+	errCh := make(chan error, len(ciliumPods))
+	wg.Add(len(ciliumPods))
+
+	for _, ciliumPod := range ciliumPods {
+		go func(pod corev1.Pod) {
+			defer wg.Done()
+			// If there are not specified multicast group, create it
+			cmd := []string{"cilium-dbg", "bpf", "multicast", "subscriber", "list", testMulticastGroupIP}
+			_, stdErr, err := client.ExecInPodWithStderr(ctx, pod.Namespace, pod.Name, defaults.AgentContainerName, cmd)
+			if err != nil {
+				if !strings.Contains(stdErr.String(), ebpf.ErrKeyNotExist.Error()) {
+					errMsg := fmt.Sprintf("Error: %v, Stderr: %s", err, stdErr.String())
+					errCh <- errors.New(errMsg)
+					t.Fatalf("Fatal error occurred while checking multicast group %s in %s", testMulticastGroupIP, pod.Spec.NodeName)
+					return
+				}
+				s.addNodeWithoutGroup(pod.Spec.NodeName)
+				cmd = []string{"cilium-dbg", "bpf", "multicast", "group", "add", testMulticastGroupIP}
+				_, stdErr, err := client.ExecInPodWithStderr(ctx, pod.Namespace, pod.Name, defaults.AgentContainerName, cmd)
+				if err != nil {
+					errMsg := fmt.Sprintf("Error: %v, Stderr: %s", err, stdErr.String())
+					errCh <- errors.New(errMsg)
+					t.Fatalf("Fatal error occurred while creating multicast group %s in %s", testMulticastGroupIP, pod.Spec.NodeName)
+					return
+				}
+			}
+			// Add all ciliumInternalIPs of all nodes to the multicast group as subscribers
+			ipToPodMap.Range(func(ip v2.NodeAddress, podName string) bool {
+				if ip.IP != "" && pod.Name != podName { // My node itself does not need to be in a multicast group.
+					cmd = []string{"cilium-dbg", "bpf", "multicast", "subscriber", "add", testMulticastGroupIP, ip.IP}
+					_, stdErr, err := client.ExecInPodWithStderr(ctx, pod.Namespace, pod.Name, defaults.AgentContainerName, cmd)
+					if err == nil {
+						s.addNotSubscribePodAddress(pod.Spec.NodeName, ip)
+					} else if !strings.Contains(stdErr.String(), ebpf.ErrKeyExist.Error()) {
+						errMsg := fmt.Sprintf("Error: %v, Stderr: %s", err, stdErr.String())
+						errCh <- errors.New(errMsg)
+						t.Fatalf("Fatal error occurred while adding node %s to multicast group %s in %s", ip.IP, testMulticastGroupIP, pod.Spec.NodeName)
+						return false // Stop iteration
+					}
+				}
+				return true // Continue iteration
+			})
+		}(ciliumPod)
+	}
+
+	wg.Wait()
+	close(errCh)
+
+	var errRet error
+	for fetchData := range errCh {
+		errRet = errors.Join(errRet, fetchData)
+	}
+	return errRet
+}
+
+// Delete multicast group in designated node
+func (s *socatMulticast) delGroup(ctx context.Context, t *check.Test, nodeName string) error {
+	ct := t.Context()
+	client := ct.K8sClient()
+
+	ciliumPodsList, err := client.ListPods(ctx, ct.Params().CiliumNamespace, metav1.ListOptions{LabelSelector: defaults.AgentPodSelector})
+	if err != nil {
+		return err
+	}
+	ciliumPods := ciliumPodsList.Items
+
+	for _, ciliumPod := range ciliumPods {
+		if nodeName == ciliumPod.Spec.NodeName {
+			cmd := []string{"cilium-dbg", "bpf", "multicast", "group", "delete", testMulticastGroupIP}
+			_, stdErr, err := client.ExecInPodWithStderr(ctx, ciliumPod.Namespace, ciliumPod.Name, defaults.AgentContainerName, cmd)
+			if err != nil {
+				if !strings.Contains(stdErr.String(), ebpf.ErrKeyNotExist.Error()) {
+					errMsg := fmt.Sprintf("Error: %v while deleting Multicast Group for test %s, Stderr: %s", err, testMulticastGroupIP, stdErr.String())
+					return errors.New(errMsg)
+				}
+			}
+			break
+		}
+	}
+	return nil
+}
+
+// Delete designated subscriber in designated node
+func (s *socatMulticast) delSubscriber(ctx context.Context, t *check.Test, nodeName string, subscriberIP string) error {
+	ct := t.Context()
+	client := ct.K8sClient()
+
+	ciliumPodsList, err := client.ListPods(ctx, ct.Params().CiliumNamespace, metav1.ListOptions{LabelSelector: defaults.AgentPodSelector})
+	if err != nil {
+		return err
+	}
+	ciliumPods := ciliumPodsList.Items
+
+	for _, ciliumPod := range ciliumPods {
+		if nodeName == ciliumPod.Spec.NodeName {
+			cmd := []string{"cilium-dbg", "bpf", "multicast", "subscriber", "delete", testMulticastGroupIP, subscriberIP}
+			_, stdErr, err := client.ExecInPodWithStderr(ctx, ciliumPod.Namespace, ciliumPod.Name, defaults.AgentContainerName, cmd)
+			if err != nil {
+				if !strings.Contains(stdErr.String(), ebpf.ErrKeyNotExist.Error()) {
+					errMsg := fmt.Sprintf("Error: %v while removing %s from Multicast Group %s Stderr: %s", err, subscriberIP, testMulticastGroupIP, stdErr.String())
+					return errors.New(errMsg)
+				}
+			}
+			break
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/pod.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/pod.go
index 04cc8eabd3..54c6c1a4e4 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/pod.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/pod.go
@@ -6,10 +6,12 @@ package tests
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strconv"
 	"strings"
 
 	"github.com/cilium/cilium/cilium-cli/connectivity/check"
+	"github.com/cilium/cilium/cilium-cli/defaults"
 	"github.com/cilium/cilium/cilium-cli/utils/features"
 )
 
@@ -253,3 +255,97 @@ func (s *podToPodNoFrag) Run(ctx context.Context, t *check.Test) {
 
 	})
 }
+
+func PodToPodMissingIPCache(opts ...Option) check.Scenario {
+	options := &labelsOption{}
+	for _, opt := range opts {
+		opt(options)
+	}
+	return &podToPodMissingIPCache{
+		sourceLabels:      options.sourceLabels,
+		destinationLabels: options.destinationLabels,
+		method:            options.method,
+	}
+}
+
+type podToPodMissingIPCache struct {
+	sourceLabels      map[string]string
+	destinationLabels map[string]string
+	method            string
+}
+
+func (s *podToPodMissingIPCache) Name() string {
+	return "pod-to-pod-missing-ipcache"
+}
+
+func (s *podToPodMissingIPCache) Run(ctx context.Context, t *check.Test) {
+	var i int
+	ct := t.Context()
+
+	// Temporarily delete echo pods entries from ipcache
+	ipcacheGetPat := regexp.MustCompile(`identity=(\d+)\s+encryptkey=(\d+)\s+tunnelendpoint=([\d\.]+)`)
+	for _, echo := range ct.EchoPods() {
+		echoIP := echo.Address(features.IPFamilyV4)
+		for _, ciliumPod := range ct.CiliumPods() {
+			lookupCmd := []string{"cilium", "bpf", "ipcache", "get", echoIP}
+			output, err := ciliumPod.K8sClient.ExecInPod(ctx, ciliumPod.Pod.Namespace, ciliumPod.Pod.Name, defaults.AgentContainerName, lookupCmd)
+			if err != nil {
+				ct.Warnf(`failed to lookup IP cache entry: "%s", %v, "%s"`, lookupCmd, err, output.String())
+				continue
+			}
+			matches := ipcacheGetPat.FindStringSubmatch(output.String())
+			identity := matches[1]
+			encryptkey := matches[2]
+			tunnelendpoint := matches[3]
+
+			deleteCmd := []string{"cilium", "bpf", "ipcache", "delete", echoIP + "/32"}
+			if output, err = ciliumPod.K8sClient.ExecInPod(ctx, ciliumPod.Pod.Namespace, ciliumPod.Pod.Name, defaults.AgentContainerName, deleteCmd); err != nil {
+				ct.Warnf(`failed to delete IP cache entry: "%s", %v, "%s"`, deleteCmd, err, output.String())
+				continue
+			}
+
+			updateCmd := []string{"cilium", "bpf", "ipcache", "update", echoIP + "/32"}
+			updateCmd = append(updateCmd, "--tunnelendpoint", tunnelendpoint, "--identity", identity, "--encryptkey", encryptkey)
+			defer func(ciliumPod check.Pod, updateCmd []string) {
+				output, err := ciliumPod.K8sClient.ExecInPod(ctx, ciliumPod.Pod.Namespace, ciliumPod.Pod.Name, defaults.AgentContainerName, updateCmd)
+				if err != nil {
+					ct.Warnf(`failed to restore IP cache entry: "%s", %v, "%s"`, updateCmd, err, output.String())
+				}
+			}(ciliumPod, updateCmd)
+		}
+	}
+
+	for _, client := range ct.ClientPods() {
+		if !hasAllLabels(client, s.sourceLabels) {
+			continue
+		}
+		for _, echo := range ct.EchoPods() {
+			if !hasAllLabels(echo, s.destinationLabels) {
+				continue
+			}
+
+			// Skip if echo pod is on the same node as client
+			if echo.Pod.Spec.NodeName == client.Pod.Spec.NodeName {
+				continue
+			}
+
+			t.ForEachIPFamily(func(ipFam features.IPFamily) {
+				if ipFam == features.IPFamilyV6 {
+					// encryption-strict-mode-cidr only accepts an IPv4 CIDR
+					return
+				}
+				t.NewAction(s, fmt.Sprintf("curl-%s-%d", ipFam, i), &client, echo, ipFam).Run(func(a *check.Action) {
+					a.ExecInPod(ctx, ct.CurlCommand(echo, ipFam))
+
+					a.ValidateFlows(ctx, client, a.GetEgressRequirements(check.FlowParameters{}))
+					a.ValidateFlows(ctx, echo, a.GetIngressRequirements(check.FlowParameters{}))
+
+					a.ValidateMetrics(ctx, echo, a.GetIngressMetricsRequirements())
+					a.ValidateMetrics(ctx, echo, a.GetEgressMetricsRequirements())
+				})
+			})
+
+			i++
+		}
+	}
+}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/service.go b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/service.go
index ee516629e5..74ffa2fd8f 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/service.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/connectivity/tests/service.go
@@ -12,7 +12,6 @@ import (
 
 	"github.com/cilium/cilium/cilium-cli/connectivity/check"
 	"github.com/cilium/cilium/cilium-cli/utils/features"
-	"github.com/cilium/cilium/pkg/versioncheck"
 )
 
 // PodToService sends an HTTP request from all client Pods
@@ -228,13 +227,6 @@ func curlNodePort(ctx context.Context, s check.Scenario, t *check.Test,
 				}
 			}
 
-			//  Skip IPv6 requests when running on <1.14.0 Cilium with CNPs
-			if features.GetIPFamily(addr.Address) == features.IPFamilyV6 &&
-				versioncheck.MustCompile("<1.14.0")(t.Context().CiliumVersion) &&
-				(len(t.CiliumNetworkPolicies()) > 0 || len(t.KubernetesNetworkPolicies()) > 0) {
-				continue
-			}
-
 			// Manually construct an HTTP endpoint to override the destination IP
 			// and port of the request.
 			ep := check.HTTPEndpoint(name, fmt.Sprintf("%s://%s:%d%s", svc.Scheme(), addr.Address, np, svc.Path()))
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/defaults/defaults.go b/vendor/github.com/cilium/cilium/cilium-cli/defaults/defaults.go
index c596c70eb4..4248db619e 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/defaults/defaults.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/defaults/defaults.go
@@ -76,6 +76,8 @@ const (
 	ConnectivityTestConnDisruptImage = "quay.io/cilium/test-connection-disruption:v0.0.14@sha256:c3fd56e326ae16f6cb63dbb2e26b4e47ec07a123040623e11399a7fe1196baa0"
 	// renovate: datasource=docker
 	ConnectivityTestFRRImage = "quay.io/frrouting/frr:10.1.1@sha256:7c7901eb5611f12634395c949e59663e154b37cf006f32c7f4c8650884cdc0b1"
+	// renovate: datasource=docker
+	ConnectivityTestSocatImage = "docker.io/alpine/socat:1.8.0.0@sha256:a6be4c0262b339c53ddad723cdd178a1a13271e1137c65e27f90a08c16de02b8"
 
 	ConfigMapName = "cilium-config"
 
@@ -87,7 +89,7 @@ const (
 	FlowWaitTimeout   = 10 * time.Second
 	FlowRetryInterval = 500 * time.Millisecond
 
-	PolicyWaitTimeout = 15 * time.Second
+	PolicyWaitTimeout = 30 * time.Second
 
 	ConnectRetry      = 3
 	ConnectRetryDelay = 3 * time.Second
@@ -158,6 +160,7 @@ var (
 		"Host datapath not ready",
 		"Unknown ICMPv4 code",
 		"Forbidden ICMPv6 message",
+		"No egress gateway found",
 	}
 
 	ExpectedXFRMErrors = []string{
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/hubble/hubble.go b/vendor/github.com/cilium/cilium/cilium-cli/hubble/hubble.go
index 911b0f688a..6b5cd93e7e 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/hubble/hubble.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/hubble/hubble.go
@@ -9,18 +9,12 @@ import (
 	"io"
 
 	"helm.sh/helm/v3/pkg/cli/values"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/cilium/cilium/cilium-cli/defaults"
 	"github.com/cilium/cilium/cilium-cli/internal/helm"
 	"github.com/cilium/cilium/cilium-cli/k8s"
 )
 
-type k8sHubbleImplementation interface {
-	GetService(ctx context.Context, namespace, name string, opts metav1.GetOptions) (*corev1.Service, error)
-}
-
 type Parameters struct {
 	Namespace     string
 	Relay         bool
@@ -28,7 +22,6 @@ type Parameters struct {
 	UI            bool
 	UIPortForward int
 	Writer        io.Writer
-	Context       string // Only for 'kubectl' pass-through commands
 
 	// UIOpenBrowser will automatically open browser if true
 	UIOpenBrowser bool
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/hubble/relay.go b/vendor/github.com/cilium/cilium/cilium-cli/hubble/relay.go
index 137716f04d..0de0af2edf 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/hubble/relay.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/hubble/relay.go
@@ -7,28 +7,16 @@ import (
 	"context"
 	"fmt"
 
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-	"github.com/cilium/cilium/cilium-cli/internal/utils"
+	"github.com/cilium/cilium/cilium-cli/k8s"
 )
 
-func (p *Parameters) RelayPortForwardCommand(ctx context.Context, client k8sHubbleImplementation) error {
-	relaySvc, err := client.GetService(ctx, p.Namespace, "hubble-relay", metav1.GetOptions{})
+func (p *Parameters) RelayPortForwardCommand(ctx context.Context, k8sClient *k8s.Client) error {
+	// default to first port configured on the service when svcPort is set to 0
+	res, err := k8sClient.PortForwardService(ctx, p.Namespace, "hubble-relay", int32(p.PortForward), 0)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to port forward: %w", err)
 	}
-
-	args := []string{
-		"port-forward",
-		"-n", p.Namespace,
-		"svc/hubble-relay",
-		"--address", "127.0.0.1",
-		fmt.Sprintf("%d:%d", p.PortForward, relaySvc.Spec.Ports[0].Port)}
-
-	if p.Context != "" {
-		args = append([]string{"--context", p.Context}, args...)
-	}
-
-	_, err = utils.Exec(p, "kubectl", args...)
-	return err
+	p.Log("ℹ️  Hubble Relay is available at 127.0.0.1:%d", res.ForwardedPort.Local)
+	<-ctx.Done()
+	return nil
 }
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/hubble/ui.go b/vendor/github.com/cilium/cilium/cilium-cli/hubble/ui.go
index 3556d43eff..41b8133e2f 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/hubble/ui.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/hubble/ui.go
@@ -4,42 +4,33 @@
 package hubble
 
 import (
+	"context"
 	"fmt"
 	"io"
-	"time"
 
 	"github.com/pkg/browser"
 
-	"github.com/cilium/cilium/cilium-cli/internal/utils"
+	"github.com/cilium/cilium/cilium-cli/k8s"
 )
 
-func (p *Parameters) UIPortForwardCommand() error {
-	args := []string{
-		"port-forward",
-		"-n", p.Namespace,
-		"svc/hubble-ui",
-		"--address", "127.0.0.1",
-		fmt.Sprintf("%d:80", p.UIPortForward)}
-
-	if p.Context != "" {
-		args = append([]string{"--context", p.Context}, args...)
+func (p *Parameters) UIPortForwardCommand(ctx context.Context, k8sClient *k8s.Client) error {
+	// default to first port configured on the service when svcPort is set to 0
+	res, err := k8sClient.PortForwardService(ctx, p.Namespace, "hubble-ui", int32(p.UIPortForward), 0)
+	if err != nil {
+		return fmt.Errorf("failed to port forward: %w", err)
 	}
 
-	go func() {
-		time.Sleep(5 * time.Second)
-		url := fmt.Sprintf("http://localhost:%d", p.UIPortForward)
-
-		if p.UIOpenBrowser {
-			// avoid cluttering stdout/stderr when opening the browser
-			browser.Stdout = io.Discard
-			browser.Stderr = io.Discard
-			p.Log("ℹ️  Opening %q in your browser...", url)
-			browser.OpenURL(url)
-		} else {
-			p.Log("ℹ️  Hubble UI is available at %q", url)
-		}
-	}()
+	url := fmt.Sprintf("http://localhost:%d", res.ForwardedPort.Local)
+	if p.UIOpenBrowser {
+		// avoid cluttering stdout/stderr when opening the browser
+		browser.Stdout = io.Discard
+		browser.Stderr = io.Discard
+		p.Log("ℹ️  Opening %q in your browser...", url)
+		browser.OpenURL(url)
+	} else {
+		p.Log("ℹ️  Hubble UI is available at %q", url)
+	}
 
-	_, err := utils.Exec(p, "kubectl", args...)
-	return err
+	<-ctx.Done()
+	return nil
 }
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/k8s/client.go b/vendor/github.com/cilium/cilium/cilium-cli/k8s/client.go
index abc9604bed..c44296e3c8 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/k8s/client.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/k8s/client.go
@@ -23,6 +23,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
+	discoveryv1 "k8s.io/api/discovery/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -39,7 +40,7 @@ import (
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/scheme"
-	_ "k8s.io/client-go/plugin/pkg/client/auth" // Register all auth providers (azure, gcp, oidc, openstack, ..).
+	_ "k8s.io/client-go/plugin/pkg/client/auth" // Register all auth providers (azure, gcp, oidc, openstack, ..）
 	"k8s.io/client-go/rest"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/transport/spdy"
@@ -53,6 +54,12 @@ import (
 	"github.com/cilium/cilium/pkg/versioncheck"
 )
 
+func init() {
+	// Register the Cilium types in the default scheme.
+	_ = ciliumv2.AddToScheme(scheme.Scheme)
+	_ = ciliumv2alpha1.AddToScheme(scheme.Scheme)
+}
+
 type Client struct {
 	Clientset          kubernetes.Interface
 	ExtensionClientset apiextensionsclientset.Interface // k8s api extension needed to retrieve CRDs
@@ -66,10 +73,6 @@ type Client struct {
 }
 
 func NewClient(contextName, kubeconfig, ciliumNamespace string) (*Client, error) {
-	// Register the Cilium types in the default scheme.
-	_ = ciliumv2.AddToScheme(scheme.Scheme)
-	_ = ciliumv2alpha1.AddToScheme(scheme.Scheme)
-
 	restClientGetter := genericclioptions.ConfigFlags{
 		Context:    &contextName,
 		KubeConfig: &kubeconfig,
@@ -311,11 +314,12 @@ func (c *Client) PodLogs(namespace, name string, opts *corev1.PodLogOptions) *re
 	return c.Clientset.CoreV1().Pods(namespace).GetLogs(name, opts)
 }
 
-func (c *Client) CiliumLogs(ctx context.Context, namespace, pod string, since time.Time) (string, error) {
+func (c *Client) CiliumLogs(ctx context.Context, namespace, pod string, since time.Time, previous bool) (string, error) {
 	opts := &corev1.PodLogOptions{
 		Container:  defaults.AgentContainerName,
 		Timestamps: true,
 		SinceTime:  &metav1.Time{Time: since},
+		Previous:   previous,
 	}
 	req := c.PodLogs(namespace, pod, opts)
 	podLogs, err := req.Stream(ctx)
@@ -353,8 +357,9 @@ func (c *Client) ExecInPod(ctx context.Context, namespace, pod, container string
 		Container: container,
 		Command:   command,
 	})
+
 	if err != nil {
-		return result.Stdout, err
+		return result.Stdout, fmt.Errorf("%w: %q", err, result.Stderr.String())
 	}
 
 	if errString := result.Stderr.String(); errString != "" {
@@ -899,6 +904,10 @@ func (c *Client) ListEndpoints(ctx context.Context, o metav1.ListOptions) (*core
 	return c.Clientset.CoreV1().Endpoints(corev1.NamespaceAll).List(ctx, o)
 }
 
+func (c *Client) ListEndpointSlices(ctx context.Context, o metav1.ListOptions) (*discoveryv1.EndpointSliceList, error) {
+	return c.Clientset.DiscoveryV1().EndpointSlices(corev1.NamespaceAll).List(ctx, o)
+}
+
 func (c *Client) ListIngressClasses(ctx context.Context, o metav1.ListOptions) (*networkingv1.IngressClassList, error) {
 	return c.Clientset.NetworkingV1().IngressClasses().List(ctx, o)
 }
@@ -1094,3 +1103,64 @@ func (c *Client) CreateEphemeralContainer(ctx context.Context, pod *corev1.Pod,
 		ctx, pod.Name, types.StrategicMergePatchType, patch, metav1.PatchOptions{}, "ephemeralcontainers",
 	)
 }
+
+type Object interface {
+	metav1.Object
+	runtime.Object
+}
+
+// ApplyGeneric uses server-side apply to merge changes to an arbitrary object.
+// Returns the applied object.
+func (c *Client) ApplyGeneric(ctx context.Context, obj Object) (*unstructured.Unstructured, error) {
+	gvk, resource, err := c.Describe(obj)
+	if err != nil {
+		return nil, fmt.Errorf("could not get Kubernetes API information for %s/%s: %w", obj.GetNamespace(), obj.GetName(), err)
+	}
+
+	// Now, convert the object to an Unstructured
+	u, ok := obj.(*unstructured.Unstructured)
+	if !ok {
+		b, err := json.Marshal(obj)
+		if err != nil {
+			return nil, fmt.Errorf("failed to convert to unstructured (marshal): %w", err)
+		}
+		u = &unstructured.Unstructured{}
+		if err := json.Unmarshal(b, u); err != nil {
+			return nil, fmt.Errorf("failed to convert to unstructured (unmarshal): %w", err)
+		}
+	}
+
+	// Dragons: If we're passed a non-Unstructured object (e.g. v1.ConfigMap), it won't have
+	// the GVK set necessarily. So, use the retrieved GVK from the schema and add it.
+	// This is a no-op for Unstructured objects.
+	// TODO: use a proper codec + serializer
+	u.GetObjectKind().SetGroupVersionKind(gvk)
+
+	// clear ManagedFields; it is not allowed to specify them in a Patch
+	u.SetManagedFields(nil)
+
+	dynamicClient := c.DynamicClientset.Resource(resource).Namespace(obj.GetNamespace())
+	return dynamicClient.Apply(ctx, obj.GetName(), u, metav1.ApplyOptions{Force: true, FieldManager: "cilium-cli"})
+}
+
+func (c *Client) GetGeneric(ctx context.Context, namespace, name string, obj Object) (*unstructured.Unstructured, error) {
+	_, resource, err := c.Describe(obj)
+	if err != nil {
+		return nil, fmt.Errorf("could not get Kubernetes API information for %s/%s: %w", obj.GetNamespace(), obj.GetName(), err)
+	}
+
+	dynamicClient := c.DynamicClientset.Resource(resource).Namespace(namespace)
+
+	return dynamicClient.Get(ctx, name, metav1.GetOptions{})
+}
+
+func (c *Client) DeleteGeneric(ctx context.Context, obj Object) error {
+	_, resource, err := c.Describe(obj)
+	if err != nil {
+		return fmt.Errorf("could not get Kubernetes API information for %s/%s: %w", obj.GetNamespace(), obj.GetName(), err)
+	}
+
+	dynamicClient := c.DynamicClientset.Resource(resource).Namespace(obj.GetNamespace())
+
+	return dynamicClient.Delete(ctx, obj.GetName(), metav1.DeleteOptions{})
+}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/k8s/dialer.go b/vendor/github.com/cilium/cilium/cilium-cli/k8s/dialer.go
index c1b0325cec..c85f85d4f8 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/k8s/dialer.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/k8s/dialer.go
@@ -5,99 +5,21 @@ package k8s
 
 import (
 	"context"
-	"io"
-	"net/http"
-	"strings"
 
-	"k8s.io/client-go/tools/portforward"
-	"k8s.io/client-go/transport/spdy"
+	"github.com/cilium/cilium/pkg/k8s"
 )
 
-// ForwardedPort holds the remote and local mapped port.
-type ForwardedPort struct {
-	Local  uint16
-	Remote uint16
-}
-
-// PortForwardParameters are the needed parameters to call PortForward.
-// Ports value follow the kubectl syntax: <local-port>:<remote-port>
-// 5000 means 5000:5000 listening on 5000 port locally, forwarding to 5000 in the pod
-// 8888:5000 means listening on 8888 port locally, forwarding to 5000 in the pod
-// 0:5000 means listening on a random port locally, forwarding to 5000 in the pod
-// :5000 means listening on a random port locally, forwarding to 5000 in the pod
-type PortForwardParameters struct {
-	Namespace  string
-	Pod        string
-	Ports      []string
-	Addresses  []string
-	OutWriters OutWriters
-}
-
-// OutWriters holds the two io.Writer needed for the port forward
-// one for the output and for the errors.
-type OutWriters struct {
-	Out    io.Writer
-	ErrOut io.Writer
-}
-
-// PortForwardResult are the ports that have been forwarded.
-type PortForwardResult struct {
-	ForwardedPorts []ForwardedPort
-}
-
 // PortForward executes in a goroutine a port forward command.
 // To stop the port-forwarding, use the context by cancelling it
-func (c *Client) PortForward(ctx context.Context, p PortForwardParameters) (*PortForwardResult, error) {
-	req := c.Clientset.CoreV1().RESTClient().Post().Namespace(p.Namespace).
-		Resource("pods").Name(p.Pod).SubResource(strings.ToLower("PortForward"))
-
-	roundTripper, upgrader, err := spdy.RoundTripperFor(c.Config)
-	if err != nil {
-		return nil, err
-	}
-
-	dialer := spdy.NewDialer(upgrader, &http.Client{Transport: roundTripper}, http.MethodPost, req.URL())
-	stopChan, readyChan := make(chan struct{}, 1), make(chan struct{}, 1)
-	if len(p.Addresses) == 0 {
-		p.Addresses = []string{"localhost"}
-	}
-
-	pw, err := portforward.NewOnAddresses(dialer, p.Addresses, p.Ports, stopChan, readyChan, p.OutWriters.Out, p.OutWriters.ErrOut)
-	if err != nil {
-		return nil, err
-	}
-
-	errChan := make(chan error, 1)
-	go func() {
-		if err := pw.ForwardPorts(); err != nil {
-			errChan <- err
-		}
-	}()
-
-	go func() {
-		<-ctx.Done()
-		close(stopChan)
-	}()
-
-	select {
-	case <-pw.Ready:
-	case <-ctx.Done():
-		return nil, ctx.Err()
-	case err := <-errChan:
-		return nil, err
-	}
-
-	ports, err := pw.GetPorts()
-	if err != nil {
-		return nil, err
-	}
-
-	forwardedPorts := make([]ForwardedPort, 0, len(ports))
-	for _, port := range ports {
-		forwardedPorts = append(forwardedPorts, ForwardedPort{port.Local, port.Remote})
-	}
+func (c *Client) PortForward(ctx context.Context, p k8s.PortForwardParameters) (*k8s.PortForwardResult, error) {
+	return k8s.NewPortForwarder(c.Clientset, c.Config).PortForward(ctx, p)
+}
 
-	return &PortForwardResult{
-		ForwardedPorts: forwardedPorts,
-	}, nil
+// PortForwardService executes in a goroutine a port forward command towards one of the pod behind a
+// service. If `localPort` is 0, a random port is selected. If `svcPort` is 0, uses the first port
+// configured on the service.
+//
+// To stop the port-forwarding, use the context by cancelling it.
+func (c *Client) PortForwardService(ctx context.Context, namespace, name string, localPort, svcPort int32) (*k8s.PortForwardServiceResult, error) {
+	return k8s.NewPortForwarder(c.Clientset, c.Config).PortForwardService(ctx, namespace, name, localPort, svcPort)
 }
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/k8s/helpers.go b/vendor/github.com/cilium/cilium/cilium-cli/k8s/helpers.go
index 1c3af9b0d0..c6782cc31c 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/k8s/helpers.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/k8s/helpers.go
@@ -4,10 +4,15 @@
 package k8s
 
 import (
+	"fmt"
+
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/kubernetes/scheme"
 )
 
 func NewServiceAccount(name string) *corev1.ServiceAccount {
@@ -72,3 +77,27 @@ func NewTLSSecret(name, namespace string, data map[string][]byte) *corev1.Secret
 		Type: corev1.SecretTypeTLS,
 	}
 }
+
+// Describe returns the Kubernetes type and resource information for an object
+func (c *Client) Describe(obj runtime.Object) (gvk schema.GroupVersionKind, resource schema.GroupVersionResource, err error) {
+	// first, determine the GroupVersionKind and Resource for the given object
+	gvks, _, _ := scheme.Scheme.ObjectKinds(obj)
+	if len(gvks) != 1 {
+		err = fmt.Errorf("Could not get GroupVersionKind")
+		return
+	}
+
+	gvk = gvks[0]
+
+	// Convert the GroupVersionKind in to a Resource
+	restMapper, err := c.RESTClientGetter.ToRESTMapper()
+	if err != nil {
+		return
+	}
+	rm, err := restMapper.RESTMapping(gvk.GroupKind(), gvk.Version)
+	if err != nil {
+		return
+	}
+	resource = rm.Resource
+	return
+}
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/multicast/multicast.go b/vendor/github.com/cilium/cilium/cilium-cli/multicast/multicast.go
index f5c30dfc12..afc01645a4 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/multicast/multicast.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/multicast/multicast.go
@@ -18,6 +18,8 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/cilium/ebpf"
+
 	"github.com/cilium/cilium/cilium-cli/defaults"
 	"github.com/cilium/cilium/cilium-cli/k8s"
 	v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
@@ -29,15 +31,13 @@ import (
 // in cilium/cilium repository.
 
 const (
-	padding         = 3
-	minWidth        = 5
-	paddingChar     = ' '
-	alreadyExistMsg = "already exists"
-	notExistMsg     = "does not exist"
+	padding     = 3
+	minWidth    = 5
+	paddingChar = ' '
 )
 
 var (
-	errMissingGroup = errors.New(notExistMsg)
+	errMissingGroup = ebpf.ErrKeyNotExist
 )
 
 type Multicast struct {
@@ -236,7 +236,7 @@ func (m *Multicast) getGroupForSubscriberList(ctx context.Context, pod corev1.Po
 	cmd := []string{"cilium-dbg", "bpf", "multicast", "subscriber", "list", target, "-o", "json"}
 	outputByte, stdErr, err := m.client.ExecInPodWithStderr(ctx, pod.Namespace, pod.Name, defaults.AgentContainerName, cmd)
 	if err != nil {
-		if strings.Contains(stdErr.String(), notExistMsg) {
+		if strings.Contains(stdErr.String(), ebpf.ErrKeyNotExist.Error()) {
 			fmt.Fprintf(m.params.Writer, "Multicast group %s does not exist in %s\n", target, pod.Spec.NodeName)
 			return nil, errMissingGroup
 		}
@@ -465,7 +465,7 @@ func (m *Multicast) AddAllNodes() error {
 			cmd := []string{"cilium-dbg", "bpf", "multicast", "subscriber", "list", m.params.MulticastGroupIP}
 			_, stdErr, err := m.client.ExecInPodWithStderr(ctx, pod.Namespace, pod.Name, defaults.AgentContainerName, cmd)
 			if err != nil {
-				if !strings.Contains(stdErr.String(), notExistMsg) {
+				if !strings.Contains(stdErr.String(), ebpf.ErrKeyNotExist.Error()) {
 					errMsg := fmt.Sprintf("Error: %v, Stderr: %s", err, stdErr.String())
 					errCh <- errors.New(errMsg)
 					fmt.Fprintf(m.params.Writer, "Fatal error occurred while checking multicast group %s in %s\n", m.params.MulticastGroupIP, pod.Spec.NodeName)
@@ -492,7 +492,7 @@ func (m *Multicast) AddAllNodes() error {
 					if err == nil {
 						cnt++
 						nodeLists = append(nodeLists, ipToNodeMap[ip])
-					} else if !strings.Contains(stdErr.String(), alreadyExistMsg) {
+					} else if !strings.Contains(stdErr.String(), ebpf.ErrKeyExist.Error()) {
 						errMsg := fmt.Sprintf("Error: %v, Stderr: %s", err, stdErr.String())
 						errCh <- errors.New(errMsg)
 						fmt.Fprintf(m.params.Writer, "Unable to add node %s to multicast group %s in %s by fatal error\n", ip.IP, m.params.MulticastGroupIP, pod.Spec.NodeName)
@@ -558,7 +558,7 @@ func (m *Multicast) DelAllNodes() error {
 			cmd := []string{"cilium-dbg", "bpf", "multicast", "group", "delete", m.params.MulticastGroupIP}
 			_, stdErr, err := m.client.ExecInPodWithStderr(ctx, pod.Namespace, pod.Name, defaults.AgentContainerName, cmd)
 			if err != nil {
-				if !strings.Contains(stdErr.String(), notExistMsg) {
+				if !strings.Contains(stdErr.String(), ebpf.ErrKeyNotExist.Error()) {
 					errMsg := fmt.Sprintf("Error: %v, Stderr: %s", err, stdErr.String())
 					errCh <- errors.New(errMsg)
 					fmt.Fprintf(m.params.Writer, "Unable to delete multicast group %s in %s by fatal error\n", m.params.MulticastGroupIP, pod.Spec.NodeName)
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/status/k8s.go b/vendor/github.com/cilium/cilium/cilium-cli/status/k8s.go
index 31a4fbf300..e1de33cdcf 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/status/k8s.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/status/k8s.go
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -25,6 +26,7 @@ import (
 	"github.com/cilium/cilium/api/v1/models"
 	"github.com/cilium/cilium/cilium-cli/defaults"
 	"github.com/cilium/cilium/cilium-cli/k8s"
+	"github.com/cilium/cilium/pkg/annotation"
 	ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
 )
 
@@ -69,11 +71,12 @@ type k8sImplementation interface {
 	CiliumStatus(ctx context.Context, namespace, pod string) (*models.StatusResponse, error)
 	KVStoreMeshStatus(ctx context.Context, namespace, pod string) ([]*models.RemoteCluster, error)
 	CiliumDbgEndpoints(ctx context.Context, namespace, pod string) ([]*models.Endpoint, error)
+	GetConfigMap(ctx context.Context, namespace, name string, opts metav1.GetOptions) (*corev1.ConfigMap, error)
 	GetDaemonSet(ctx context.Context, namespace, name string, options metav1.GetOptions) (*appsv1.DaemonSet, error)
 	GetDeployment(ctx context.Context, namespace, name string, options metav1.GetOptions) (*appsv1.Deployment, error)
 	ListPods(ctx context.Context, namespace string, options metav1.ListOptions) (*corev1.PodList, error)
 	ListCiliumEndpoints(ctx context.Context, namespace string, options metav1.ListOptions) (*ciliumv2.CiliumEndpointList, error)
-	CiliumLogs(ctx context.Context, namespace, pod string, since time.Time) (string, error)
+	CiliumLogs(ctx context.Context, namespace, pod string, since time.Time, previous bool) (string, error)
 }
 
 func NewK8sStatusCollector(client k8sImplementation, params K8sStatusParameters) (*K8sStatusCollector, error) {
@@ -308,6 +311,20 @@ func (k *K8sStatusCollector) podStatus(ctx context.Context, status *Status, name
 	return nil
 }
 
+func (k *K8sStatusCollector) ciliumConfigAnnotations(ctx context.Context, status *Status) error {
+	cm, err := k.client.GetConfigMap(ctx, k.params.Namespace, defaults.ConfigMapName, metav1.GetOptions{})
+	if err != nil {
+		return fmt.Errorf("unable to retrieve ConfigMap %q: %w", defaults.ConfigMapName, err)
+	}
+	for k, v := range cm.Annotations {
+		if strings.HasPrefix(k, annotation.ConfigPrefix) {
+			status.ConfigErrors = append(status.ConfigErrors, v)
+		}
+	}
+	sort.Strings(status.ConfigErrors)
+	return nil
+}
+
 func (s K8sStatusParameters) waitTimeout() time.Duration {
 	if s.WaitDuration != time.Duration(0) {
 		return s.WaitDuration
@@ -350,11 +367,14 @@ func (k *K8sStatusCollector) Status(ctx context.Context) (*Status, error) {
 	for {
 		select {
 		case <-ctx.Done():
+			if errors.Is(ctx.Err(), context.Canceled) {
+				return mostRecentStatus, fmt.Errorf("wait canceled, cilium agent container has crashed or was terminated: %w", ctx.Err())
+			}
 			return mostRecentStatus, fmt.Errorf("timeout while waiting for status to become successful: %w", ctx.Err())
 		default:
 		}
 
-		s := k.status(ctx)
+		s := k.status(ctx, cancel)
 		// We collect the most recent status that even if the last status call
 		// fails, we can still display the most recent status
 		if s != nil {
@@ -399,7 +419,7 @@ type statusTask struct {
 	task func(_ context.Context) error
 }
 
-func (k *K8sStatusCollector) status(ctx context.Context) *Status {
+func (k *K8sStatusCollector) status(ctx context.Context, cancel context.CancelFunc) *Status {
 	status := newStatus()
 	tasks := []statusTask{
 		{
@@ -565,6 +585,18 @@ func (k *K8sStatusCollector) status(ctx context.Context) *Status {
 				return nil
 			},
 		},
+		{
+			name: defaults.ConfigMapName,
+			task: func(_ context.Context) error {
+				err := k.ciliumConfigAnnotations(ctx, status)
+				if err != nil {
+					status.mutex.Lock()
+					defer status.mutex.Unlock()
+					status.CollectionError(err)
+				}
+				return nil
+			},
+		},
 	}
 
 	tasks = append(tasks, statusTask{
@@ -601,6 +633,7 @@ func (k *K8sStatusCollector) status(ctx context.Context) *Status {
 					var s *models.StatusResponse
 					var eps []*models.Endpoint
 					var err, epserr error
+					var isTerminated bool
 
 					if containerStatus != nil && containerStatus.State.Running != nil {
 						// if container is running, execute "cilium status" in the container and parse the result
@@ -616,6 +649,7 @@ func (k *K8sStatusCollector) status(ctx context.Context) *Status {
 						if containerStatus != nil {
 							if containerStatus.State.Waiting != nil && containerStatus.State.Waiting.Reason == "CrashLoopBackOff" {
 								desc = "is in CrashLoopBackOff"
+								isTerminated = true
 							}
 							if containerStatus.LastTerminationState.Terminated != nil {
 								terminated := containerStatus.LastTerminationState.Terminated
@@ -625,20 +659,27 @@ func (k *K8sStatusCollector) status(ctx context.Context) *Status {
 								// either from container message or a separate logs request
 								dyingGasp := ""
 								if terminated.Message != "" {
-									dyingGasp = strings.TrimSpace(terminated.Message)
+									lastLog = strings.TrimSpace(terminated.Message)
 								} else {
 									agentLogsOnce.Do(func() { // in a sync.Once so we don't waste time retrieving lots of logs
-										logs, err := k.client.CiliumLogs(ctx, pod.Namespace, pod.Name, terminated.FinishedAt.Time.Add(-2*time.Minute))
+										var getPrevious bool
+										if containerStatus.RestartCount > 0 {
+											getPrevious = true
+										}
+										logs, err := k.client.CiliumLogs(ctx, pod.Namespace, pod.Name, terminated.FinishedAt.Time.Add(-2*time.Minute), getPrevious)
 										if err == nil && logs != "" {
 											dyingGasp = strings.TrimSpace(logs)
 										}
 									})
 								}
 
-								// Only output the last line
+								// output the last few log lines if available
 								if dyingGasp != "" {
 									lines := strings.Split(dyingGasp, "\n")
-									lastLog = lines[len(lines)-1]
+									lastLog = ""
+									for i := 0; i < min(len(lines), 50); i++ {
+										lastLog += fmt.Sprintf("\n%s", lines[i])
+									}
 								}
 							}
 						}
@@ -653,6 +694,11 @@ func (k *K8sStatusCollector) status(ctx context.Context) *Status {
 					status.CiliumStatus[pod.Name] = s
 					status.CiliumEndpoints[pod.Name] = eps
 
+					// avoid repeating the status check if the container is in a terminal state
+					if isTerminated {
+						cancel()
+					}
+
 					return nil
 				},
 			})
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/status/status.go b/vendor/github.com/cilium/cilium/cilium-cli/status/status.go
index 9ef337bd27..685c3dd5a1 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/status/status.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/status/status.go
@@ -140,6 +140,8 @@ type Status struct {
 	// For Helm mode only.
 	HelmChartVersion string `json:"helm_chart_version,omitempty"`
 
+	ConfigErrors []string `json:"config_errors,omitempty"`
+
 	mutex *lock.Mutex
 }
 
@@ -433,6 +435,14 @@ func (s *Status) Format() string {
 		}
 	}
 
+	header = "Configuration:"
+	for _, msg := range s.ConfigErrors {
+		for _, line := range strings.Split(msg, "\n") {
+			fmt.Fprintf(w, "%s\t \t%s\n", header, line)
+			header = ""
+		}
+	}
+
 	w.Flush()
 
 	return buf.String()
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/sysdump/client.go b/vendor/github.com/cilium/cilium/cilium-cli/sysdump/client.go
index b2eb592e0e..be7f8459f7 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/sysdump/client.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/sysdump/client.go
@@ -12,6 +12,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
+	discoveryv1 "k8s.io/api/discovery/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -71,6 +72,7 @@ type KubernetesClient interface {
 	ListDaemonSet(ctx context.Context, namespace string, o metav1.ListOptions) (*appsv1.DaemonSetList, error)
 	ListEvents(ctx context.Context, o metav1.ListOptions) (*corev1.EventList, error)
 	ListEndpoints(ctx context.Context, o metav1.ListOptions) (*corev1.EndpointsList, error)
+	ListEndpointSlices(ctx context.Context, o metav1.ListOptions) (*discoveryv1.EndpointSliceList, error)
 	ListIngressClasses(ctx context.Context, o metav1.ListOptions) (*networkingv1.IngressClassList, error)
 	ListIngresses(ctx context.Context, o metav1.ListOptions) (*networkingv1.IngressList, error)
 	ListNamespaces(ctx context.Context, o metav1.ListOptions) (*corev1.NamespaceList, error)
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/sysdump/constants.go b/vendor/github.com/cilium/cilium/cilium-cli/sysdump/constants.go
index fa537e40d5..5da479d40e 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/sysdump/constants.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/sysdump/constants.go
@@ -97,6 +97,7 @@ const (
 	hubbleGenerateCertsCronJobFileName       = "hubble-generate-certs-cronjob-<ts>.yaml"
 	hubbleCertificatesFileName               = "hubble-certificates-<ts>.yaml"
 	kubernetesEndpointsFileName              = "k8s-endpoints-<ts>.yaml"
+	kubernetesEndpointSlicesFileName         = "k8s-endpointslices-<ts>.yaml"
 	kubernetesEventsFileName                 = "k8s-events-<ts>.yaml"
 	kubernetesEventsTableFileName            = "k8s-events-<ts>.html"
 	kubernetesLeasesFileName                 = "k8s-leases-<ts>.yaml"
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/sysdump/sysdump.go b/vendor/github.com/cilium/cilium/cilium-cli/sysdump/sysdump.go
index 4e45333a91..408f0a70d2 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/sysdump/sysdump.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/sysdump/sysdump.go
@@ -163,6 +163,8 @@ type Collector struct {
 	NodeList []string
 	// CiliumPods is a list of Cilium agent pods running on nodes in NodeList.
 	CiliumPods []*corev1.Pod
+	// CiliumOperatorPods is the list of Cilium operator pods.
+	CiliumOperatorPods []*corev1.Pod
 	// CiliumConfigMap is a pointer to cilium-config ConfigMap.
 	CiliumConfigMap *corev1.ConfigMap
 	// additionalTasks keeps track of additional tasks added via AddTasks.
@@ -298,6 +300,16 @@ func NewCollector(
 		}
 	}
 
+	if c.Options.CiliumOperatorNamespace != "" {
+		pods, err := c.Client.ListPods(context.Background(), c.Options.CiliumOperatorNamespace, metav1.ListOptions{
+			LabelSelector: c.Options.CiliumOperatorLabelSelector,
+		})
+		if err != nil {
+			return nil, fmt.Errorf("failed to get Cilium operator pods: %w", err)
+		}
+		c.CiliumOperatorPods = AllPods(pods)
+	}
+
 	if err := hooks.AddSysdumpTasks(c); err != nil {
 		return nil, fmt.Errorf("failed to add custom sysdump tasks: %w", err)
 	}
@@ -519,6 +531,20 @@ func (c *Collector) Run() error {
 				return nil
 			},
 		},
+		{
+			Description: "Collecting Kubernetes endpointslices",
+			Quick:       true,
+			Task: func(ctx context.Context) error {
+				v, err := c.Client.ListEndpointSlices(ctx, metav1.ListOptions{})
+				if err != nil {
+					return fmt.Errorf("failed to collect Kubernetes endpointslices: %w", err)
+				}
+				if err := c.WriteYAML(kubernetesEndpointSlicesFileName, v); err != nil {
+					return fmt.Errorf("failed to collect Kubernetes endpointslices: %w", err)
+				}
+				return nil
+			},
+		},
 		{
 			Description: "Collecting Kubernetes leases",
 			Quick:       true,
@@ -1002,12 +1028,8 @@ func (c *Collector) Run() error {
 			CreatesSubtasks: true,
 			Description:     "Collecting the Cilium operator metrics",
 			Quick:           false,
-			Task: func(ctx context.Context) error {
-				pods, err := c.Client.ListPods(ctx, c.Options.CiliumOperatorNamespace, metav1.ListOptions{LabelSelector: defaults.OperatorPodSelector})
-				if err != nil {
-					return fmt.Errorf("failed to get the Cilium operator pods: %w", err)
-				}
-				err = c.SubmitMetricsSubtask(pods, defaults.OperatorContainerName, defaults.OperatorMetricsPortName)
+			Task: func(_ context.Context) error {
+				err := c.SubmitMetricsSubtask(c.CiliumOperatorPods, defaults.OperatorContainerName, defaults.OperatorMetricsPortName)
 				if err != nil {
 					return fmt.Errorf("failed to collect the Cilium operator metrics: %w", err)
 				}
@@ -1020,11 +1042,13 @@ func (c *Collector) Run() error {
 			Quick:           false,
 			Task: func(ctx context.Context) error {
 				// clustermesh-apiserver runs in the same namespace as operator
-				pods, err := c.Client.ListPods(ctx, c.Options.CiliumOperatorNamespace, metav1.ListOptions{LabelSelector: defaults.ClusterMeshPodSelector})
+				p, err := c.Client.ListPods(ctx, c.Options.CiliumOperatorNamespace, metav1.ListOptions{LabelSelector: defaults.ClusterMeshPodSelector})
 				if err != nil {
 					return fmt.Errorf("failed to get the Cilium clustermesh pods: %w", err)
 				}
 
+				pods := AllPods(p)
+
 				err = c.submitClusterMeshAPIServerDbgTasks(pods)
 				if err != nil {
 					return fmt.Errorf("failed to collect the Cilium clustermesh debug information: %w", err)
@@ -1047,13 +1071,13 @@ func (c *Collector) Run() error {
 					defaults.ClusterMeshContainerName:            ciliumdef.GopsPortApiserver,
 					defaults.ClusterMeshKVStoreMeshContainerName: ciliumdef.GopsPortKVStoreMesh,
 				} {
-					err = c.SubmitGopsSubtasks(AllPods(pods), container)
+					err = c.SubmitGopsSubtasks(pods, container)
 					if err != nil {
 						return fmt.Errorf("failed to collect the Cilium clustermesh gops stats: %w", err)
 					}
 
 					if c.Options.Profiling {
-						err = c.SubmitStreamProfilingGopsSubtasks(AllPods(pods), container, port)
+						err = c.SubmitStreamProfilingGopsSubtasks(pods, container, port)
 						if err != nil {
 							return fmt.Errorf("failed to collect the Cilium clustermesh profiles: %w", err)
 						}
@@ -1126,14 +1150,8 @@ func (c *Collector) Run() error {
 			Description:     "Collecting gops stats from Cilium-operator pods",
 			Quick:           true,
 			Task: func(ctx context.Context) error {
-				p, err := c.Client.ListPods(ctx, c.Options.CiliumNamespace, metav1.ListOptions{
-					LabelSelector: c.Options.CiliumOperatorLabelSelector,
-				})
-				if err != nil {
-					return fmt.Errorf("failed to get cilium-operator pods: %w", err)
-				}
-				if err := c.SubmitGopsSubtasks(FilterPods(p, c.NodeList), ciliumOperatorContainerName); err != nil {
-					return fmt.Errorf("failed to collect Cilium gops: %w", err)
+				if err := c.SubmitGopsSubtasks(c.CiliumOperatorPods, ciliumOperatorContainerName); err != nil {
+					return fmt.Errorf("failed to collect cilium-operator gops stats: %w", err)
 				}
 				return nil
 			},
@@ -1185,14 +1203,16 @@ func (c *Collector) Run() error {
 		},
 		{
 			CreatesSubtasks: true,
-			Description:     "Collecting profiling data from Cilium pods",
+			Description:     "Collecting profiling data from Cilium Operator pods",
 			Quick:           false,
 			Task: func(_ context.Context) error {
 				if !c.Options.Profiling {
 					return nil
 				}
-				if err := c.SubmitProfilingGopsSubtasks(c.CiliumPods, ciliumAgentContainerName); err != nil {
-					return fmt.Errorf("failed to collect profiling data from Cilium pods: %w", err)
+
+				err := c.SubmitStreamProfilingGopsSubtasks(c.CiliumOperatorPods, ciliumOperatorContainerName, ciliumdef.GopsPortOperator)
+				if err != nil {
+					return fmt.Errorf("failed to collect cilium-operator profiles: %w", err)
 				}
 				return nil
 			},
@@ -1247,13 +1267,7 @@ func (c *Collector) Run() error {
 			Description:     "Collecting logs from Cilium operator pods",
 			Quick:           false,
 			Task: func(ctx context.Context) error {
-				p, err := c.Client.ListPods(ctx, c.Options.CiliumNamespace, metav1.ListOptions{
-					LabelSelector: c.Options.CiliumOperatorLabelSelector,
-				})
-				if err != nil {
-					return fmt.Errorf("failed to get logs from Cilium operator pods")
-				}
-				if err := c.SubmitLogsTasks(AllPods(p), c.Options.LogsSinceTime, c.Options.LogsLimitBytes); err != nil {
+				if err := c.SubmitLogsTasks(c.CiliumOperatorPods, c.Options.LogsSinceTime, c.Options.LogsLimitBytes); err != nil {
 					return fmt.Errorf("failed to collect logs from Cilium operator pods")
 				}
 				return nil
@@ -1404,6 +1418,19 @@ func (c *Collector) Run() error {
 		tasks = append(tasks, ciliumTasks...)
 
 		serialTasks = append(serialTasks, Task{
+			CreatesSubtasks: true,
+			Description:     "Collecting profiling data from Cilium pods",
+			Quick:           false,
+			Task: func(_ context.Context) error {
+				if !c.Options.Profiling {
+					return nil
+				}
+				if err := c.SubmitProfilingGopsSubtasks(c.CiliumPods, ciliumAgentContainerName); err != nil {
+					return fmt.Errorf("failed to collect profiling data from Cilium pods: %w", err)
+				}
+				return nil
+			},
+		}, Task{
 			CreatesSubtasks: true,
 			Description:     "Collecting tracing data from Cilium pods",
 			Quick:           false,
@@ -2828,10 +2855,10 @@ func (c *Collector) submitKVStoreTasks(ctx context.Context, pod *corev1.Pod) err
 }
 
 // SubmitMetricsSubtask submits tasks to collect metrics from pods.
-func (c *Collector) SubmitMetricsSubtask(pods *corev1.PodList, containerName, portName string) error {
-	for _, p := range pods.Items {
+func (c *Collector) SubmitMetricsSubtask(pods []*corev1.Pod, containerName, portName string) error {
+	for _, p := range pods {
 		p := p
-		if !podIsRunningAndHasContainer(&p, containerName) {
+		if !podIsRunningAndHasContainer(p, containerName) {
 			continue
 		}
 		err := c.Pool.Submit(fmt.Sprintf("metrics-%s-%s-%s", p.Name, containerName, portName), func(ctx context.Context) error {
@@ -2855,7 +2882,7 @@ func (c *Collector) SubmitMetricsSubtask(pods *corev1.PodList, containerName, po
 	return nil
 }
 
-func (c *Collector) submitClusterMeshAPIServerDbgTasks(pods *corev1.PodList) error {
+func (c *Collector) submitClusterMeshAPIServerDbgTasks(pods []*corev1.Pod) error {
 	tasks := []struct {
 		name      string
 		ext       string
@@ -2899,9 +2926,9 @@ func (c *Collector) submitClusterMeshAPIServerDbgTasks(pods *corev1.PodList) err
 		},
 	}
 
-	for _, pod := range pods.Items {
+	for _, pod := range pods {
 		for _, task := range tasks {
-			if !podIsRunningAndHasContainer(&pod, task.container) {
+			if !podIsRunningAndHasContainer(pod, task.container) {
 				continue
 			}
 
@@ -2936,7 +2963,7 @@ func (c *Collector) submitClusterMeshAPIServerDbgTasks(pods *corev1.PodList) err
 	return nil
 }
 
-func getPodMetricsPort(pod corev1.Pod, containerName, portName string) (int32, error) {
+func getPodMetricsPort(pod *corev1.Pod, containerName, portName string) (int32, error) {
 	for _, container := range pod.Spec.Containers {
 		if container.Name != containerName {
 			continue
diff --git a/vendor/github.com/cilium/cilium/cilium-cli/utils/features/features.go b/vendor/github.com/cilium/cilium/cilium-cli/utils/features/features.go
index 20c72569a6..cfc342fa7f 100644
--- a/vendor/github.com/cilium/cilium/cilium-cli/utils/features/features.go
+++ b/vendor/github.com/cilium/cilium/cilium-cli/utils/features/features.go
@@ -42,8 +42,9 @@ const (
 
 	HealthChecking Feature = "health-checking"
 
-	EncryptionPod  Feature = "encryption-pod"
-	EncryptionNode Feature = "encryption-node"
+	EncryptionPod        Feature = "encryption-pod"
+	EncryptionNode       Feature = "encryption-node"
+	EncryptionStrictMode Feature = "enable-encryption-strict-mode"
 
 	IPv4 Feature = "ipv4"
 	IPv6 Feature = "ipv6"
@@ -80,6 +81,8 @@ const (
 	BGPControlPlane Feature = "enable-bgp-control-plane"
 
 	NodeLocalDNS Feature = "node-local-dns"
+
+	Multicast Feature = "multicast-enabled"
 )
 
 // Feature is the name of a Cilium Feature (e.g. l7-proxy, cni chaining mode etc)
@@ -320,6 +323,14 @@ func (fs Set) ExtractFromConfigMap(cm *v1.ConfigMap) {
 	fs[BGPControlPlane] = Status{
 		Enabled: cm.Data[string(BGPControlPlane)] == "true",
 	}
+
+	fs[Multicast] = Status{
+		Enabled: cm.Data[string(Multicast)] == "true",
+	}
+
+	fs[EncryptionStrictMode] = Status{
+		Enabled: cm.Data[string(EncryptionStrictMode)] == "true",
+	}
 }
 
 func (fs Set) ExtractFromNodes(nodesWithoutCilium map[string]struct{}) {
diff --git a/vendor/github.com/cilium/cilium/hubble/pkg/printer/printer.go b/vendor/github.com/cilium/cilium/hubble/pkg/printer/printer.go
index d1aab44024..d08940b9e9 100644
--- a/vendor/github.com/cilium/cilium/hubble/pkg/printer/printer.go
+++ b/vendor/github.com/cilium/cilium/hubble/pkg/printer/printer.go
@@ -800,6 +800,8 @@ func (p *Printer) WriteGetFlowsResponse(res *observerpb.GetFlowsResponse) error
 		return p.WriteProtoFlow(res)
 	case *observerpb.GetFlowsResponse_NodeStatus:
 		return p.WriteProtoNodeStatusEvent(res)
+	case *observerpb.GetFlowsResponse_LostEvents:
+		return p.WriteLostEvent(res)
 	case nil:
 		return nil
 	default:
@@ -914,3 +916,89 @@ func (p *Printer) WriteServerStatusResponse(res *observerpb.ServerStatusResponse
 	}
 	return nil
 }
+
+// WriteLostEvent writes v1.Flow into the output writer.
+func (p *Printer) WriteLostEvent(res *observerpb.GetFlowsResponse) error {
+	f := res.GetLostEvents()
+
+	switch p.opts.output {
+	case TabOutput:
+		ew := &errWriter{w: p.tw}
+		src := f.GetSource()
+		numEventsLost := f.GetNumEventsLost()
+		cpu := f.GetCpu()
+
+		if p.line == 0 {
+			ew.write("TIMESTAMP", tab)
+			if p.opts.nodeName {
+				ew.write("NODE", tab)
+			}
+			ew.write(
+				"SOURCE", tab,
+				"DESTINATION", tab,
+				"TYPE", tab,
+				"VERDICT", tab,
+				"SUMMARY", newline,
+			)
+		}
+		ew.write("", tab)
+		if p.opts.nodeName {
+			ew.write("", tab)
+		}
+		ew.write(
+			src, tab,
+			"", tab,
+			"EVENTS LOST", tab,
+			"", tab,
+			fmt.Sprintf("CPU(%d) - %d", cpu.GetValue(), numEventsLost), newline,
+		)
+		if ew.err != nil {
+			return fmt.Errorf("failed to write out packet: %w", ew.err)
+		}
+	case DictOutput:
+		ew := &errWriter{w: p.opts.w}
+		src := f.GetSource()
+		numEventsLost := f.GetNumEventsLost()
+		cpu := f.GetCpu()
+		if p.line != 0 {
+			// TODO: line length?
+			ew.write(dictSeparator, newline)
+		}
+
+		// this is a little crude, but will do for now. should probably find the
+		// longest header and auto-format the keys
+		ew.write("  TIMESTAMP: ", "", newline)
+		if p.opts.nodeName {
+			ew.write("       NODE: ", "", newline)
+		}
+		ew.write(
+			"     SOURCE: ", src, newline,
+			"       TYPE: ", "EVENTS LOST", newline,
+			"    VERDICT: ", "", newline,
+			"    SUMMARY: ", fmt.Sprintf("CPU(%d) - %d", cpu.GetValue(), numEventsLost), newline,
+		)
+		if ew.err != nil {
+			return fmt.Errorf("failed to write out packet: %w", ew.err)
+		}
+	case CompactOutput:
+		src := f.GetSource()
+		numEventsLost := f.GetNumEventsLost()
+		cpu := f.GetCpu()
+
+		_, err := fmt.Fprintf(p.opts.w,
+			"EVENTS LOST: %s CPU(%d) %d\n",
+			src,
+			cpu.GetValue(),
+			numEventsLost,
+		)
+		if err != nil {
+			return fmt.Errorf("failed to write out packet: %w", err)
+		}
+	case JSONLegacyOutput:
+		return p.jsonEncoder.Encode(f)
+	case JSONPBOutput:
+		return p.jsonEncoder.Encode(res)
+	}
+	p.line++
+	return nil
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/allocator/allocator.go b/vendor/github.com/cilium/cilium/pkg/allocator/allocator.go
index 5e015b83a2..13015dfbfb 100644
--- a/vendor/github.com/cilium/cilium/pkg/allocator/allocator.go
+++ b/vendor/github.com/cilium/cilium/pkg/allocator/allocator.go
@@ -13,7 +13,6 @@ import (
 
 	"github.com/cilium/cilium/pkg/backoff"
 	"github.com/cilium/cilium/pkg/idpool"
-	"github.com/cilium/cilium/pkg/inctimer"
 	"github.com/cilium/cilium/pkg/kvstore"
 	"github.com/cilium/cilium/pkg/lock"
 	"github.com/cilium/cilium/pkg/logging"
@@ -28,9 +27,9 @@ var (
 )
 
 const (
-	// maxAllocAttempts is the number of attempted allocation requests
-	// performed before failing.
-	maxAllocAttempts = 16
+	// defaultMaxAllocAttempts is the default number of attempted allocation
+	// requests performed before failing.
+	defaultMaxAllocAttempts = 16
 )
 
 // Allocator is a distributed ID allocator backed by a KVstore. It maps
@@ -151,6 +150,13 @@ type Allocator struct {
 	// disableAutostart prevents starting the allocator when it is initialized
 	disableAutostart bool
 
+	// operatorIDManagement indicates if cilium-operator is managing Cilium Identities.
+	operatorIDManagement bool
+
+	// maxAllocAttempts is the number of attempted allocation requests
+	// performed before failing.
+	maxAllocAttempts int
+
 	// cacheValidators implement extra validations of retrieved identities, e.g.,
 	// to ensure that they belong to the expected range.
 	cacheValidators []CacheValidator
@@ -315,6 +321,7 @@ func NewAllocator(typ AllocatorKey, backend Backend, opts ...AllocatorOption) (*
 			Min:    time.Duration(20) * time.Millisecond,
 			Factor: 2.0,
 		},
+		maxAllocAttempts: defaultMaxAllocAttempts,
 	}
 
 	for _, fn := range opts {
@@ -400,6 +407,18 @@ func WithMasterKeyProtection() AllocatorOption {
 	return func(a *Allocator) { a.enableMasterKeyProtection = true }
 }
 
+// WithOperatorIDManagement enables the mode with cilium-operator managing
+// Cilium Identities.
+func WithOperatorIDManagement() AllocatorOption {
+	return func(a *Allocator) { a.operatorIDManagement = true }
+}
+
+// WithMaxAllocAttempts sets the maxAllocAttempts. If not set, new Allocator
+// will use defaultMaxAllocAttempts.
+func WithMaxAllocAttempts(maxAttempts int) AllocatorOption {
+	return func(a *Allocator) { a.maxAllocAttempts = maxAttempts }
+}
+
 // WithoutGC disables the use of the garbage collector
 func WithoutGC() AllocatorOption {
 	return func(a *Allocator) { a.disableGC = true }
@@ -665,13 +684,22 @@ func (a *Allocator) Allocate(ctx context.Context, key AllocatorKey) (idpool.ID,
 		return 0, false, false, fmt.Errorf("allocation was cancelled while waiting for initial key list to be received: %w", ctx.Err())
 	}
 
+	if a.operatorIDManagement {
+		id, err := a.GetWithRetry(ctx, key)
+		// The second and third return values are always false when
+		// operatorIDManagement is enabled because cilium-operator manages security
+		// IDs, and they are never newly allocated or require holding a reference to
+		// a key.
+		return id, false, false, err
+	}
+
 	kvstore.Trace("Allocating from kvstore", nil, logrus.Fields{fieldKey: key})
 
 	// make a copy of the template and customize it
 	boff := a.backoffTemplate
 	boff.Name = key.String()
 
-	for attempt := 0; attempt < maxAllocAttempts; attempt++ {
+	for attempt := 0; attempt < a.maxAllocAttempts; attempt++ {
 		// Check our list of local keys already in use and increment the
 		// refcnt. The returned key must be released afterwards. No kvstore
 		// operation was performed for this allocation.
@@ -716,6 +744,55 @@ func (a *Allocator) Allocate(ctx context.Context, key AllocatorKey) (idpool.ID,
 	return 0, false, false, err
 }
 
+func (a *Allocator) GetWithRetry(ctx context.Context, key AllocatorKey) (idpool.ID, error) {
+	getID := func() (idpool.ID, error) {
+		id, err := a.Get(ctx, key)
+		if err != nil {
+			return idpool.NoID, err
+		}
+
+		if id == idpool.NoID {
+			return idpool.NoID, fmt.Errorf("security identity not found for key %s", key.String())
+		}
+
+		return id, nil
+	}
+
+	// Make a copy of the template and customize it.
+	boff := a.backoffTemplate
+	boff.Name = key.String()
+
+	var id idpool.ID
+	var err error
+
+	for attempt := 0; attempt < a.maxAllocAttempts; attempt++ {
+		id, err = getID()
+		if err == nil {
+			return id, nil
+		}
+
+		scopedLog := log.WithFields(logrus.Fields{
+			fieldKey:          key,
+			logfields.Attempt: attempt,
+		})
+
+		select {
+		case <-ctx.Done():
+			scopedLog.WithError(ctx.Err()).Warning("Ongoing key allocation has been cancelled")
+			return idpool.NoID, fmt.Errorf("key allocation cancelled: %w", ctx.Err())
+		default:
+			scopedLog.WithError(err).Debug("CiliumIdentity not yet created by cilium-operator, retrying...")
+		}
+
+		if waitErr := boff.Wait(ctx); waitErr != nil {
+			scopedLog.Warning("timed out waiting for cilium-operator to allocate CiliumIdentity")
+			return idpool.NoID, fmt.Errorf("timed out waiting for cilium-operator to allocate CiliumIdentity for key %v, error: %w", key.GetKey(), waitErr)
+		}
+	}
+
+	return idpool.NoID, err
+}
+
 // GetIfLocked returns the ID which is allocated to a key. Returns an ID of NoID if no ID
 // has been allocated to this key yet if the client is still holding the given
 // lock.
@@ -817,6 +894,11 @@ func (a *Allocator) GetByIDIncludeRemoteCaches(ctx context.Context, id idpool.ID
 // the last user has released the ID, the key is removed in the KVstore and
 // the returned lastUse value is true.
 func (a *Allocator) Release(ctx context.Context, key AllocatorKey) (lastUse bool, err error) {
+	if a.operatorIDManagement {
+		log.WithField(fieldKey, key).Debug("Skipping key release when cilium-operator ID management is enabled")
+		return false, nil
+	}
+
 	log.WithField(fieldKey, key).Info("Releasing key")
 
 	select {
@@ -888,8 +970,6 @@ func (a *Allocator) syncLocalKeys() error {
 
 func (a *Allocator) startLocalKeySync() {
 	go func(a *Allocator) {
-		kvTimer, kvTimerDone := inctimer.New()
-		defer kvTimerDone()
 		for {
 			if err := a.syncLocalKeys(); err != nil {
 				log.WithError(err).Warning("Unable to run local key sync routine")
@@ -899,7 +979,7 @@ func (a *Allocator) startLocalKeySync() {
 			case <-a.stopGC:
 				log.Debug("Stopped master key sync routine")
 				return
-			case <-kvTimer.After(option.Config.KVstorePeriodicSync):
+			case <-time.After(option.Config.KVstorePeriodicSync):
 			}
 		}
 	}(a)
diff --git a/vendor/github.com/cilium/cilium/pkg/annotation/k8s.go b/vendor/github.com/cilium/cilium/pkg/annotation/k8s.go
index 6894f3c6cf..59c3ad238b 100644
--- a/vendor/github.com/cilium/cilium/pkg/annotation/k8s.go
+++ b/vendor/github.com/cilium/cilium/pkg/annotation/k8s.go
@@ -140,13 +140,6 @@ const (
 	//		use SNAT so that reply traffic comes back
 	ServiceForwardingMode = ServicePrefix + "/forwarding-mode"
 
-	// ProxyVisibility / ProxyVisibilityAlias is the annotation name used to
-	// indicate whether proxy visibility should be enabled for a given pod (i.e.,
-	// all traffic for the pod is redirected to the proxy for the given port /
-	// protocol in the annotation
-	ProxyVisibility      = PolicyPrefix + "/proxy-visibility"
-	ProxyVisibilityAlias = Prefix + ".proxy-visibility"
-
 	// NoTrack / NoTrackAlias is the annotation name used to store the port and
 	// protocol that we should bypass kernel conntrack for a given pod. This
 	// applies for both TCP and UDP connection. Current use case is NodeLocalDNS.
diff --git a/vendor/github.com/cilium/cilium/pkg/aws/eni/types/types.go b/vendor/github.com/cilium/cilium/pkg/aws/eni/types/types.go
index c2cba6c384..5fecd2467a 100644
--- a/vendor/github.com/cilium/cilium/pkg/aws/eni/types/types.go
+++ b/vendor/github.com/cilium/cilium/pkg/aws/eni/types/types.go
@@ -206,6 +206,11 @@ type ENI struct {
 	//
 	// +optional
 	Tags map[string]string `json:"tags,omitempty"`
+
+	// PublicIP is the public IP associated with the ENI
+	//
+	// +optional
+	PublicIP string `json:"public-ip,omitempty"`
 }
 
 func (e *ENI) DeepCopyInterface() types.Interface {
diff --git a/vendor/github.com/cilium/cilium/pkg/aws/eni/types/zz_generated.deepequal.go b/vendor/github.com/cilium/cilium/pkg/aws/eni/types/zz_generated.deepequal.go
index 4c1c93fc0e..00b50c30d5 100644
--- a/vendor/github.com/cilium/cilium/pkg/aws/eni/types/zz_generated.deepequal.go
+++ b/vendor/github.com/cilium/cilium/pkg/aws/eni/types/zz_generated.deepequal.go
@@ -163,6 +163,10 @@ func (in *ENI) DeepEqual(other *ENI) bool {
 		}
 	}
 
+	if in.PublicIP != other.PublicIP {
+		return false
+	}
+
 	return true
 }
 
diff --git a/vendor/github.com/cilium/cilium/pkg/bgpv1/types/fake_router.go b/vendor/github.com/cilium/cilium/pkg/bgpv1/types/fake_router.go
index 97a86388c5..f1bf0dc4ef 100644
--- a/vendor/github.com/cilium/cilium/pkg/bgpv1/types/fake_router.go
+++ b/vendor/github.com/cilium/cilium/pkg/bgpv1/types/fake_router.go
@@ -5,10 +5,14 @@ package types
 
 import "context"
 
-type FakeRouter struct{}
+type FakeRouter struct {
+	paths map[string]*Path
+}
 
 func NewFakeRouter() Router {
-	return &FakeRouter{}
+	return &FakeRouter{
+		paths: make(map[string]*Path),
+	}
 }
 
 func (f *FakeRouter) Stop() {}
@@ -31,10 +35,13 @@ func (f *FakeRouter) ResetNeighbor(ctx context.Context, r ResetNeighborRequest)
 
 func (f *FakeRouter) AdvertisePath(ctx context.Context, p PathRequest) (PathResponse, error) {
 	path := p.Path
+	f.paths[path.NLRI.String()] = path
 	return PathResponse{path}, nil
 }
 
 func (f *FakeRouter) WithdrawPath(ctx context.Context, p PathRequest) error {
+	path := p.Path
+	delete(f.paths, path.NLRI.String())
 	return nil
 }
 
@@ -51,7 +58,14 @@ func (f *FakeRouter) GetPeerState(ctx context.Context) (GetPeerStateResponse, er
 }
 
 func (f *FakeRouter) GetRoutes(ctx context.Context, r *GetRoutesRequest) (*GetRoutesResponse, error) {
-	return nil, nil
+	var routes []*Route
+	for _, path := range f.paths {
+		routes = append(routes, &Route{
+			Prefix: path.NLRI.String(),
+			Paths:  []*Path{path},
+		})
+	}
+	return &GetRoutesResponse{Routes: routes}, nil
 }
 
 func (f *FakeRouter) GetRoutePolicies(ctx context.Context) (*GetRoutePoliciesResponse, error) {
diff --git a/vendor/github.com/cilium/cilium/pkg/bgpv1/types/log.go b/vendor/github.com/cilium/cilium/pkg/bgpv1/types/log.go
index cc5cf76dd0..9f7a9384e4 100644
--- a/vendor/github.com/cilium/cilium/pkg/bgpv1/types/log.go
+++ b/vendor/github.com/cilium/cilium/pkg/bgpv1/types/log.go
@@ -42,4 +42,7 @@ const (
 
 	// PolicyLogField is used as key for BGP policy in the log field.
 	PolicyLogField = "policy"
+
+	// ResourceLogField is used as key for k8s resource in the log field.
+	ResourceLogField = "resource"
 )
diff --git a/vendor/github.com/cilium/cilium/pkg/clustermesh/types/option.go b/vendor/github.com/cilium/cilium/pkg/clustermesh/types/option.go
index 00b5673f6a..b00ee5c92e 100644
--- a/vendor/github.com/cilium/cilium/pkg/clustermesh/types/option.go
+++ b/vendor/github.com/cilium/cilium/pkg/clustermesh/types/option.go
@@ -4,13 +4,13 @@
 package types
 
 import (
+	"errors"
 	"fmt"
 
-	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 
 	"github.com/cilium/cilium/pkg/defaults"
-	"github.com/cilium/cilium/pkg/logging/logfields"
+	ipamOption "github.com/cilium/cilium/pkg/ipam/option"
 )
 
 const (
@@ -47,29 +47,42 @@ func (def ClusterInfo) Flags(flags *pflag.FlagSet) {
 
 // Validate validates that the ClusterID is in the valid range (including ClusterID == 0),
 // and that the ClusterName is different from the default value if the ClusterID != 0.
-func (c ClusterInfo) Validate(log logrus.FieldLogger) error {
+func (c ClusterInfo) Validate() error {
 	if c.ID < ClusterIDMin || c.ID > ClusterIDMax {
 		return fmt.Errorf("invalid cluster id %d: must be in range %d..%d",
 			c.ID, ClusterIDMin, ClusterIDMax)
 	}
 
-	return c.validateName(log)
+	return c.validateName()
 }
 
 // ValidateStrict validates that the ClusterID is in the valid range, but not 0,
 // and that the ClusterName is different from the default value.
-func (c ClusterInfo) ValidateStrict(log logrus.FieldLogger) error {
+func (c ClusterInfo) ValidateStrict() error {
 	if err := ValidateClusterID(c.ID); err != nil {
 		return err
 	}
 
-	return c.validateName(log)
+	return c.validateName()
 }
 
-func (c ClusterInfo) validateName(log logrus.FieldLogger) error {
+// ValidateBuggyClusterID returns an error if a buggy cluster ID (i.e., with the
+// 7th bit set) is used in combination with ENI IPAM mode or AWS CNI chaining.
+func (c ClusterInfo) ValidateBuggyClusterID(ipamMode, chainingMode string) error {
+	if (c.ID&0x80) != 0 && (ipamMode == ipamOption.IPAMENI || ipamMode == ipamOption.IPAMAlibabaCloud || chainingMode == "aws-cni") {
+		return errors.New("Cilium is currently affected by a bug that causes traffic matched " +
+			"by network policies to be incorrectly dropped when running in either ENI mode (both " +
+			"AWS and AlibabaCloud) or AWS VPC CNI chaining mode, if the cluster ID is 128-255 (and " +
+			"384-511 when max-connected-clusters=511). " +
+			"Please refer to https://github.com/cilium/cilium/issues/21330 for additional details.")
+	}
+
+	return nil
+}
+
+func (c ClusterInfo) validateName() error {
 	if err := ValidateClusterName(c.Name); err != nil {
-		log.WithField(logfields.ClusterName, c.Name).WithError(err).
-			Error("Invalid cluster name. This may cause degraded functionality, and will be strictly forbidden starting from Cilium v1.17")
+		return fmt.Errorf("invalid cluster name: %w", err)
 	}
 
 	if c.ID != 0 && c.Name == defaults.ClusterName {
diff --git a/vendor/github.com/cilium/cilium/pkg/container/bitlpm/cidr.go b/vendor/github.com/cilium/cilium/pkg/container/bitlpm/cidr.go
index c80b199ac3..ee14422af0 100644
--- a/vendor/github.com/cilium/cilium/pkg/container/bitlpm/cidr.go
+++ b/vendor/github.com/cilium/cilium/pkg/container/bitlpm/cidr.go
@@ -54,6 +54,10 @@ func (c *CIDRTrie[T]) Ancestors(cidr netip.Prefix, fn func(k netip.Prefix, v T)
 	})
 }
 
+func (c *CIDRTrie[T]) AncestorIterator(cidr netip.Prefix) Iterator[Key[netip.Prefix], T] {
+	return c.treeForFamily(cidr).AncestorIterator(uint(cidr.Bits()), cidrKey(cidr))
+}
+
 // AncestorsLongestPrefixFirst iterates over every CIDR pair that contains the CIDR argument,
 // longest matching prefix first, then iterating towards the root of the trie.
 func (c *CIDRTrie[T]) AncestorsLongestPrefixFirst(cidr netip.Prefix, fn func(k netip.Prefix, v T) bool) {
@@ -62,6 +66,10 @@ func (c *CIDRTrie[T]) AncestorsLongestPrefixFirst(cidr netip.Prefix, fn func(k n
 	})
 }
 
+func (c *CIDRTrie[T]) AncestorLongestPrefixFirstIterator(cidr netip.Prefix) Iterator[Key[netip.Prefix], T] {
+	return c.treeForFamily(cidr).AncestorLongestPrefixFirstIterator(uint(cidr.Bits()), cidrKey(cidr))
+}
+
 // Descendants iterates over every CIDR that is contained by the CIDR argument.
 func (c *CIDRTrie[T]) Descendants(cidr netip.Prefix, fn func(k netip.Prefix, v T) bool) {
 	c.treeForFamily(cidr).Descendants(uint(cidr.Bits()), cidrKey(cidr), func(prefix uint, k Key[netip.Prefix], v T) bool {
@@ -69,6 +77,10 @@ func (c *CIDRTrie[T]) Descendants(cidr netip.Prefix, fn func(k netip.Prefix, v T
 	})
 }
 
+func (c *CIDRTrie[T]) DescendantIterator(cidr netip.Prefix) Iterator[Key[netip.Prefix], T] {
+	return c.treeForFamily(cidr).DescendantIterator(uint(cidr.Bits()), cidrKey(cidr))
+}
+
 // DescendantsShortestPrefixFirst iterates over every CIDR that is contained by the CIDR argument.
 func (c *CIDRTrie[T]) DescendantsShortestPrefixFirst(cidr netip.Prefix, fn func(k netip.Prefix, v T) bool) {
 	c.treeForFamily(cidr).DescendantsShortestPrefixFirst(uint(cidr.Bits()), cidrKey(cidr), func(prefix uint, k Key[netip.Prefix], v T) bool {
@@ -76,6 +88,10 @@ func (c *CIDRTrie[T]) DescendantsShortestPrefixFirst(cidr netip.Prefix, fn func(
 	})
 }
 
+func (c *CIDRTrie[T]) DescendantShortestPrefixFirstIterator(cidr netip.Prefix) Iterator[Key[netip.Prefix], T] {
+	return c.treeForFamily(cidr).DescendantShortestPrefixFirstIterator(uint(cidr.Bits()), cidrKey(cidr))
+}
+
 // Upsert adds or updates the value for a given prefix.
 func (c *CIDRTrie[T]) Upsert(cidr netip.Prefix, v T) bool {
 	return c.treeForFamily(cidr).Upsert(uint(cidr.Bits()), cidrKey(cidr), v)
diff --git a/vendor/github.com/cilium/cilium/pkg/container/bitlpm/trie.go b/vendor/github.com/cilium/cilium/pkg/container/bitlpm/trie.go
index 3becf75182..d64c7f0e3b 100644
--- a/vendor/github.com/cilium/cilium/pkg/container/bitlpm/trie.go
+++ b/vendor/github.com/cilium/cilium/pkg/container/bitlpm/trie.go
@@ -44,12 +44,19 @@ type Trie[K, T any] interface {
 	// Note: If the prefix argument exceeds the Trie's maximum
 	// prefix, it will be set to the Trie's maximum prefix.
 	Ancestors(prefix uint, key K, fn func(uint, K, T) bool)
+	// AncestorIterator returns an iterator for ancestors that
+	// can be used to produce the 'Next' key/value pair in sequence.
+	AncestorIterator(prefix uint, key K) Iterator[K, T]
 	// AncestorsLongestPrefixFirst iterates over every prefix-key pair that
 	// contains the prefix-key argument pair. If the function argument
 	// returns false the iteration will stop. AncestorsLongestPrefixFirst
 	// iterates keys from longest to shortest prefix match (that is, the
 	// longest matching prefix will be returned first).
 	AncestorsLongestPrefixFirst(prefix uint, key K, fn func(uint, K, T) bool)
+	// AncestorLongestPrefixFirstIterator returns an iterator for ancestors
+	// that can be used to produce the 'Next' key/value pair in sequence,
+	// starting from the key with the longest common prefix with 'key'.
+	AncestorLongestPrefixFirstIterator(prefix uint, key K) Iterator[K, T]
 	// Descendants iterates over every prefix-key pair that is contained
 	// by the prefix-key argument pair. If the function argument
 	// returns false the iteration will stop. Descendants does **not** iterate
@@ -58,12 +65,19 @@ type Trie[K, T any] interface {
 	// Note: If the prefix argument exceeds the Trie's maximum
 	// prefix, it will be set to the Trie's maximum prefix.
 	Descendants(prefix uint, key K, fn func(uint, K, T) bool)
+	// DescendantIterator returns an iterator for descendants
+	// that can be used to produce the 'Next' key/value pair in sequence.
+	DescendantIterator(prefix uint, key K) Iterator[K, T]
 	// DescendantsShortestPrefixFirst iterates over every prefix-key pair that is contained by
 	// the prefix-key argument pair. If the function argument returns false the iteration will
 	// stop. DescendantsShortestPrefixFirst iterates keys starting from shortest prefix, and
 	// progressing towards keys with longer prefixes. Keys with equal prefix lengths are not
 	// iterated in any particular order.
 	DescendantsShortestPrefixFirst(prefix uint, key K, fn func(uint, K, T) bool)
+	// DescendantShortestPrefixFirstIterator returns an iterator for descendants
+	// that can be used to produce the 'Next' key/value pair in sequence,
+	// starting from the key with the shortest common prefix with 'key'.
+	DescendantShortestPrefixFirstIterator(prefix uint, key K) Iterator[K, T]
 	// Upsert updates or inserts the trie with a a prefix, key,
 	// and value. The method returns true if the key is new, and
 	// false if the key already existed.
@@ -84,6 +98,16 @@ type Trie[K, T any] interface {
 	ForEach(fn func(uint, K, T) bool)
 }
 
+// Iterator is an interface that can be used to produce the next key/value pair in iteration
+// sequence. 'ok' is 'false' when the sequence ends; 'key' and 'value' are returned with empty
+// values in that case.
+// Iteration state is held in the implementation explicitly, rather than in Go stack/closures.
+// Policy mapstate generation benchmark BenchmarkRegenerateCIDRDenyPolicyRules reports 25% less allocations
+// with Iterator, even in combination with Go 1.23 Iterators on the caller side.
+type Iterator[K, T any] interface {
+	Next() (ok bool, key K, value T)
+}
+
 // Key is an interface that implements all the necessary
 // methods to index and retrieve keys.
 type Key[K any] interface {
@@ -171,6 +195,204 @@ func (t *trie[K, T]) Ancestors(prefixLen uint, k Key[K], fn func(prefix uint, ke
 	})
 }
 
+// ancestorIterator implements Iteraror for ancestor iteration
+type ancestorIterator[K, T any] struct {
+	key         Key[K]
+	prefixLen   uint
+	maxPrefix   uint
+	currentNode *node[K, T]
+}
+
+// AncestorIterator returns an iterator for ancestors.
+func (t *trie[K, T]) AncestorIterator(prefixLen uint, k Key[K]) Iterator[Key[K], T] {
+	if k != nil {
+		return &ancestorIterator[K, T]{
+			prefixLen:   min(prefixLen, t.maxPrefix),
+			key:         k,
+			maxPrefix:   t.maxPrefix,
+			currentNode: t.root,
+		}
+	}
+	return &ancestorIterator[K, T]{}
+}
+
+// Next produces the 'Next' key/value pair in the iteration sequence maintained by 'iter'. 'ok' is
+// 'false' when the sequence ends; 'key' and 'value' are returned with empty values in that case.
+func (i *ancestorIterator[K, T]) Next() (ok bool, key Key[K], value T) {
+	for i.currentNode != nil {
+		k := i.key
+		prefixLen := i.prefixLen
+		currentNode := i.currentNode
+
+		matchLen := currentNode.prefixMatch(prefixLen, k)
+		// The current-node does not match.
+		if matchLen < currentNode.prefixLen {
+			break
+		}
+		// Skip over intermediate nodes
+		if currentNode.intermediate {
+			i.currentNode = currentNode.children[k.BitValueAt(currentNode.prefixLen)]
+			continue
+		}
+		if matchLen == i.maxPrefix {
+			i.currentNode = nil
+		} else {
+			i.currentNode = currentNode.children[k.BitValueAt(currentNode.prefixLen)]
+		}
+		return true, currentNode.key, currentNode.value
+	}
+	return false, key, value
+}
+
+// ancestorLPFIterator implements Iteraror for ancestor iteration for longest-prefix-first iteration
+// order.
+type ancestorLPFIterator[K, T any] struct {
+	stack nodes[K, T]
+}
+
+// AncestorLongestPrefixFirstIterator returns an iterator for ancestors
+// that can be used to produce the 'Next' key/value pair in sequence,
+// starting from the key with the longest common prefix with 'key'.
+func (t *trie[K, T]) AncestorLongestPrefixFirstIterator(prefixLen uint, k Key[K]) Iterator[Key[K], T] {
+	iter := &ancestorLPFIterator[K, T]{}
+	if k != nil {
+		for currentNode := t.root; currentNode != nil; currentNode = currentNode.children[k.BitValueAt(currentNode.prefixLen)] {
+			matchLen := currentNode.prefixMatch(prefixLen, k)
+			// The current-node does not match.
+			if matchLen < currentNode.prefixLen {
+				break
+			}
+			// Skip over intermediate nodes
+			if currentNode.intermediate {
+				continue
+			}
+			iter.stack.push(currentNode)
+			if matchLen == t.maxPrefix {
+				break
+			}
+		}
+	}
+	return iter
+}
+
+// Next produces the 'Next' key/value pair in the iteration sequence maintained by 'iter'. 'ok' is
+// 'false' when the sequence ends; 'key' and 'value' are returned with empty values in that case.
+func (i *ancestorLPFIterator[K, T]) Next() (ok bool, key Key[K], value T) {
+	if len(i.stack) > 0 {
+		n := i.stack.pop()
+		return true, n.key, n.value
+	}
+	return false, key, value
+}
+
+// descendantIterator implements Iteraror for descendants iteration
+type descendantIterator[K, T any] struct {
+	nodes nodes[K, T]
+}
+
+// DescendantIterator returns an iterator for descendants
+// that can be used to produce the 'Next' key/value pair in sequence.
+func (t *trie[K, T]) DescendantIterator(prefixLen uint, k Key[K]) Iterator[Key[K], T] {
+	iter := &descendantIterator[K, T]{}
+	if k != nil {
+		prefixLen = min(prefixLen, t.maxPrefix)
+		currentNode := t.root
+		for currentNode != nil {
+			matchLen := currentNode.prefixMatch(prefixLen, k)
+			// CurrentNode matches the prefix-key argument
+			if matchLen >= prefixLen {
+				iter.nodes.push(currentNode)
+				break
+			}
+			// currentNode is a leaf and has no children. Calling k.BitValueAt may
+			// overrun the key storage.
+			if currentNode.prefixLen >= t.maxPrefix {
+				break
+			}
+			currentNode = currentNode.children[k.BitValueAt(currentNode.prefixLen)]
+		}
+	}
+	return iter
+}
+
+// Next produces the 'Next' key/value pair in the iteration sequence maintained by 'iter'. 'ok' is
+// 'false' when the sequence ends; 'key' and 'value' are returned with empty values in that case.
+func (i *descendantIterator[K, T]) Next() (ok bool, key Key[K], value T) {
+	for len(i.nodes) > 0 {
+		// pop the latest node
+		n := i.nodes.pop()
+		// push the children, if any
+		if n.children[0] != nil {
+			i.nodes.push(n.children[0])
+		}
+		if n.children[1] != nil {
+			i.nodes.push(n.children[1])
+		}
+		// Skip over intermediate nodes
+		if n.intermediate {
+			continue
+		}
+		return true, n.key, n.value
+	}
+	return false, key, value
+}
+
+// descendantSPFIterator implements Iteraror for descendants iteration for shortest-prefix-first
+// iteration order.
+type descendantSPFIterator[K, T any] struct {
+	heap nodes[K, T]
+}
+
+// DescendantsShortestPrefixFirst iterates over every prefix-key pair that is contained by
+// the prefix-key argument pair. If the function argument returns false the iteration will
+// stop. DescendantsShortestPrefixFirst iterates keys starting from shortest prefix, and
+// progressing towards keys with longer prefixes. Keys with equal prefix lengths are not
+// iterated in any particular order.
+func (t *trie[K, T]) DescendantShortestPrefixFirstIterator(prefixLen uint, k Key[K]) Iterator[Key[K], T] {
+	iter := &descendantSPFIterator[K, T]{}
+	if k != nil {
+		prefixLen = min(prefixLen, t.maxPrefix)
+		currentNode := t.root
+		for currentNode != nil {
+			matchLen := currentNode.prefixMatch(prefixLen, k)
+			// CurrentNode matches the prefix-key argument
+			if matchLen >= prefixLen {
+				iter.heap.push(currentNode)
+				break
+			}
+			// currentNode is a leaf and has no children. Calling k.BitValueAt may
+			// overrun the key storage.
+			if currentNode.prefixLen >= t.maxPrefix {
+				break
+			}
+			currentNode = currentNode.children[k.BitValueAt(currentNode.prefixLen)]
+		}
+	}
+	return iter
+}
+
+// Next produces the 'Next' key/value pair in the iteration sequence maintained by 'iter'. 'ok' is
+// 'false' when the sequence ends; 'key' and 'value' are returned with empty values in that case.
+func (i *descendantSPFIterator[K, T]) Next() (ok bool, key Key[K], value T) {
+	for i.heap.Len() > 0 {
+		// pop the node with the lowest prefix length from the heap
+		n := i.heap.popHeap()
+		// push the children, if any, into the heap
+		if n.children[0] != nil {
+			i.heap.pushHeap(n.children[0])
+		}
+		if n.children[1] != nil {
+			i.heap.pushHeap(n.children[1])
+		}
+		// Skip over intermediate nodes
+		if n.intermediate {
+			continue
+		}
+		return true, n.key, n.value
+	}
+	return false, key, value
+}
+
 func (t *trie[K, T]) AncestorsLongestPrefixFirst(prefixLen uint, k Key[K], fn func(prefix uint, key Key[K], value T) bool) {
 	prefixLen = min(prefixLen, t.maxPrefix)
 	t.treverse(prefixLen, k, func(currentNode *node[K, T]) bool {
@@ -676,12 +898,23 @@ func (nodes *nodes[K, T]) Pop() any {
 	return node
 }
 
-// convenience wrappers
+func (nodes *nodes[K, T]) pop() *node[K, T] {
+	n := len(*nodes)
+	node := (*nodes)[n-1]
+	*nodes = (*nodes)[:n-1]
+	return node
+}
+
 func (nodes *nodes[K, T]) push(n *node[K, T]) {
+	*nodes = append(*nodes, n)
+}
+
+// convenience wrappers
+func (nodes *nodes[K, T]) pushHeap(n *node[K, T]) {
 	heap.Push(nodes, n)
 }
 
-func (nodes *nodes[K, T]) pop() *node[K, T] {
+func (nodes *nodes[K, T]) popHeap() *node[K, T] {
 	return heap.Pop(nodes).(*node[K, T])
 }
 
@@ -696,11 +929,11 @@ func (n *node[K, T]) forEachShortestPrefixFirst(fn func(prefix uint, key Key[K],
 	// has the shortest prefix length of any node in the subtree it represents.
 	// Preallocate space for some pointers to reduce allocations and copies.
 	nodes := make(nodes[K, T], 0, nPointersOnCacheline)
-	nodes.push(n)
+	nodes.pushHeap(n)
 
 	for nodes.Len() > 0 {
 		// pop the node with the lowest prefix length from the heap
-		n := nodes.pop()
+		n := nodes.popHeap()
 		if !n.intermediate {
 			if !fn(n.prefixLen, n.key, n.value) {
 				return
@@ -708,10 +941,10 @@ func (n *node[K, T]) forEachShortestPrefixFirst(fn func(prefix uint, key Key[K],
 		}
 		// push the children, if any, into the heap
 		if n.children[0] != nil {
-			nodes.push(n.children[0])
+			nodes.pushHeap(n.children[0])
 		}
 		if n.children[1] != nil {
-			nodes.push(n.children[1])
+			nodes.pushHeap(n.children[1])
 		}
 	}
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/container/set/set.go b/vendor/github.com/cilium/cilium/pkg/container/set/set.go
new file mode 100644
index 0000000000..5c7dab269d
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/container/set/set.go
@@ -0,0 +1,227 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package set
+
+import (
+	"fmt"
+	"iter"
+	"maps"
+)
+
+type empty struct{}
+
+// Set contains zero, one, or more members. Zero or one members do not consume any additional
+// storage, more than one members are held in an non-exported membersMap.
+type Set[T comparable] struct {
+	single  *T
+	members map[T]empty
+}
+
+// Empty returns 'true' if the set is empty.
+func (s Set[T]) Empty() bool {
+	return s.single == nil && s.members == nil
+}
+
+// Len returns the number of members in the set.
+func (s Set[T]) Len() int {
+	if s.single != nil {
+		return 1
+	}
+	return len(s.members)
+}
+
+func (s Set[T]) String() string {
+	if s.single != nil {
+		return fmt.Sprintf("%v", s.single)
+	}
+	res := ""
+	for m := range s.members {
+		if res != "" {
+			res += ","
+		}
+		res += fmt.Sprintf("%v", m)
+	}
+	return res
+}
+
+// NewSet returns a Set initialized to contain the members in 'members'.
+func NewSet[T comparable](members ...T) Set[T] {
+	s := Set[T]{}
+	for _, member := range members {
+		s.Insert(member)
+	}
+	return s
+}
+
+// Has returns 'true' if 'member' is in the set.
+func (s Set[T]) Has(member T) bool {
+	if s.single != nil {
+		return *s.single == member
+	}
+	_, ok := s.members[member]
+	return ok
+}
+
+// Insert inserts a member to the set.
+// Returns 'true' when '*s' value has changed,
+// so that if it is stored by value the caller must knows to update the stored value.
+func (s *Set[T]) Insert(member T) (changed bool) {
+	switch s.Len() {
+	case 0:
+		s.single = &member
+		return true
+	case 1:
+		if member == *s.single {
+			return false
+		}
+		s.members = make(map[T]empty, 2)
+		s.members[*s.single] = empty{}
+		s.single = nil
+		s.members[member] = empty{}
+		return true
+	default:
+		s.members[member] = empty{}
+		return false
+	}
+}
+
+// Merge inserts members in 'o' into to the set 's'.
+// Returns 'true' when '*s' value has changed,
+// so that if it is stored by value the caller must knows to update the stored value.
+func (s *Set[T]) Merge(sets ...Set[T]) (changed bool) {
+	for _, other := range sets {
+		for m := range other.Members() {
+			changed = s.Insert(m) || changed
+		}
+	}
+	return changed
+}
+
+// Remove removes a member from the set.
+// Returns 'true' when '*s' value was changed, so that if it is stored by value the caller knows to
+// update the stored value.
+func (s *Set[T]) Remove(member T) (changed bool) {
+	length := s.Len()
+	switch length {
+	case 0:
+	case 1:
+		if *s.single == member {
+			s.single = nil
+			return true
+		}
+	case 2:
+		delete(s.members, member)
+		if len(s.members) == 1 {
+			for m := range s.members {
+				s.single = &m
+			}
+			s.members = nil
+			return true
+		}
+	default:
+		delete(s.members, member)
+	}
+	return false
+}
+
+// RemoveSets removes one or more Sets from the receiver set.
+// Returns 'true' when '*s' value was changed, so that if it is stored by value the caller knows to
+// update the stored value.
+func (s *Set[T]) RemoveSets(sets ...Set[T]) (changed bool) {
+	for _, other := range sets {
+		for m := range other.Members() {
+			changed = s.Remove(m) || changed
+		}
+	}
+	return changed
+}
+
+// Clear makes the set '*s' empty.
+func (s *Set[T]) Clear() {
+	s.single = nil
+	s.members = nil
+}
+
+// Equal returns 'true' if the receiver and argument sets are the same.
+func (s Set[T]) Equal(o Set[T]) bool {
+	sLen := s.Len()
+	oLen := o.Len()
+
+	if sLen != oLen {
+		return false
+	}
+
+	switch sLen {
+	case 0:
+		return true
+	case 1:
+		return *s.single == *o.single
+	}
+	// compare the elements of the maps
+	for member := range s.members {
+		if _, ok := o.members[member]; !ok {
+			return false
+		}
+	}
+	return true
+}
+
+// Members returns an iterator for the members in the set.
+func (s Set[T]) Members() iter.Seq[T] {
+	return func(yield func(m T) bool) {
+		if s.single != nil {
+			yield(*s.single)
+		} else {
+			for member := range s.members {
+				if !yield(member) {
+					return
+				}
+			}
+		}
+	}
+}
+
+// MembersOfType return an iterator for each member of type M in the set.
+func MembersOfType[M any, T comparable](s Set[T]) iter.Seq[M] {
+	return func(yield func(m M) bool) {
+		if s.single != nil {
+			if v, ok := any(*s.single).(M); ok {
+				yield(v)
+			}
+		} else {
+			for m := range s.members {
+				if v, ok := any(m).(M); ok {
+					if !yield(v) {
+						return
+					}
+				}
+			}
+		}
+	}
+}
+
+// Get returns any one member from the set.
+// Useful when it is known that the set has only one element.
+func (s Set[T]) Get() (m T, found bool) {
+	length := s.Len()
+
+	switch length {
+	case 0:
+	case 1:
+		m = *s.single
+	default:
+		for m = range s.members {
+			break
+		}
+	}
+	return m, length > 0
+}
+
+// Clone returns a copy of the set.
+func (s Set[T]) Clone() Set[T] {
+	if s.members != nil {
+		return Set[T]{members: maps.Clone(s.members)}
+	}
+	return s // singular value or empty Set
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/container/versioned/value.go b/vendor/github.com/cilium/cilium/pkg/container/versioned/value.go
index f446845349..29c4bfe9e9 100644
--- a/vendor/github.com/cilium/cilium/pkg/container/versioned/value.go
+++ b/vendor/github.com/cilium/cilium/pkg/container/versioned/value.go
@@ -280,7 +280,10 @@ func (v *Coordinator) clean() {
 	// 'keepVersion' is the current version if there are no outstanding VersionHandles
 	keepVersion := v.version
 	if len(v.versions) > 0 {
-		keepVersion = v.versions[0].version
+		// otherwise it is the oldest version for which there is an outstanding handle, if
+		// older than the current version, as if there was an implicit outstanding handle
+		// for the current version.
+		keepVersion = min(v.version, v.versions[0].version)
 	}
 
 	// Call the cleaner for 'keepVersion' only if not already called for this 'keepVersion'.
diff --git a/vendor/github.com/cilium/cilium/pkg/controller/controller.go b/vendor/github.com/cilium/cilium/pkg/controller/controller.go
index 6ee59316bf..0283b3247b 100644
--- a/vendor/github.com/cilium/cilium/pkg/controller/controller.go
+++ b/vendor/github.com/cilium/cilium/pkg/controller/controller.go
@@ -8,11 +8,11 @@ import (
 	"errors"
 	"fmt"
 	"math"
+	stdtime "time"
 
 	"github.com/cilium/hive/cell"
 	"github.com/sirupsen/logrus"
 
-	"github.com/cilium/cilium/pkg/inctimer"
 	"github.com/cilium/cilium/pkg/lock"
 	"github.com/cilium/cilium/pkg/metrics"
 	"github.com/cilium/cilium/pkg/time"
@@ -242,9 +242,6 @@ func (c *controller) GetLastErrorTimestamp() time.Time {
 func (c *controller) runController(params ControllerParams) {
 	errorRetries := 1
 
-	runTimer, timerDone := inctimer.New()
-	defer timerDone()
-
 	for {
 		var err error
 
@@ -325,7 +322,7 @@ func (c *controller) runController(params ControllerParams) {
 
 		case params = <-c.update:
 			// update channel is never closed
-		case <-runTimer.After(interval):
+		case <-stdtime.After(interval):
 			// timer channel is not yet closed
 		case <-c.trigger:
 			// trigger channel is never closed
diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/managed_neighbors.go b/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/managed_neighbors.go
index 596e30ab19..d80f27b97b 100644
--- a/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/managed_neighbors.go
+++ b/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/managed_neighbors.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/vishvananda/netlink"
 
+	"github.com/cilium/cilium/pkg/datapath/linux/safenetlink"
 	"github.com/cilium/cilium/pkg/netns"
 )
 
@@ -70,7 +71,7 @@ func haveManagedNeighbors() (outer error) {
 		return fmt.Errorf("failed to add neighbor: %w", err)
 	}
 
-	nl, err := netlink.NeighList(veth.Index, 0)
+	nl, err := safenetlink.NeighList(veth.Index, 0)
 	if err != nil {
 		return fmt.Errorf("failed to list neighbors: %w", err)
 	}
diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/probes.go b/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/probes.go
index ec10584208..dcf0950dcd 100644
--- a/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/probes.go
+++ b/vendor/github.com/cilium/cilium/pkg/datapath/linux/probes/probes.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math"
 	"net"
 	"os"
 	"path/filepath"
@@ -392,6 +393,13 @@ func HaveFibIfindex() error {
 	return features.HaveProgramHelper(ebpf.SchedCLS, asm.FnRedirectPeer)
 }
 
+// HaveWriteableQueueMapping checks if kernel has 74e31ca850c1 ("bpf: add
+// skb->queue_mapping write access from tc clsact") which is 5.1+. This got merged
+// in the same kernel as the bpf_skb_ecn_set_ce() helper.
+func HaveWriteableQueueMapping() error {
+	return features.HaveProgramHelper(ebpf.SchedCLS, asm.FnSkbEcnSetCe)
+}
+
 // HaveV2ISA is a wrapper around features.HaveV2ISA() to check if the kernel
 // supports the V2 ISA.
 // On unexpected probe results this function will terminate with log.Fatal().
@@ -462,6 +470,51 @@ var HaveTCX = sync.OnceValue(func() error {
 	})
 })
 
+// HaveNetkit returns nil if the running kernel supports attaching bpf programs
+// to netkit devices.
+var HaveNetkit = sync.OnceValue(func() error {
+	prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{
+		Type: ebpf.SchedCLS,
+		Instructions: asm.Instructions{
+			asm.Mov.Imm(asm.R0, 0),
+			asm.Return(),
+		},
+		License: "Apache-2.0",
+	})
+	if err != nil {
+		return err
+	}
+	defer prog.Close()
+
+	ns, err := netns.New()
+	if err != nil {
+		return fmt.Errorf("create netns: %w", err)
+	}
+	defer ns.Close()
+
+	return ns.Do(func() error {
+		l, err := link.AttachNetkit(link.NetkitOptions{
+			Program:   prog,
+			Attach:    ebpf.AttachNetkitPrimary,
+			Interface: math.MaxInt,
+		})
+		// We rely on this being checked during the syscall. With
+		// an otherwise correct payload we expect ENODEV here as
+		// an indication that the feature is present.
+		if errors.Is(err, unix.ENODEV) {
+			return nil
+		}
+		if err != nil {
+			return fmt.Errorf("creating link: %w", err)
+		}
+		if err := l.Close(); err != nil {
+			return fmt.Errorf("closing link: %w", err)
+		}
+
+		return fmt.Errorf("unexpected success: %w", err)
+	})
+})
+
 // HaveOuterSourceIPSupport tests whether the kernel support setting the outer
 // source IP address via the bpf_skb_set_tunnel_key BPF helper. We can't rely
 // on the verifier to reject a program using the new support because the
diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/linux/safenetlink/netlink_linux.go b/vendor/github.com/cilium/cilium/pkg/datapath/linux/safenetlink/netlink_linux.go
new file mode 100644
index 0000000000..8b1216dd90
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/datapath/linux/safenetlink/netlink_linux.go
@@ -0,0 +1,395 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package safenetlink
+
+import (
+	"context"
+	"errors"
+	"net"
+
+	"github.com/vishvananda/netlink"
+	"github.com/vishvananda/netlink/nl"
+
+	"github.com/cilium/cilium/pkg/resiliency"
+	"github.com/cilium/cilium/pkg/time"
+)
+
+const (
+	netlinkRetryInterval = 1 * time.Millisecond
+	netlinkRetryMax      = 30
+)
+
+// WithRetry runs the netlinkFunc. If netlinkFunc returns netlink.ErrDumpInterrupted, the function is retried.
+// If success or any other error is returned, WithRetry returns immediately, propagating the error.
+func WithRetry(netlinkFunc func() error) error {
+	return resiliency.Retry(context.Background(), netlinkRetryInterval, netlinkRetryMax, func(ctx context.Context, retries int) (bool, error) {
+		err := netlinkFunc()
+		if errors.Is(err, netlink.ErrDumpInterrupted) {
+			return false, nil // retry
+		}
+
+		return true, err
+	})
+}
+
+// WithRetryResult works like WithRetry, but allows netlinkFunc to have a return value besides the error
+func WithRetryResult[T any](netlinkFunc func() (T, error)) (out T, err error) {
+	err = WithRetry(func() error {
+		out, err = netlinkFunc()
+		return err
+	})
+	return out, err
+}
+
+// AddrList wraps netlink.AddrList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func AddrList(link netlink.Link, family int) ([]netlink.Addr, error) {
+	return WithRetryResult(func() ([]netlink.Addr, error) {
+		return netlink.AddrList(link, family)
+	})
+}
+
+// BridgeVlanList wraps netlink.BridgeVlanList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
+	return WithRetryResult(func() (map[int32][]*nl.BridgeVlanInfo, error) {
+		return netlink.BridgeVlanList()
+	})
+}
+
+// ChainList wraps netlink.ChainList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func ChainList(link netlink.Link, parent uint32) ([]netlink.Chain, error) {
+	return WithRetryResult(func() ([]netlink.Chain, error) {
+		return netlink.ChainList(link, parent)
+	})
+}
+
+// ClassList wraps netlink.ClassList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func ClassList(link netlink.Link, parent uint32) ([]netlink.Class, error) {
+	return WithRetryResult(func() ([]netlink.Class, error) {
+		return netlink.ClassList(link, parent)
+	})
+}
+
+// ConntrackTableList wraps netlink.ConntrackTableList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func ConntrackTableList(table netlink.ConntrackTableType, family netlink.InetFamily) ([]*netlink.ConntrackFlow, error) {
+	return WithRetryResult(func() ([]*netlink.ConntrackFlow, error) {
+		return netlink.ConntrackTableList(table, family)
+	})
+}
+
+// DevLinkGetDeviceList wraps netlink.DevLinkGetDeviceList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func DevLinkGetDeviceList() ([]*netlink.DevlinkDevice, error) {
+	return WithRetryResult(func() ([]*netlink.DevlinkDevice, error) {
+		return netlink.DevLinkGetDeviceList()
+	})
+}
+
+// DevLinkGetAllPortList wraps netlink.DevLinkGetAllPortList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func DevLinkGetAllPortList() ([]*netlink.DevlinkPort, error) {
+	return WithRetryResult(func() ([]*netlink.DevlinkPort, error) {
+		return netlink.DevLinkGetAllPortList()
+	})
+}
+
+// DevlinkGetDeviceParams wraps netlink.DevlinkGetDeviceParams, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func DevlinkGetDeviceParams(bus string, device string) ([]*netlink.DevlinkParam, error) {
+	return WithRetryResult(func() ([]*netlink.DevlinkParam, error) {
+		return netlink.DevlinkGetDeviceParams(bus, device)
+	})
+}
+
+// FilterList wraps netlink.FilterList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func FilterList(link netlink.Link, parent uint32) ([]netlink.Filter, error) {
+	return WithRetryResult(func() ([]netlink.Filter, error) {
+		return netlink.FilterList(link, parent)
+	})
+}
+
+// FouList wraps netlink.FouList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func FouList(fam int) ([]netlink.Fou, error) {
+	return WithRetryResult(func() ([]netlink.Fou, error) {
+		return netlink.FouList(fam)
+	})
+}
+
+// GenlFamilyList wraps netlink.GenlFamilyList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func GenlFamilyList() ([]*netlink.GenlFamily, error) {
+	return WithRetryResult(func() ([]*netlink.GenlFamily, error) {
+		return netlink.GenlFamilyList()
+	})
+}
+
+// GTPPDPList wraps netlink.GTPPDPList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func GTPPDPList() ([]*netlink.PDP, error) {
+	return WithRetryResult(func() ([]*netlink.PDP, error) {
+		return netlink.GTPPDPList()
+	})
+}
+
+// LinkByName wraps netlink.LinkByName, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func LinkByName(name string) (netlink.Link, error) {
+	return WithRetryResult(func() (netlink.Link, error) {
+		return netlink.LinkByName(name)
+	})
+}
+
+// LinkByAlias wraps netlink.LinkByAlias, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func LinkByAlias(alias string) (netlink.Link, error) {
+	return WithRetryResult(func() (netlink.Link, error) {
+		return netlink.LinkByAlias(alias)
+	})
+}
+
+// LinkList wraps netlink.LinkList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func LinkList() ([]netlink.Link, error) {
+	return WithRetryResult(func() ([]netlink.Link, error) {
+		return netlink.LinkList()
+	})
+}
+
+// LinkSubscribeWithOptions wraps netlink.LinkSubscribeWithOptions, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func LinkSubscribeWithOptions(ch chan<- netlink.LinkUpdate, done <-chan struct{}, options netlink.LinkSubscribeOptions) error {
+	return WithRetry(func() error {
+		return netlink.LinkSubscribeWithOptions(ch, done, options)
+	})
+}
+
+// NeighList wraps netlink.NeighList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func NeighList(linkIndex, family int) ([]netlink.Neigh, error) {
+	return WithRetryResult(func() ([]netlink.Neigh, error) {
+		return netlink.NeighList(linkIndex, family)
+	})
+}
+
+// NeighProxyList wraps netlink.NeighProxyList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func NeighProxyList(linkIndex, family int) ([]netlink.Neigh, error) {
+	return WithRetryResult(func() ([]netlink.Neigh, error) {
+		return netlink.NeighProxyList(linkIndex, family)
+	})
+}
+
+// NeighListExecute wraps netlink.NeighListExecute, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func NeighListExecute(msg netlink.Ndmsg) ([]netlink.Neigh, error) {
+	return WithRetryResult(func() ([]netlink.Neigh, error) {
+		return netlink.NeighListExecute(msg)
+	})
+}
+
+// LinkGetProtinfo wraps netlink.LinkGetProtinfo, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func LinkGetProtinfo(link netlink.Link) (netlink.Protinfo, error) {
+	return WithRetryResult(func() (netlink.Protinfo, error) {
+		return netlink.LinkGetProtinfo(link)
+	})
+}
+
+// QdiscList wraps netlink.QdiscList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func QdiscList(link netlink.Link) ([]netlink.Qdisc, error) {
+	return WithRetryResult(func() ([]netlink.Qdisc, error) {
+		return netlink.QdiscList(link)
+	})
+}
+
+// RdmaLinkList wraps netlink.RdmaLinkList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func RdmaLinkList() ([]*netlink.RdmaLink, error) {
+	return WithRetryResult(func() ([]*netlink.RdmaLink, error) {
+		return netlink.RdmaLinkList()
+	})
+}
+
+// RdmaLinkByName wraps netlink.RdmaLinkByName, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func RdmaLinkByName(name string) (*netlink.RdmaLink, error) {
+	return WithRetryResult(func() (*netlink.RdmaLink, error) {
+		return netlink.RdmaLinkByName(name)
+	})
+}
+
+// RdmaLinkDel wraps netlink.RdmaLinkDel, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func RdmaLinkDel(name string) error {
+	return WithRetry(func() error {
+		return netlink.RdmaLinkDel(name)
+	})
+}
+
+// RouteList wraps netlink.RouteList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func RouteList(link netlink.Link, family int) ([]netlink.Route, error) {
+	return WithRetryResult(func() ([]netlink.Route, error) {
+		return netlink.RouteList(link, family)
+	})
+}
+
+// RouteListFiltered wraps netlink.RouteListFiltered, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func RouteListFiltered(family int, filter *netlink.Route, filterMask uint64) ([]netlink.Route, error) {
+	return WithRetryResult(func() ([]netlink.Route, error) {
+		return netlink.RouteListFiltered(family, filter, filterMask)
+	})
+}
+
+// RouteListFilteredIter wraps netlink.RouteListFilteredIter, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func RouteListFilteredIter(family int, filter *netlink.Route, filterMask uint64, f func(netlink.Route) (cont bool)) error {
+	return WithRetry(func() error {
+		return netlink.RouteListFilteredIter(family, filter, filterMask, f)
+	})
+}
+
+// RouteSubscribeWithOptions wraps netlink.RouteSubscribeWithOptions, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func RouteSubscribeWithOptions(ch chan<- netlink.RouteUpdate, done <-chan struct{}, options netlink.RouteSubscribeOptions) error {
+	return WithRetry(func() error {
+		return netlink.RouteSubscribeWithOptions(ch, done, options)
+	})
+}
+
+// RuleList wraps netlink.RuleList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func RuleList(family int) ([]netlink.Rule, error) {
+	return WithRetryResult(func() ([]netlink.Rule, error) {
+		return netlink.RuleList(family)
+	})
+}
+
+// RuleListFiltered wraps netlink.RuleListFiltered, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func RuleListFiltered(family int, filter *netlink.Rule, filterMask uint64) ([]netlink.Rule, error) {
+	return WithRetryResult(func() ([]netlink.Rule, error) {
+		return netlink.RuleListFiltered(family, filter, filterMask)
+	})
+}
+
+// SocketGet wraps netlink.SocketGet, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func SocketGet(local, remote net.Addr) (*netlink.Socket, error) {
+	return WithRetryResult(func() (*netlink.Socket, error) {
+		return netlink.SocketGet(local, remote)
+	})
+}
+
+// SocketDiagTCPInfo wraps netlink.SocketDiagTCPInfo, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func SocketDiagTCPInfo(family uint8) ([]*netlink.InetDiagTCPInfoResp, error) {
+	return WithRetryResult(func() ([]*netlink.InetDiagTCPInfoResp, error) {
+		return netlink.SocketDiagTCPInfo(family)
+	})
+}
+
+// SocketDiagTCP wraps netlink.SocketDiagTCP, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func SocketDiagTCP(family uint8) ([]*netlink.Socket, error) {
+	return WithRetryResult(func() ([]*netlink.Socket, error) {
+		return netlink.SocketDiagTCP(family)
+	})
+}
+
+// SocketDiagUDPInfo wraps netlink.SocketDiagUDPInfo, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func SocketDiagUDPInfo(family uint8) ([]*netlink.InetDiagUDPInfoResp, error) {
+	return WithRetryResult(func() ([]*netlink.InetDiagUDPInfoResp, error) {
+		return netlink.SocketDiagUDPInfo(family)
+	})
+}
+
+// SocketDiagUDP wraps netlink.SocketDiagUDP, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func SocketDiagUDP(family uint8) ([]*netlink.Socket, error) {
+	return WithRetryResult(func() ([]*netlink.Socket, error) {
+		return netlink.SocketDiagUDP(family)
+	})
+}
+
+// UnixSocketDiagInfo wraps netlink.UnixSocketDiagInfo, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func UnixSocketDiagInfo() ([]*netlink.UnixDiagInfoResp, error) {
+	return WithRetryResult(func() ([]*netlink.UnixDiagInfoResp, error) {
+		return netlink.UnixSocketDiagInfo()
+	})
+}
+
+// UnixSocketDiag wraps netlink.UnixSocketDiag, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func UnixSocketDiag() ([]*netlink.UnixSocket, error) {
+	return WithRetryResult(func() ([]*netlink.UnixSocket, error) {
+		return netlink.UnixSocketDiag()
+	})
+}
+
+// SocketXDPGetInfo wraps netlink.SocketXDPGetInfo, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func SocketXDPGetInfo(ino uint32, cookie uint64) (*netlink.XDPDiagInfoResp, error) {
+	return WithRetryResult(func() (*netlink.XDPDiagInfoResp, error) {
+		return netlink.SocketXDPGetInfo(ino, cookie)
+	})
+}
+
+// SocketDiagXDP wraps netlink.SocketDiagXDP, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func SocketDiagXDP() ([]*netlink.XDPDiagInfoResp, error) {
+	return WithRetryResult(func() ([]*netlink.XDPDiagInfoResp, error) {
+		return netlink.SocketDiagXDP()
+	})
+}
+
+// VDPAGetDevList wraps netlink.VDPAGetDevList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func VDPAGetDevList() ([]*netlink.VDPADev, error) {
+	return WithRetryResult(func() ([]*netlink.VDPADev, error) {
+		return netlink.VDPAGetDevList()
+	})
+}
+
+// VDPAGetDevConfigList wraps netlink.VDPAGetDevConfigList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func VDPAGetDevConfigList() ([]*netlink.VDPADevConfig, error) {
+	return WithRetryResult(func() ([]*netlink.VDPADevConfig, error) {
+		return netlink.VDPAGetDevConfigList()
+	})
+}
+
+// VDPAGetMGMTDevList wraps netlink.VDPAGetMGMTDevList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func VDPAGetMGMTDevList() ([]*netlink.VDPAMGMTDev, error) {
+	return WithRetryResult(func() ([]*netlink.VDPAMGMTDev, error) {
+		return netlink.VDPAGetMGMTDevList()
+	})
+}
+
+// XfrmPolicyList wraps netlink.XfrmPolicyList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func XfrmPolicyList(family int) ([]netlink.XfrmPolicy, error) {
+	return WithRetryResult(func() ([]netlink.XfrmPolicy, error) {
+		return netlink.XfrmPolicyList(family)
+	})
+}
+
+// XfrmStateList wraps netlink.XfrmStateList, but retries the call automatically
+// if netlink.ErrDumpInterrupted is returned
+func XfrmStateList(family int) ([]netlink.XfrmState, error) {
+	return WithRetryResult(func() ([]netlink.XfrmState, error) {
+		return netlink.XfrmStateList(family)
+	})
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/linux/safenetlink/netlink_unspecified.go b/vendor/github.com/cilium/cilium/pkg/datapath/linux/safenetlink/netlink_unspecified.go
new file mode 100644
index 0000000000..046c03f99e
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/datapath/linux/safenetlink/netlink_unspecified.go
@@ -0,0 +1,141 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+//go:build !linux
+
+// This file duplicates the stubs that exist in vishvananda/netlink outside the linux build. Not all
+// functions defined in found in netlink_linux.go are present here, because not all have a stub in
+// vishvananda/netlink, and thus some of the necessary function signature types are missing outside
+// the linux build.
+
+package safenetlink
+
+import (
+	"net"
+
+	"github.com/vishvananda/netlink"
+)
+
+func AddrList(link netlink.Link, family int) ([]netlink.Addr, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func ChainList(link netlink.Link, parent uint32) ([]netlink.Chain, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func ClassList(link netlink.Link, parent uint32) ([]netlink.Class, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func ConntrackTableList(table netlink.ConntrackTableType, family netlink.InetFamily) ([]*netlink.ConntrackFlow, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func FilterList(link netlink.Link, parent uint32) ([]netlink.Filter, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func FouList(fam int) ([]netlink.Fou, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func GenlFamilyList() ([]*netlink.GenlFamily, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func LinkByName(name string) (netlink.Link, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func LinkByAlias(alias string) (netlink.Link, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func LinkList() ([]netlink.Link, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func NeighList(linkIndex, family int) ([]netlink.Neigh, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func NeighProxyList(linkIndex, family int) ([]netlink.Neigh, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func LinkGetProtinfo(link netlink.Link) (netlink.Protinfo, error) {
+	return netlink.Protinfo{}, netlink.ErrNotImplemented
+}
+
+func QdiscList(link netlink.Link) ([]netlink.Qdisc, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func RdmaLinkDel(name string) error {
+	return netlink.ErrNotImplemented
+}
+
+func RouteList(link netlink.Link, family int) ([]netlink.Route, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func RouteListFiltered(family int, filter *netlink.Route, filterMask uint64) ([]netlink.Route, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func RouteListFilteredIter(family int, filter *netlink.Route, filterMask uint64, f func(netlink.Route) (cont bool)) error {
+	return netlink.ErrNotImplemented
+}
+
+func RuleList(family int) ([]netlink.Rule, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func RuleListFiltered(family int, filter *netlink.Rule, filterMask uint64) ([]netlink.Rule, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func SocketGet(local, remote net.Addr) (*netlink.Socket, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func SocketDiagTCPInfo(family uint8) ([]*netlink.InetDiagTCPInfoResp, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func SocketDiagTCP(family uint8) ([]*netlink.Socket, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func SocketDiagUDPInfo(family uint8) ([]*netlink.InetDiagUDPInfoResp, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func SocketDiagUDP(family uint8) ([]*netlink.Socket, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func UnixSocketDiagInfo() ([]*netlink.UnixDiagInfoResp, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func UnixSocketDiag() ([]*netlink.UnixSocket, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func SocketXDPGetInfo(ino uint32, cookie uint64) (*netlink.XDPDiagInfoResp, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func SocketDiagXDP() ([]*netlink.XDPDiagInfoResp, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func XfrmPolicyList(family int) ([]netlink.XfrmPolicy, error) {
+	return nil, netlink.ErrNotImplemented
+}
+
+func XfrmStateList(family int) ([]netlink.XfrmState, error) {
+	return nil, netlink.ErrNotImplemented
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/tunnel/tunnel.go b/vendor/github.com/cilium/cilium/pkg/datapath/tunnel/tunnel.go
index c914a411f8..54b2f176cd 100644
--- a/vendor/github.com/cilium/cilium/pkg/datapath/tunnel/tunnel.go
+++ b/vendor/github.com/cilium/cilium/pkg/datapath/tunnel/tunnel.go
@@ -9,9 +9,9 @@ import (
 
 	"github.com/cilium/hive/cell"
 	"github.com/spf13/pflag"
-	"github.com/vishvananda/netlink"
 
 	dpcfgdef "github.com/cilium/cilium/pkg/datapath/linux/config/defines"
+	"github.com/cilium/cilium/pkg/datapath/linux/safenetlink"
 	"github.com/cilium/cilium/pkg/defaults"
 )
 
@@ -162,7 +162,7 @@ func (cfg Config) datapathConfigProvider() (dpcfgdef.NodeOut, dpcfgdef.NodeFnOut
 		defines["TUNNEL_PORT"] = fmt.Sprintf("%d", cfg.Port())
 
 		definesFn = func() (dpcfgdef.Map, error) {
-			tunnelDev, err := netlink.LinkByName(cfg.DeviceName())
+			tunnelDev, err := safenetlink.LinkByName(cfg.DeviceName())
 			if err != nil {
 				return nil, fmt.Errorf("failed to retrieve device info for %q: %w", cfg.DeviceName(), err)
 			}
diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/types/loader.go b/vendor/github.com/cilium/cilium/pkg/datapath/types/loader.go
index 386fee101f..f4fafb5eec 100644
--- a/vendor/github.com/cilium/cilium/pkg/datapath/types/loader.go
+++ b/vendor/github.com/cilium/cilium/pkg/datapath/types/loader.go
@@ -40,7 +40,7 @@ type PreFilter interface {
 // Proxy is any type which installs rules related to redirecting traffic to
 // a proxy.
 type Proxy interface {
-	ReinstallRoutingRules() error
+	ReinstallRoutingRules(mtu int) error
 }
 
 // IptablesManager manages iptables rules.
diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/types/node.go b/vendor/github.com/cilium/cilium/pkg/datapath/types/node.go
index ecddfa02c8..9b741a138b 100644
--- a/vendor/github.com/cilium/cilium/pkg/datapath/types/node.go
+++ b/vendor/github.com/cilium/cilium/pkg/datapath/types/node.go
@@ -174,6 +174,10 @@ type LocalNodeConfiguration struct {
 	// XDPConfig holds configuration options to determine how the node should
 	// handle XDP programs.
 	XDPConfig xdp.Config
+
+	// RoutingMode is the current routing mode of the local node.
+	// Can be 'native' or 'tunnel'.
+	RoutingMode string
 }
 
 func (cfg *LocalNodeConfiguration) DeviceNames() []string {
diff --git a/vendor/github.com/cilium/cilium/pkg/datapath/types/zz_generated.deepequal.go b/vendor/github.com/cilium/cilium/pkg/datapath/types/zz_generated.deepequal.go
index c0b1bc0895..f4b908812e 100644
--- a/vendor/github.com/cilium/cilium/pkg/datapath/types/zz_generated.deepequal.go
+++ b/vendor/github.com/cilium/cilium/pkg/datapath/types/zz_generated.deepequal.go
@@ -255,5 +255,9 @@ func (in *LocalNodeConfiguration) DeepEqual(other *LocalNodeConfiguration) bool
 		return false
 	}
 
+	if in.RoutingMode != other.RoutingMode {
+		return false
+	}
+
 	return true
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go b/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go
index f73cfded0b..995ea59f8f 100644
--- a/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go
+++ b/vendor/github.com/cilium/cilium/pkg/defaults/defaults.go
@@ -72,43 +72,9 @@ const (
 	// SockPathEnv is the environment variable to overwrite SockPath
 	SockPathEnv = "CILIUM_SOCK"
 
-	// HubbleSockPath is the path to the UNIX domain socket exposing the Hubble
-	// API to clients locally.
-	HubbleSockPath = RuntimePath + "/hubble.sock"
-
-	// HubbleSockPathEnv is the environment variable to overwrite
-	// HubbleSockPath.
-	HubbleSockPathEnv = "HUBBLE_SOCK"
-
-	// HubbleRecorderStoragePath specifies the directory in which pcap files
-	// created via the Hubble Recorder API are stored
-	HubbleRecorderStoragePath = RuntimePath + "/pcaps"
-
-	// HubbleRecorderSinkQueueSize is the queue size for each recorder sink
-	HubbleRecorderSinkQueueSize = 1024
-
-	// HubbleRedactEnabled controls if sensitive information will be redacted from L7 flows
-	HubbleRedactEnabled = false
-
-	// HubbleRedactHttpURLQuery controls if the URL query will be redacted from flows
-	HubbleRedactHttpURLQuery = false
-
-	// HubbleRedactHttpUserInfo controls if the user info will be redacted from flows
-	HubbleRedactHttpUserInfo = true
-
-	// HubbleRedactKafkaApiKey controls if the Kafka API key will be redacted from flows
-	HubbleRedactKafkaApiKey = false
-
-	// HubbleDropEventsEnabled controls whether Hubble should create v1.Events
-	// for packet drops related to pods
-	HubbleDropEventsEnabled = false
-
-	// HubbleDropEventsInterval controls the minimum time between emitting events
-	// with the same source and destination IP
-	HubbleDropEventsInterval = 2 * time.Minute
-
-	// HubbleDropEventsReasons controls which drop reasons to emit events for
-	HubbleDropEventsReasons = "auth_required,policy_denied"
+	// ShellSockPath is the path to the UNIX domain socket exposing the debug shell
+	// to which "cilium-dbg shell" connects to.
+	ShellSockPath = RuntimePath + "/shell.sock"
 
 	// MonitorSockPath1_2 is the path to the UNIX domain socket used to
 	// distribute BPF and agent events to listeners.
@@ -571,6 +537,13 @@ const (
 	// EnableK8sNetworkPolicy enables support for K8s NetworkPolicy.
 	EnableK8sNetworkPolicy = true
 
+	// EnableCiliumNetworkPolicy enables support for Cilium Network Policy.
+	EnableCiliumNetworkPolicy = true
+
+	// EnableCiliumClusterwideNetworkPolicy enables support for Cilium Clusterwide
+	// Network Policy.
+	EnableCiliumClusterwideNetworkPolicy = true
+
 	// MaxConnectedClusters sets the maximum number of clusters that can be
 	// connected in a clustermesh.
 	// The value is used to determine the bit allocation for cluster ID and
@@ -590,8 +563,8 @@ const (
 	// BPFEventsTraceEnabled controls whether the Cilium datapath exposes "trace" events to Cilium monitor and Hubble.
 	BPFEventsTraceEnabled = true
 
-	// BPFConntrackAccountingEnabled controls whether CT accounting for packets and bytes is enabled
-	BPFConntrackAccountingEnabled = false
+	// BPFConntrackAccounting controls whether CT accounting for packets and bytes is enabled
+	BPFConntrackAccounting = false
 
 	// EnableEnvoyConfig is the default value for option.EnableEnvoyConfig
 	EnableEnvoyConfig = false
@@ -604,6 +577,9 @@ const (
 
 	// EnableNonDefaultDenyPolicies allows policies to define whether they are operating in default-deny mode
 	EnableNonDefaultDenyPolicies = true
+
+	// EnableSourceIPVerification is the default value for source ip validation
+	EnableSourceIPVerification = true
 )
 
 var (
diff --git a/vendor/github.com/cilium/cilium/pkg/health/client/client.go b/vendor/github.com/cilium/cilium/pkg/health/client/client.go
index 2867cfaaa6..c30e1b25f4 100644
--- a/vendor/github.com/cilium/cilium/pkg/health/client/client.go
+++ b/vendor/github.com/cilium/cilium/pkg/health/client/client.go
@@ -320,63 +320,88 @@ func GetAllEndpointAddresses(node *models.NodeStatus) []*models.PathStatus {
 	return append([]*models.PathStatus{node.HealthEndpoint.PrimaryAddress}, node.HealthEndpoint.SecondaryAddresses...)
 }
 
-func formatNodeStatus(w io.Writer, node *models.NodeStatus, printAll, succinct, verbose, localhost bool) {
+func formatNodeStatus(w io.Writer, node *models.NodeStatus, allNodes, verbose, localhost bool) bool {
 	localStr := ""
 	if localhost {
 		localStr = " (localhost)"
 	}
-	if succinct {
-		if printAll || !nodeIsHealthy(node) {
-			ips := []string{getPrimaryAddressIP(node)}
-			for _, addr := range GetHostSecondaryAddresses(node) {
-				if addr == nil {
-					continue
-				}
-				ips = append(ips, addr.IP)
-			}
-			hostStatuses := SummarizePathConnectivityStatusType(GetAllHostAddresses(node))
-			endpointStatuses := SummarizePathConnectivityStatusType(GetAllEndpointAddresses(node))
 
-			fmt.Fprintf(w, "  %s%s\t%s\t%d/%d", node.Name, localStr, strings.Join(ips, ","), hostStatuses[ConnStatusReachable], len(GetAllHostAddresses(node)))
-			if hostStatuses[ConnStatusUnknown] > 0 {
-				fmt.Fprintf(w, " (%d unknown)", hostStatuses[ConnStatusUnknown])
-			}
-			fmt.Fprintf(w, "\t%d/%d", endpointStatuses[ConnStatusReachable], len(GetAllEndpointAddresses(node)))
-			if endpointStatuses[ConnStatusUnknown] > 0 {
-				fmt.Fprintf(w, " (%d unknown)", endpointStatuses[ConnStatusUnknown])
-			}
-			fmt.Fprintf(w, "\n")
-		}
-	} else {
+	if verbose {
 		fmt.Fprintf(w, "  %s%s:\n", node.Name, localStr)
 		formatPathStatus(w, "Host", GetHostPrimaryAddress(node), "    ", verbose)
 		unhealthyPaths := !allPathsAreHealthyOrUnknown(GetHostSecondaryAddresses(node))
 		if (verbose || unhealthyPaths) && node.Host != nil {
 			for _, addr := range node.Host.SecondaryAddresses {
-				formatPathStatus(w, "Secondary", addr, "      ", verbose)
+				formatPathStatus(w, "Secondary Host", addr, "    ", verbose)
 			}
 		}
 		formatPathStatus(w, "Endpoint", GetEndpointPrimaryAddress(node), "    ", verbose)
 		unhealthyPaths = !allPathsAreHealthyOrUnknown(GetEndpointSecondaryAddresses(node))
 		if (verbose || unhealthyPaths) && node.HealthEndpoint != nil {
 			for _, addr := range node.HealthEndpoint.SecondaryAddresses {
-				formatPathStatus(w, "Secondary", addr, "      ", verbose)
+				formatPathStatus(w, "Secondary Endpoint", addr, "    ", verbose)
+			}
+		}
+		return true
+	}
+
+	hostStatuses := SummarizePathConnectivityStatusType(GetAllHostAddresses(node))
+	endpointStatuses := SummarizePathConnectivityStatusType(GetAllEndpointAddresses(node))
+
+	if !nodeIsHealthy(node) {
+		ips := []string{getPrimaryAddressIP(node)}
+		for _, addr := range GetHostSecondaryAddresses(node) {
+			if addr == nil {
+				continue
+			}
+			ips = append(ips, addr.IP)
+		}
+		fmt.Fprintf(w, "  %s%s\t%s\t%d/%d", node.Name, localStr, strings.Join(ips, ","), hostStatuses[ConnStatusReachable], len(GetAllHostAddresses(node)))
+		if hostStatuses[ConnStatusUnknown] > 0 {
+			fmt.Fprintf(w, " (%d unknown)", hostStatuses[ConnStatusUnknown])
+		}
+		fmt.Fprintf(w, "\t%d/%d", endpointStatuses[ConnStatusReachable], len(GetAllEndpointAddresses(node)))
+		if endpointStatuses[ConnStatusUnknown] > 0 {
+			fmt.Fprintf(w, " (%d unknown)", endpointStatuses[ConnStatusUnknown])
+		}
+		fmt.Fprintf(w, "\n")
+		return true
+	}
+
+	if allNodes {
+		ips := []string{getPrimaryAddressIP(node)}
+		for _, addr := range GetHostSecondaryAddresses(node) {
+			if addr == nil {
+				continue
 			}
+			ips = append(ips, addr.IP)
+		}
+		fmt.Fprintf(w, "  %s%s\t%s\t%d/%d", node.Name, localStr, strings.Join(ips, ","), hostStatuses[ConnStatusReachable], len(GetAllHostAddresses(node)))
+		if hostStatuses[ConnStatusUnknown] > 0 {
+			fmt.Fprintf(w, " (%d unknown)", hostStatuses[ConnStatusUnknown])
 		}
+		fmt.Fprintf(w, "\t%d/%d", endpointStatuses[ConnStatusReachable], len(GetAllEndpointAddresses(node)))
+		if endpointStatuses[ConnStatusUnknown] > 0 {
+			fmt.Fprintf(w, " (%d unknown)", endpointStatuses[ConnStatusUnknown])
+		}
+		fmt.Fprintf(w, "\n")
+		return true
 	}
+
+	return false
 }
 
 // FormatHealthStatusResponse writes a HealthStatusResponse as a string to the
 // writer.
 //
-// 'printAll', if true, causes all nodes to be printed regardless of status
-// 'succinct', if true, causes node health to be output as one line per node
-// 'verbose', if true, overrides 'succinct' and prints all information
+// 'allNodes', if true, causes all nodes to be printed regardless of status
+// 'verbose', if true, prints all information
 // 'maxLines', if nonzero, determines the maximum number of lines to print
-func FormatHealthStatusResponse(w io.Writer, sr *models.HealthStatusResponse, printAll, succinct, verbose bool, maxLines int) {
+func FormatHealthStatusResponse(w io.Writer, sr *models.HealthStatusResponse, allNodes bool, verbose bool, maxLines int) {
 	var (
-		healthy   int
-		localhost *models.NodeStatus
+		healthy      int
+		localhost    *models.NodeStatus
+		printedLines int
 	)
 	for _, node := range sr.Nodes {
 		if nodeIsHealthy(node) {
@@ -386,37 +411,35 @@ func FormatHealthStatusResponse(w io.Writer, sr *models.HealthStatusResponse, pr
 			localhost = node
 		}
 	}
-	if succinct {
-		fmt.Fprintf(w, "Cluster health:\t%d/%d reachable\t(%s)\n",
-			healthy, len(sr.Nodes), sr.Timestamp)
-		if printAll || healthy < len(sr.Nodes) {
-			fmt.Fprintf(w, "  Name\tIP\tNode\tEndpoints\n")
-		}
-	} else {
-		fmt.Fprintf(w, "Probe time:\t%s\n", sr.Timestamp)
-		fmt.Fprintf(w, "Nodes:\n")
-	}
+
+	fmt.Fprintf(w, "Cluster health:\t%d/%d reachable\t(%s)\n",
+		healthy, len(sr.Nodes), sr.Timestamp)
+
+	fmt.Fprintf(w, "Name\tIP\tNode\tEndpoints\n")
 
 	if localhost != nil {
-		formatNodeStatus(w, localhost, printAll, succinct, verbose, true)
-		maxLines--
+		if formatNodeStatus(w, localhost, allNodes, verbose, true) {
+			printedLines++
+		}
 	}
 
 	nodes := sr.Nodes
 	sort.Slice(nodes, func(i, j int) bool {
 		return strings.Compare(nodes[i].Name, nodes[j].Name) < 0
 	})
-	for n, node := range nodes {
-		if maxLines > 0 && n > maxLines {
+	for _, node := range nodes {
+		if printedLines == maxLines {
 			break
 		}
 		if node == localhost {
 			continue
 		}
-		formatNodeStatus(w, node, printAll, succinct, verbose, false)
+		if formatNodeStatus(w, node, allNodes, verbose, false) {
+			printedLines++
+		}
 	}
-	if maxLines > 0 && len(sr.Nodes)-healthy > maxLines {
-		fmt.Fprintf(w, "  ...")
+	if len(sr.Nodes)-printedLines-healthy > 0 {
+		fmt.Fprintf(w, "  ...\n")
 	}
 }
 
@@ -424,9 +447,9 @@ func FormatHealthStatusResponse(w io.Writer, sr *models.HealthStatusResponse, pr
 // daemon via the default channel and formats its output as a string to the
 // writer.
 //
-// 'succinct', 'verbose' and 'maxLines' are handled the same as in
+// 'verbose' and 'maxLines' are handled the same as in
 // FormatHealthStatusResponse().
-func GetAndFormatHealthStatus(w io.Writer, succinct, verbose bool, maxLines int) {
+func GetAndFormatHealthStatus(w io.Writer, allNodes bool, verbose bool, maxLines int) {
 	client, err := NewClient("")
 	if err != nil {
 		fmt.Fprintf(w, "Cluster health:\t\t\tClient error: %s\n", err)
@@ -438,5 +461,5 @@ func GetAndFormatHealthStatus(w io.Writer, succinct, verbose bool, maxLines int)
 		fmt.Fprintf(w, "Cluster health:\t\t\tWarning\tcilium-health daemon unreachable\n")
 		return
 	}
-	FormatHealthStatusResponse(w, hr.Payload, verbose, succinct, verbose, maxLines)
+	FormatHealthStatusResponse(w, hr.Payload, allNodes, verbose, maxLines)
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/hive/feature_lifecycle.go b/vendor/github.com/cilium/cilium/pkg/hive/feature_lifecycle.go
deleted file mode 100644
index 2b95718301..0000000000
--- a/vendor/github.com/cilium/cilium/pkg/hive/feature_lifecycle.go
+++ /dev/null
@@ -1,128 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright Authors of Cilium
-
-package hive
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"log/slog"
-	"maps"
-	"slices"
-
-	"github.com/cilium/hive/cell"
-
-	"github.com/cilium/cilium/pkg/lock"
-)
-
-type FeatureLifecycleInterface interface {
-	Append(Feature, cell.Hook) error
-	Start(Feature, context.Context, *slog.Logger) error
-	Stop(Feature, context.Context, *slog.Logger) error
-
-	IsRunning(Feature) bool
-	List() []Feature
-}
-
-type Feature string
-type FeatureLifecycle struct {
-	mu     lock.Mutex
-	hooks  map[Feature][]cell.Hook
-	status map[Feature]bool
-}
-
-func NewFeatureLifecycle() *FeatureLifecycle {
-	return &FeatureLifecycle{
-		hooks:  make(map[Feature][]cell.Hook),
-		status: make(map[Feature]bool),
-	}
-}
-
-// Append adds a hook to the feature hooks, marking the feature as not running.
-// It returns an error if the feature is already running.
-func (fl *FeatureLifecycle) Append(f Feature, h cell.Hook) error {
-	fl.mu.Lock()
-	defer fl.mu.Unlock()
-
-	if status, ok := fl.status[f]; ok && status {
-		return fmt.Errorf("cannot add hooks to a running feature: %s", f)
-	}
-
-	fl.hooks[f] = append(fl.hooks[f], h)
-	fl.status[f] = false
-
-	return nil
-}
-
-// Start attempts to start a feature by executing its associated hooks.
-// It returns an error if the feature is already running
-// or if any hook fails to start.
-func (fl *FeatureLifecycle) Start(f Feature, c context.Context, l *slog.Logger) error {
-	fl.mu.Lock()
-	defer fl.mu.Unlock()
-
-	if status, ok := fl.status[f]; ok && status {
-		return fmt.Errorf("feature %s is already running", f)
-	}
-
-	l.Debug("Starting hooks for", "feature", f)
-	for _, hook := range fl.hooks[f] {
-		if err := hook.Start(c); err != nil {
-			l.Error("Start hook failed", "error", err)
-			return fmt.Errorf("starting hook for feature %s: %w", f, err)
-		}
-	}
-
-	fl.status[f] = true
-
-	return nil
-}
-
-// Stop attempts to stop a feature by stopping its associated hooks.
-// It returns an error if the feature is already stopped.
-// If any hook encounters an error during stopping it aggregates into return error
-func (fl *FeatureLifecycle) Stop(f Feature, c context.Context, l *slog.Logger) error {
-	fl.mu.Lock()
-	defer fl.mu.Unlock()
-
-	if status, ok := fl.status[f]; ok && !status {
-		return fmt.Errorf("feature %s is already stopped", f)
-	}
-
-	var errs error
-
-	l.Debug("Stopping hooks for", "feature", f)
-
-	for i := len(fl.hooks[f]) - 1; i >= 0; i-- {
-		hook := fl.hooks[f][i]
-		if err := hook.Stop(c); err != nil {
-			l.Error("Stop hook failed", "error", err)
-			errs = errors.Join(errs, err)
-		}
-	}
-
-	fl.status[f] = false
-
-	return errs
-}
-
-// IsRunning checks if a feature is currently running.
-// It returns true if the feature exists in status map
-// and its status is true, and false otherwise.
-func (fl *FeatureLifecycle) IsRunning(f Feature) bool {
-	fl.mu.Lock()
-	defer fl.mu.Unlock()
-
-	status, ok := fl.status[f]
-	return ok && status
-
-}
-
-// List returns a list of all features registered
-func (fl *FeatureLifecycle) List() []Feature {
-	fl.mu.Lock()
-	defer fl.mu.Unlock()
-
-	return slices.Collect(maps.Keys(fl.hooks))
-}
diff --git a/vendor/github.com/cilium/cilium/pkg/hive/health/metrics.go b/vendor/github.com/cilium/cilium/pkg/hive/health/metrics.go
index b1f24738f4..1e65a15dce 100644
--- a/vendor/github.com/cilium/cilium/pkg/hive/health/metrics.go
+++ b/vendor/github.com/cilium/cilium/pkg/hive/health/metrics.go
@@ -18,7 +18,8 @@ import (
 )
 
 type Metrics struct {
-	HealthStatusGauge metric.Vec[metric.Gauge]
+	HealthStatusGauge         metric.Vec[metric.Gauge]
+	DegradedHealthStatusGauge metric.DeletableVec[metric.Gauge]
 }
 
 func newMetrics() *Metrics {
@@ -30,10 +31,18 @@ func newMetrics() *Metrics {
 			Name:       "status",
 			Help:       "Counts of health status levels of Hive components",
 		}, []string{"status"}),
+
+		DegradedHealthStatusGauge: metric.NewGaugeVec(metric.GaugeOpts{
+			Namespace: "cilium",
+			Subsystem: "hive",
+			Name:      "degraded_status",
+			Help:      "Counts degraded health status levels of Hive components labeled by modules",
+			Disabled:  true,
+		}, []string{"module"}),
 	}
 }
 
-type publishFunc func(map[types.Level]uint64)
+type publishFunc func(map[types.Level]uint64, map[string]uint64)
 
 type metricPublisherParams struct {
 	cell.In
@@ -44,13 +53,24 @@ type metricPublisherParams struct {
 	Metrics  *Metrics
 }
 
-// metricPublisher periodically publishes the hive module health metric (hive_health_status_levels).
+// metricPublisher periodically publishes the hive module health metric
+// * cilium_hive_status
+// * cilium_hive_degraded_status
 func metricPublisher(p metricPublisherParams) {
 	// Performs the actual writing to the metric. Extracted to make testing easy.
-	publish := func(stats map[types.Level]uint64) {
+	publish := func(stats map[types.Level]uint64, degradedModuleCount map[string]uint64) {
 		for l, v := range stats {
 			p.Metrics.HealthStatusGauge.WithLabelValues(strings.ToLower(string(l))).Set(float64(v))
 		}
+		for k, v := range degradedModuleCount {
+			// If the module is healthy attempt to remove any associated metrics with that module
+			if v == 0 {
+				p.Metrics.DegradedHealthStatusGauge.DeleteLabelValues(k)
+				continue
+			}
+
+			p.Metrics.DegradedHealthStatusGauge.WithLabelValues(k).Set(float64(v))
+		}
 	}
 
 	if p.Metrics.HealthStatusGauge.IsEnabled() {
@@ -68,13 +88,34 @@ func publishJob(ctx context.Context, p metricPublisherParams, publish publishFun
 	limiter := rate.NewLimiter(15*time.Second, 3)
 	defer limiter.Stop() // Avoids leaking a goroutine.
 
+	idToStatus := make(map[string]uint64)
 	it, watch := p.Table.AllWatch(p.DB.ReadTxn())
 	for {
 		stats := make(map[types.Level]uint64)
+		// Reset health ID status counts
+		for k := range idToStatus {
+			idToStatus[k] = 0
+		}
+
 		for obj := range it {
 			stats[obj.Level]++
+
+			_, ok := idToStatus[obj.ID.Module.String()]
+			if obj.Level == types.LevelDegraded {
+				idToStatus[obj.ID.Module.String()]++
+			} else if !ok {
+				idToStatus[obj.ID.Module.String()] = 0
+			}
+		}
+
+		publish(stats, idToStatus)
+
+		// Removed old IDs
+		for k, v := range idToStatus {
+			if v == 0 {
+				delete(idToStatus, k)
+			}
 		}
-		publish(stats)
 
 		select {
 		case <-ctx.Done():
diff --git a/vendor/github.com/cilium/cilium/pkg/hive/hive.go b/vendor/github.com/cilium/cilium/pkg/hive/hive.go
index ffeb583cc4..82397c860d 100644
--- a/vendor/github.com/cilium/cilium/pkg/hive/hive.go
+++ b/vendor/github.com/cilium/cilium/pkg/hive/hive.go
@@ -16,11 +16,14 @@ import (
 	"github.com/cilium/statedb"
 	"github.com/sirupsen/logrus"
 
+	flowpb "github.com/cilium/cilium/api/v1/flow"
 	"github.com/cilium/cilium/pkg/cidr"
 	"github.com/cilium/cilium/pkg/hive/health"
 	"github.com/cilium/cilium/pkg/hive/health/types"
+	"github.com/cilium/cilium/pkg/hubble"
 	"github.com/cilium/cilium/pkg/logging"
 	"github.com/cilium/cilium/pkg/logging/logfields"
+	"github.com/cilium/cilium/pkg/metrics"
 )
 
 type (
@@ -40,18 +43,36 @@ func New(cells ...cell.Cell) *Hive {
 	cells = append(
 		slices.Clone(cells),
 
-		health.Cell,
 		job.Cell,
-		statedb.Cell,
 
+		// Module health
+		cell.Group(
+			health.Cell,
+			cell.Provide(
+				func(provider types.Provider) cell.Health {
+					return provider.ForModule(nil)
+				},
+			),
+		),
+
+		// StateDB and its metrics
+		cell.Group(
+			statedb.Cell,
+
+			metrics.Metric(NewStateDBMetrics),
+			metrics.Metric(NewStateDBReconcilerMetrics),
+			cell.Provide(
+				NewStateDBMetricsImpl,
+				NewStateDBReconcilerMetricsImpl,
+			),
+		),
+
+		// The root logrus FieldLogger.
 		cell.Provide(
-			NewStateDBMetrics,
-			NewStateDBReconcilerMetrics,
 			func() logrus.FieldLogger { return logging.DefaultLogger },
-			func(provider types.Provider) cell.Health {
-				return provider.ForModule(nil)
-			},
-		))
+		),
+	)
+
 	// Scope logging and health by module ID.
 	moduleDecorators := []cell.ModuleDecorator{
 		func(log logrus.FieldLogger, mid cell.ModuleID) logrus.FieldLogger {
@@ -93,6 +114,20 @@ var decodeHooks = cell.DecodeHooks{
 		}
 		return cidr.ParseCIDR(s)
 	},
+	// Decode JSON encoded *flowpb.FlowFilter fields
+	func(from reflect.Type, to reflect.Type, data interface{}) (interface{}, error) {
+		if from.Kind() != reflect.Slice {
+			return data, nil
+		}
+		xs, ok := data.([]string)
+		if !ok {
+			return data, nil
+		}
+		if to != reflect.TypeOf(([]*flowpb.FlowFilter)(nil)) {
+			return data, nil
+		}
+		return hubble.ParseFlowFilters(xs...)
+	},
 }
 
 func AddConfigOverride[Cfg cell.Flagger](h *Hive, override func(*Cfg)) {
diff --git a/vendor/github.com/cilium/cilium/pkg/hive/reconciler_metrics.go b/vendor/github.com/cilium/cilium/pkg/hive/reconciler_metrics.go
index f58b3ae069..9101d2eb82 100644
--- a/vendor/github.com/cilium/cilium/pkg/hive/reconciler_metrics.go
+++ b/vendor/github.com/cilium/cilium/pkg/hive/reconciler_metrics.go
@@ -25,76 +25,73 @@ type ReconcilerMetrics struct {
 }
 
 const (
-	LabelModuleId  = "module_id"
-	LabelOperation = "op"
+	labelModuleId  = "module_id"
+	labelOperation = "op"
 )
 
-func NewStateDBReconcilerMetrics() (ReconcilerMetrics, reconciler.Metrics) {
+func NewStateDBReconcilerMetrics() ReconcilerMetrics {
 	m := ReconcilerMetrics{
 		ReconciliationCount: metric.NewCounterVec(metric.CounterOpts{
-			ConfigName: metrics.Namespace + "_count",
-			Disabled:   true,
-			Namespace:  metrics.Namespace,
-			Subsystem:  "reconciler",
-			Name:       "count",
-			Help:       "Number of reconciliation rounds performed",
-		}, []string{LabelModuleId}),
+			Disabled:  true,
+			Namespace: metrics.Namespace,
+			Subsystem: "reconciler",
+			Name:      "count",
+			Help:      "Number of reconciliation rounds performed",
+		}, []string{labelModuleId}),
 
 		ReconciliationDuration: metric.NewHistogramVec(metric.HistogramOpts{
-			ConfigName: metrics.Namespace + "_reconciler_duration_seconds",
-			Disabled:   true,
-			Namespace:  metrics.Namespace,
-			Subsystem:  "reconciler",
-			Name:       "duration_seconds",
-			Help:       "Histogram of per-operation duration during reconciliation",
-		}, []string{LabelModuleId, LabelOperation}),
+			Disabled:  true,
+			Namespace: metrics.Namespace,
+			Subsystem: "reconciler",
+			Name:      "duration_seconds",
+			Help:      "Histogram of per-operation duration during reconciliation",
+		}, []string{labelModuleId, labelOperation}),
 
 		ReconciliationTotalErrors: metric.NewCounterVec(metric.CounterOpts{
-			ConfigName: metrics.Namespace + "_reconciler_errors_total",
-			Disabled:   true,
-			Namespace:  metrics.Namespace,
-			Subsystem:  "reconciler",
-			Name:       "errors_total",
-			Help:       "Total number of errors encountered during reconciliation",
-		}, []string{LabelModuleId}),
+			Disabled:  true,
+			Namespace: metrics.Namespace,
+			Subsystem: "reconciler",
+			Name:      "errors_total",
+			Help:      "Total number of errors encountered during reconciliation",
+		}, []string{labelModuleId}),
 
 		ReconciliationCurrentErrors: metric.NewGaugeVec(metric.GaugeOpts{
-			ConfigName: metrics.Namespace + "_reconciler_errors_current",
-			Disabled:   true,
-			Namespace:  metrics.Namespace,
-			Subsystem:  "reconciler",
-			Name:       "errors_current",
-			Help:       "The number of objects currently failing to be reconciled",
-		}, []string{LabelModuleId}),
+			Disabled:  true,
+			Namespace: metrics.Namespace,
+			Subsystem: "reconciler",
+			Name:      "errors_current",
+			Help:      "The number of objects currently failing to be reconciled",
+		}, []string{labelModuleId}),
 
 		PruneCount: metric.NewCounterVec(metric.CounterOpts{
-			ConfigName: metrics.Namespace + "_reconciler_prune_count",
-			Disabled:   true,
-			Namespace:  metrics.Namespace,
-			Subsystem:  "reconciler",
-			Name:       "prune_count",
-			Help:       "Number of prunes performed",
-		}, []string{LabelModuleId}),
+			Disabled:  true,
+			Namespace: metrics.Namespace,
+			Subsystem: "reconciler",
+			Name:      "prune_count",
+			Help:      "Number of prunes performed",
+		}, []string{labelModuleId}),
 
 		PruneTotalErrors: metric.NewCounterVec(metric.CounterOpts{
-			ConfigName: metrics.Namespace + "_reconciler_prune_errors_total",
-			Disabled:   true,
-			Namespace:  metrics.Namespace,
-			Subsystem:  "reconciler",
-			Name:       "full_errors_total",
-			Help:       "Total number of errors encountered during full reconciliation",
-		}, []string{LabelModuleId}),
+			Disabled:  true,
+			Namespace: metrics.Namespace,
+			Subsystem: "reconciler",
+			Name:      "prune_errors_total",
+			Help:      "Total number of errors encountered during pruning",
+		}, []string{labelModuleId}),
 
 		PruneDuration: metric.NewHistogramVec(metric.HistogramOpts{
-			ConfigName: metrics.Namespace + "_reconciler_prune_duration_seconds",
-			Disabled:   true,
-			Namespace:  metrics.Namespace,
-			Subsystem:  "reconciler",
-			Name:       "full_duration_seconds",
-			Help:       "Histogram of per-operation duration during full reconciliation",
-		}, []string{LabelModuleId, LabelOperation}),
+			Disabled:  true,
+			Namespace: metrics.Namespace,
+			Subsystem: "reconciler",
+			Name:      "prune_duration_seconds",
+			Help:      "Histogram of pruning duration",
+		}, []string{labelModuleId}),
 	}
-	return m, &reconcilerMetricsImpl{m}
+	return m
+}
+
+func NewStateDBReconcilerMetricsImpl(m ReconcilerMetrics) reconciler.Metrics {
+	return &reconcilerMetricsImpl{m}
 }
 
 type reconcilerMetricsImpl struct {
@@ -104,7 +101,7 @@ type reconcilerMetricsImpl struct {
 // PruneDuration implements reconciler.Metrics.
 func (m *reconcilerMetricsImpl) PruneDuration(moduleID cell.FullModuleID, duration time.Duration) {
 	if m.m.PruneDuration.IsEnabled() {
-		m.m.PruneDuration.WithLabelValues(LabelModuleId, moduleID.String()).
+		m.m.PruneDuration.WithLabelValues(moduleID.String()).
 			Observe(duration.Seconds())
 	}
 }
@@ -112,9 +109,9 @@ func (m *reconcilerMetricsImpl) PruneDuration(moduleID cell.FullModuleID, durati
 // FullReconciliationErrors implements reconciler.Metrics.
 func (m *reconcilerMetricsImpl) PruneError(moduleID cell.FullModuleID, err error) {
 	if m.m.PruneCount.IsEnabled() {
-		m.m.PruneCount.WithLabelValues(LabelModuleId, moduleID.String())
+		m.m.PruneCount.WithLabelValues(moduleID.String()).Inc()
 	}
-	if m.m.PruneTotalErrors.IsEnabled() {
+	if err != nil && m.m.PruneTotalErrors.IsEnabled() {
 		m.m.PruneTotalErrors.WithLabelValues(moduleID.String()).Add(1)
 	}
 }
@@ -122,10 +119,10 @@ func (m *reconcilerMetricsImpl) PruneError(moduleID cell.FullModuleID, err error
 // ReconciliationDuration implements reconciler.Metrics.
 func (m *reconcilerMetricsImpl) ReconciliationDuration(moduleID cell.FullModuleID, operation string, duration time.Duration) {
 	if m.m.ReconciliationCount.IsEnabled() {
-		m.m.ReconciliationCount.WithLabelValues(LabelModuleId, moduleID.String()).Inc()
+		m.m.ReconciliationCount.WithLabelValues(moduleID.String()).Inc()
 	}
 	if m.m.ReconciliationDuration.IsEnabled() {
-		m.m.ReconciliationDuration.WithLabelValues(LabelModuleId, moduleID.String(), LabelOperation, operation).
+		m.m.ReconciliationDuration.WithLabelValues(moduleID.String(), operation).
 			Observe(duration.Seconds())
 	}
 }
@@ -133,10 +130,10 @@ func (m *reconcilerMetricsImpl) ReconciliationDuration(moduleID cell.FullModuleI
 // ReconciliationErrors implements reconciler.Metrics.
 func (m *reconcilerMetricsImpl) ReconciliationErrors(moduleID cell.FullModuleID, new, current int) {
 	if m.m.ReconciliationCurrentErrors.IsEnabled() {
-		m.m.ReconciliationCurrentErrors.WithLabelValues(LabelModuleId, moduleID.String()).Set(float64(current))
+		m.m.ReconciliationCurrentErrors.WithLabelValues(moduleID.String()).Set(float64(current))
 	}
 	if m.m.ReconciliationTotalErrors.IsEnabled() {
-		m.m.ReconciliationCurrentErrors.WithLabelValues(LabelModuleId, moduleID.String()).Add(float64(new))
+		m.m.ReconciliationCurrentErrors.WithLabelValues(moduleID.String()).Add(float64(new))
 	}
 }
 
diff --git a/vendor/github.com/cilium/cilium/pkg/hive/statedb_metrics.go b/vendor/github.com/cilium/cilium/pkg/hive/statedb_metrics.go
index a9e86ffb1b..3e764604f9 100644
--- a/vendor/github.com/cilium/cilium/pkg/hive/statedb_metrics.go
+++ b/vendor/github.com/cilium/cilium/pkg/hive/statedb_metrics.go
@@ -34,6 +34,12 @@ type StateDBMetrics struct {
 	TableGraveyardCleaningDuration metric.Vec[metric.Observer]
 }
 
+const (
+	labelTable  = "table"
+	labelTables = "tables"
+	labelHandle = "handle"
+)
+
 type stateDBMetricsImpl struct {
 	m StateDBMetrics
 }
@@ -41,42 +47,42 @@ type stateDBMetricsImpl struct {
 // DeleteTrackerCount implements statedb.Metrics.
 func (i stateDBMetricsImpl) DeleteTrackerCount(tableName string, numTrackers int) {
 	if i.m.TableDeleteTrackerCount.IsEnabled() {
-		i.m.TableDeleteTrackerCount.WithLabelValues("table", tableName).Set(float64(numTrackers))
+		i.m.TableDeleteTrackerCount.WithLabelValues(tableName).Set(float64(numTrackers))
 	}
 }
 
 // GraveyardCleaningDuration implements statedb.Metrics.
 func (i stateDBMetricsImpl) GraveyardCleaningDuration(tableName string, duration time.Duration) {
 	if i.m.TableGraveyardCleaningDuration.IsEnabled() {
-		i.m.TableGraveyardCleaningDuration.WithLabelValues("table", tableName).Observe(float64(duration.Seconds()))
+		i.m.TableGraveyardCleaningDuration.WithLabelValues(tableName).Observe(float64(duration.Seconds()))
 	}
 }
 
 // GraveyardLowWatermark implements statedb.Metrics.
 func (i stateDBMetricsImpl) GraveyardLowWatermark(tableName string, lowWatermark uint64) {
 	if i.m.TableGraveyardLowWatermark.IsEnabled() {
-		i.m.TableGraveyardLowWatermark.WithLabelValues("table", tableName).Set(float64(lowWatermark))
+		i.m.TableGraveyardLowWatermark.WithLabelValues(tableName).Set(float64(lowWatermark))
 	}
 }
 
 // GraveyardObjectCount implements statedb.Metrics.
 func (i stateDBMetricsImpl) GraveyardObjectCount(tableName string, numDeletedObjects int) {
 	if i.m.TableGraveyardObjectCount.IsEnabled() {
-		i.m.TableGraveyardObjectCount.WithLabelValues("table", tableName).Set(float64(numDeletedObjects))
+		i.m.TableGraveyardObjectCount.WithLabelValues(tableName).Set(float64(numDeletedObjects))
 	}
 }
 
 // ObjectCount implements statedb.Metrics.
 func (i stateDBMetricsImpl) ObjectCount(tableName string, numObjects int) {
 	if i.m.TableObjectCount.IsEnabled() {
-		i.m.TableObjectCount.WithLabelValues("table", tableName).Set(float64(numObjects))
+		i.m.TableObjectCount.WithLabelValues(tableName).Set(float64(numObjects))
 	}
 }
 
 // Revision implements statedb.Metrics.
 func (i stateDBMetricsImpl) Revision(tableName string, revision uint64) {
 	if i.m.TableRevision.IsEnabled() {
-		i.m.TableRevision.WithLabelValues("table", tableName).Set(float64(revision))
+		i.m.TableRevision.WithLabelValues(tableName).Set(float64(revision))
 	}
 }
 
@@ -84,8 +90,7 @@ func (i stateDBMetricsImpl) Revision(tableName string, revision uint64) {
 func (i stateDBMetricsImpl) WriteTxnDuration(handle string, tables []string, acquire time.Duration) {
 	if i.m.WriteTxnDuration.IsEnabled() {
 		i.m.WriteTxnDuration.WithLabelValues(
-			"handle", handle,
-			"tables", strings.Join(tables, ","),
+			handle, strings.Join(tables, ","),
 		).Observe(acquire.Seconds())
 	}
 }
@@ -93,10 +98,7 @@ func (i stateDBMetricsImpl) WriteTxnDuration(handle string, tables []string, acq
 // WriteTxnTableAcquisition implements statedb.Metrics.
 func (i stateDBMetricsImpl) WriteTxnTableAcquisition(handle string, tableName string, acquire time.Duration) {
 	if i.m.TableContention.IsEnabled() {
-		i.m.TableContention.WithLabelValues(
-			"handle", handle,
-			"table", tableName,
-		)
+		i.m.TableContention.WithLabelValues(handle, tableName)
 	}
 }
 
@@ -104,79 +106,82 @@ func (i stateDBMetricsImpl) WriteTxnTableAcquisition(handle string, tableName st
 func (i stateDBMetricsImpl) WriteTxnTotalAcquisition(handle string, tables []string, acquire time.Duration) {
 	if i.m.WriteTxnAcquisition.IsEnabled() {
 		i.m.WriteTxnAcquisition.WithLabelValues(
-			"handle", handle,
-			"tables", strings.Join(tables, ","),
+			handle, strings.Join(tables, ","),
 		)
 	}
 }
 
 var _ statedb.Metrics = stateDBMetricsImpl{}
 
-func NewStateDBMetrics() (StateDBMetrics, statedb.Metrics) {
+func NewStateDBMetrics() StateDBMetrics {
 	m := StateDBMetrics{
 		WriteTxnDuration: metric.NewHistogramVec(metric.HistogramOpts{
-			Namespace: metrics.CiliumAgentNamespace,
+			Namespace: metrics.Namespace,
 			Subsystem: "statedb",
 			Name:      "write_txn_duration_seconds",
 			Help:      "How long a write transaction was held.",
 			Disabled:  true,
-		}, []string{"tables", "handle"}),
+		}, []string{labelHandle, labelTables}),
 		WriteTxnAcquisition: metric.NewHistogramVec(metric.HistogramOpts{
-			Namespace: metrics.CiliumAgentNamespace,
+			Namespace: metrics.Namespace,
 			Subsystem: "statedb",
 			Name:      "write_txn_acquisition_seconds",
 			Help:      "How long it took to acquire a write transaction for all tables.",
 			Disabled:  true,
-		}, []string{"tables", "handle"}),
+		}, []string{labelHandle, labelTables}),
 		TableContention: metric.NewGaugeVec(metric.GaugeOpts{
-			Namespace: metrics.CiliumAgentNamespace,
+			Namespace: metrics.Namespace,
 			Subsystem: "statedb",
 			Name:      "table_contention_seconds",
 			Help:      "How long writers were blocked while waiting to acquire a write transaction for a specific table.",
 			Disabled:  true,
-		}, []string{"table"}),
+		}, []string{labelHandle, labelTable}),
 		TableObjectCount: metric.NewGaugeVec(metric.GaugeOpts{
-			Namespace: metrics.CiliumAgentNamespace,
+			Namespace: metrics.Namespace,
 			Subsystem: "statedb",
 			Name:      "table_objects",
 			Help:      "The amount of objects in a given table.",
 			Disabled:  true,
-		}, []string{"table"}),
+		}, []string{labelTable}),
 		TableRevision: metric.NewGaugeVec(metric.GaugeOpts{
-			Namespace: metrics.CiliumAgentNamespace,
+			Namespace: metrics.Namespace,
 			Subsystem: "statedb",
 			Name:      "table_revision",
 			Help:      "The current revision of a given table.",
 			Disabled:  true,
-		}, []string{"table"}),
+		}, []string{labelTable}),
 		TableDeleteTrackerCount: metric.NewGaugeVec(metric.GaugeOpts{
-			Namespace: metrics.CiliumAgentNamespace,
+			Namespace: metrics.Namespace,
 			Subsystem: "statedb",
 			Name:      "table_delete_trackers",
 			Help:      "The amount of delete trackers for a given table.",
 			Disabled:  true,
-		}, []string{"table"}),
+		}, []string{labelTable}),
 		TableGraveyardObjectCount: metric.NewGaugeVec(metric.GaugeOpts{
-			Namespace: metrics.CiliumAgentNamespace,
+			Namespace: metrics.Namespace,
 			Subsystem: "statedb",
 			Name:      "table_graveyard_objects",
 			Help:      "The amount of objects in the graveyard for a given table.",
 			Disabled:  true,
-		}, []string{"table"}),
+		}, []string{labelTable}),
 		TableGraveyardLowWatermark: metric.NewGaugeVec(metric.GaugeOpts{
-			Namespace: metrics.CiliumAgentNamespace,
+			Namespace: metrics.Namespace,
 			Subsystem: "statedb",
 			Name:      "table_graveyard_low_watermark",
 			Help:      "The lowest revision of a given table that has been processed by the graveyard garbage collector.",
 			Disabled:  true,
-		}, []string{"table"}),
+		}, []string{labelTable}),
 		TableGraveyardCleaningDuration: metric.NewHistogramVec(metric.HistogramOpts{
-			Namespace: metrics.CiliumAgentNamespace,
+			Namespace: metrics.Namespace,
 			Subsystem: "statedb",
 			Name:      "table_graveyard_cleaning_duration_seconds",
 			Help:      "The time it took to clean the graveyard for a given table.",
 			Disabled:  true,
-		}, []string{"table"}),
+		}, []string{labelTable}),
 	}
-	return m, stateDBMetricsImpl{m}
+	return m
+}
+
+func NewStateDBMetricsImpl(m StateDBMetrics) statedb.Metrics {
+	return stateDBMetricsImpl{m}
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/hubble/helpers.go b/vendor/github.com/cilium/cilium/pkg/hubble/helpers.go
new file mode 100644
index 0000000000..69f7fa4279
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/hubble/helpers.go
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package hubble
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	flowpb "github.com/cilium/cilium/api/v1/flow"
+)
+
+func ParseFlowFilters(args ...string) ([]*flowpb.FlowFilter, error) {
+	filters := make([]*flowpb.FlowFilter, 0, len(args))
+	for _, enc := range args {
+		dec := json.NewDecoder(strings.NewReader(enc))
+		var filter flowpb.FlowFilter
+		if err := dec.Decode(&filter); err != nil {
+			return nil, fmt.Errorf("failed to decode flow filter '%v': %w", enc, err)
+		}
+		filters = append(filters, &filter)
+	}
+	return filters, nil
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/identity/identity.go b/vendor/github.com/cilium/cilium/pkg/identity/identity.go
index 7e96d93cc1..d55de2cac2 100644
--- a/vendor/github.com/cilium/cilium/pkg/identity/identity.go
+++ b/vendor/github.com/cilium/cilium/pkg/identity/identity.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net"
 	"strconv"
+	"sync"
 
 	"github.com/cilium/cilium/pkg/labels"
 	"github.com/cilium/cilium/pkg/option"
@@ -322,3 +323,8 @@ func IdentityAllocationIsLocal(lbls labels.Labels) bool {
 	// key, the well-known identity for it can be allocated locally.
 	return LookupReservedIdentityByLabels(lbls) != nil
 }
+
+// UpdateIdentities is an interface to be called when identities change
+type UpdateIdentities interface {
+	UpdateIdentities(added, deleted IdentityMap, wg *sync.WaitGroup)
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/identity/identitymanager/cell.go b/vendor/github.com/cilium/cilium/pkg/identity/identitymanager/cell.go
index 5b1fe39d78..bb8e812797 100644
--- a/vendor/github.com/cilium/cilium/pkg/identity/identitymanager/cell.go
+++ b/vendor/github.com/cilium/cilium/pkg/identity/identitymanager/cell.go
@@ -8,5 +8,5 @@ import "github.com/cilium/hive/cell"
 var Cell = cell.Module(
 	"identity-manager",
 	"Identity manager tracks identities assigned to locally managed endpoints ",
-	cell.Provide(NewIdentityManager),
+	cell.Provide(NewIDManager),
 )
diff --git a/vendor/github.com/cilium/cilium/pkg/identity/identitymanager/manager.go b/vendor/github.com/cilium/cilium/pkg/identity/identitymanager/manager.go
index 2f36277e64..03813c60c3 100644
--- a/vendor/github.com/cilium/cilium/pkg/identity/identitymanager/manager.go
+++ b/vendor/github.com/cilium/cilium/pkg/identity/identitymanager/manager.go
@@ -13,6 +13,15 @@ import (
 	"github.com/cilium/cilium/pkg/logging/logfields"
 )
 
+type IDManager interface {
+	Add(identity *identity.Identity)
+	GetIdentityModels() []*models.IdentityEndpoints
+	Remove(identity *identity.Identity)
+	RemoveAll()
+	RemoveOldAddNew(old *identity.Identity, new *identity.Identity)
+	Subscribe(o Observer)
+}
+
 // IdentityManager caches information about a set of identities, currently a
 // reference count of how many users there are for each identity.
 type IdentityManager struct {
@@ -21,13 +30,17 @@ type IdentityManager struct {
 	observers  map[Observer]struct{}
 }
 
+// NewIDManager returns an initialized IdentityManager.
+func NewIDManager() IDManager {
+	return newIdentityManager()
+}
+
 type identityMetadata struct {
 	identity *identity.Identity
 	refCount uint
 }
 
-// NewIdentityManager returns an initialized IdentityManager.
-func NewIdentityManager() *IdentityManager {
+func newIdentityManager() *IdentityManager {
 	return &IdentityManager{
 		identities: make(map[identity.NumericIdentity]*identityMetadata),
 		observers:  make(map[Observer]struct{}),
diff --git a/vendor/github.com/cilium/cilium/pkg/inctimer/inctimer.go b/vendor/github.com/cilium/cilium/pkg/inctimer/inctimer.go
deleted file mode 100644
index 072c02a56e..0000000000
--- a/vendor/github.com/cilium/cilium/pkg/inctimer/inctimer.go
+++ /dev/null
@@ -1,80 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright Authors of Cilium
-
-package inctimer
-
-import "time"
-
-// IncTimer should be the preferred mechanism over
-// calling `time.After` when wanting an `After`-like
-// function in a loop. This prevents memory build up
-// as the `time.After` method creates a new timer
-// instance every time it is called, and it is not
-// garbage collected until after it fires. Conversely,
-// IncTimer only uses one timer and correctly stops
-// the timer, clears its channel, and resets it
-// everytime that `After` is called.
-type IncTimer interface {
-	After(time.Duration) <-chan time.Time
-}
-
-type incTimer struct {
-	t *time.Timer
-}
-
-// New creates a new IncTimer and a done function.
-// IncTimer only uses one timer and correctly stops
-// the timer, clears the channel, and resets it every
-// time the `After` function is called.
-// WARNING: Concurrent use is not expected. The use
-// of this timer should be for only one goroutine.
-func New() (IncTimer, func() bool) {
-	it := &incTimer{}
-	return it, it.stop
-}
-
-// stop returns true if a scheduled timer has been stopped before execution.
-func (it *incTimer) stop() bool {
-	if it.t == nil {
-		return false
-	}
-	return it.t.Stop()
-}
-
-// After returns a channel that will fire after
-// the specified duration.
-func (it *incTimer) After(d time.Duration) <-chan time.Time {
-	// Stop the previous timer (if any) to garbage collect it.
-	// The old timer channel will be garbage collected even if not drained.
-	it.stop()
-
-	// We have to create a new timer for each invocation, because it is not
-	// possible to safely use https://golang.org/pkg/time/#Timer.Reset if we
-	// do not know if the timer channel has already been drained or not (which
-	// is the case here, as the client might have drained the channel already).
-	// Even after stopping a timer, it's not safe to attempt to drain its
-	// timer channel with a default case (for the case where the client has
-	// drained the channel already), as there is a small window where a timer
-	// is considered expired, but the channel has not received a value yet [1].
-	// This would cause us to erroneously take the default case (assuming the
-	// channel has been drained by the client), when in fact the channel just
-	// has not received a value yet. Because the two cases (client has drained
-	// vs. value not received yet) are indistinguishable for us, we cannot use
-	// Timer.Reset and need to create a new timer.
-	//
-	// [1] The reason why this small window occurs, is because the Go runtime
-	// will remove a timer from the heap and and mark it as deleted _before_
-	// it actually executes the timer function f:
-	// https://github.com/golang/go/blob/go1.16/src/runtime/time.go#L876
-	// This causes t.Stop to report the timer as already expired while it is
-	// in fact currently running:
-	// https://github.com/golang/go/blob/go1.16/src/runtime/time.go#L352
-	it.t = time.NewTimer(d)
-	return it.t.C
-}
-
-// After wraps the time.After function to get around the /timeafter linter
-// warning for cases where it is inconvenient to use the instantiated version.
-func After(d time.Duration) <-chan time.Time {
-	return time.After(d)
-}
diff --git a/vendor/github.com/cilium/cilium/pkg/ip/ip.go b/vendor/github.com/cilium/cilium/pkg/ip/ip.go
index 5563ae7f3e..7f457f340c 100644
--- a/vendor/github.com/cilium/cilium/pkg/ip/ip.go
+++ b/vendor/github.com/cilium/cilium/pkg/ip/ip.go
@@ -9,11 +9,10 @@ import (
 	"math/big"
 	"net"
 	"net/netip"
+	"slices"
 	"sort"
 
 	"go4.org/netipx"
-
-	"github.com/cilium/cilium/pkg/slices"
 )
 
 const (
@@ -753,15 +752,8 @@ func PartitionCIDR(targetCIDR net.IPNet, excludeCIDR net.IPNet) ([]*net.IPNet, [
 // netip.Addr.Compare (i.e. IPv4 addresses show up before IPv6).
 // The slice is manipulated in-place destructively; it does not create a new slice.
 func KeepUniqueAddrs(addrs []netip.Addr) []netip.Addr {
-	return slices.SortedUniqueFunc(
-		addrs,
-		func(a, b netip.Addr) int {
-			return a.Compare(b)
-		},
-		func(a, b netip.Addr) bool {
-			return a == b
-		},
-	)
+	SortAddrList(addrs)
+	return slices.Compact(addrs)
 }
 
 var privateIPBlocks []*net.IPNet
@@ -847,15 +839,11 @@ func ListContainsIP(ipList []net.IP, ip net.IP) bool {
 
 // SortIPList sorts the provided net.IP slice in place.
 func SortIPList(ipList []net.IP) {
-	sort.Slice(ipList, func(i, j int) bool {
-		return bytes.Compare(ipList[i], ipList[j]) < 0
-	})
+	slices.SortFunc(ipList, func(a, b net.IP) int { return bytes.Compare(a, b) })
 }
 
 func SortAddrList(ipList []netip.Addr) {
-	sort.Slice(ipList, func(i, j int) bool {
-		return ipList[i].Compare(ipList[j]) < 0
-	})
+	slices.SortFunc(ipList, netip.Addr.Compare)
 }
 
 // getSortedIPList returns a new net.IP slice in which the IPs are sorted.
diff --git a/vendor/github.com/cilium/cilium/pkg/ipam/types/types.go b/vendor/github.com/cilium/cilium/pkg/ipam/types/types.go
index 81c6e5ebcd..5f938642ee 100644
--- a/vendor/github.com/cilium/cilium/pkg/ipam/types/types.go
+++ b/vendor/github.com/cilium/cilium/pkg/ipam/types/types.go
@@ -178,6 +178,13 @@ type IPAMSpec struct {
 	//
 	// +kubebuilder:validation:Minimum=0
 	MaxAboveWatermark int `json:"max-above-watermark,omitempty"`
+
+	// StaticIPTags are used to determine the pool of IPs from which to
+	// attribute a static IP to the node. For example in AWS this is used to
+	// filter Elastic IP Addresses.
+	//
+	// +optional
+	StaticIPTags map[string]string `json:"static-ip-tags,omitempty"`
 }
 
 // IPReleaseStatus defines the valid states in IP release handshake
@@ -230,6 +237,11 @@ type IPAMStatus struct {
 	//
 	// +optional
 	ReleaseIPv6s map[string]IPReleaseStatus `json:"release-ipv6s,omitempty"`
+
+	// AssignedStaticIP is the static IP assigned to the node (ex: public Elastic IP address in AWS)
+	//
+	// +optional
+	AssignedStaticIP string `json:"assigned-static-ip,omitempty"`
 }
 
 // IPAMPoolRequest is a request from the agent to the operator, indicating how
diff --git a/vendor/github.com/cilium/cilium/pkg/ipam/types/zz_generated.deepcopy.go b/vendor/github.com/cilium/cilium/pkg/ipam/types/zz_generated.deepcopy.go
index fb9303d76c..b0af2cd053 100644
--- a/vendor/github.com/cilium/cilium/pkg/ipam/types/zz_generated.deepcopy.go
+++ b/vendor/github.com/cilium/cilium/pkg/ipam/types/zz_generated.deepcopy.go
@@ -151,6 +151,13 @@ func (in *IPAMSpec) DeepCopyInto(out *IPAMSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.StaticIPTags != nil {
+		in, out := &in.StaticIPTags, &out.StaticIPTags
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
 	return
 }
 
diff --git a/vendor/github.com/cilium/cilium/pkg/ipam/types/zz_generated.deepequal.go b/vendor/github.com/cilium/cilium/pkg/ipam/types/zz_generated.deepequal.go
index cc2d82b011..d0065ee549 100644
--- a/vendor/github.com/cilium/cilium/pkg/ipam/types/zz_generated.deepequal.go
+++ b/vendor/github.com/cilium/cilium/pkg/ipam/types/zz_generated.deepequal.go
@@ -211,6 +211,26 @@ func (in *IPAMSpec) DeepEqual(other *IPAMSpec) bool {
 	if in.MaxAboveWatermark != other.MaxAboveWatermark {
 		return false
 	}
+	if ((in.StaticIPTags != nil) && (other.StaticIPTags != nil)) || ((in.StaticIPTags == nil) != (other.StaticIPTags == nil)) {
+		in, other := &in.StaticIPTags, &other.StaticIPTags
+		if other == nil {
+			return false
+		}
+
+		if len(*in) != len(*other) {
+			return false
+		} else {
+			for key, inValue := range *in {
+				if otherValue, present := (*other)[key]; !present {
+					return false
+				} else {
+					if inValue != otherValue {
+						return false
+					}
+				}
+			}
+		}
+	}
 
 	return true
 }
@@ -289,6 +309,10 @@ func (in *IPAMStatus) DeepEqual(other *IPAMStatus) bool {
 		}
 	}
 
+	if in.AssignedStaticIP != other.AssignedStaticIP {
+		return false
+	}
+
 	return true
 }
 
diff --git a/vendor/github.com/cilium/cilium/pkg/ipcache/types/types.go b/vendor/github.com/cilium/cilium/pkg/ipcache/types/types.go
index 34f3ce6b8d..ee19ffb904 100644
--- a/vendor/github.com/cilium/cilium/pkg/ipcache/types/types.go
+++ b/vendor/github.com/cilium/cilium/pkg/ipcache/types/types.go
@@ -63,6 +63,14 @@ func NewResourceID(kind ResourceKind, namespace, name string) ResourceID {
 	return ResourceID(str.String())
 }
 
+func (r ResourceID) Namespace() string {
+	parts := strings.SplitN(string(r), "/", 3)
+	if len(parts) < 2 {
+		return ""
+	}
+	return parts[1]
+}
+
 // TunnelPeer is the IP address of the host associated with this prefix. This is
 // typically used to establish a tunnel, e.g. in tunnel mode or for encryption.
 // This type implements ipcache.IPMetadata
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/register.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/register.go
index f76456ac38..b65d3a29ef 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/register.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/register.go
@@ -15,5 +15,5 @@ const (
 	//
 	// Maintainers: Run ./Documentation/check-crd-compat-table.sh for each release
 	// Developers: Bump patch for each change in the CRD schema.
-	CustomResourceDefinitionSchemaVersion = "1.30.2"
+	CustomResourceDefinitionSchemaVersion = "1.30.4"
 )
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/utils/utils.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/utils/utils.go
index a0ea8b57a4..b88ddedad5 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/utils/utils.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/utils/utils.go
@@ -203,7 +203,9 @@ func parseToCiliumEgressCommonRule(namespace string, es api.EndpointSelector, eg
 	if egr.ToEndpoints != nil {
 		retRule.ToEndpoints = make([]api.EndpointSelector, len(egr.ToEndpoints))
 		for j, ep := range egr.ToEndpoints {
-			retRule.ToEndpoints[j] = getEndpointSelector(namespace, ep.LabelSelector, true, matchesInit)
+			endpointSelector := getEndpointSelector(namespace, ep.LabelSelector, true, matchesInit)
+			endpointSelector.Generated = ep.Generated
+			retRule.ToEndpoints[j] = endpointSelector
 		}
 	}
 
@@ -326,7 +328,9 @@ func ParseToCiliumRule(namespace, name string, uid types.UID, r *api.Rule) *api.
 		retRule.EndpointSelector = api.NewESFromK8sLabelSelector("", r.EndpointSelector.LabelSelector)
 		// The PodSelector should only reflect to the same namespace
 		// the policy is being stored, thus we add the namespace to
-		// the MatchLabels map.
+		// the MatchLabels map. Additionally, Policy repository relies
+		// on this fact to properly choose correct network policies for
+		// a given Security Identity.
 		//
 		// Policies applying to all namespaces are a special case.
 		// Such policies can match on any traffic from Pods or Nodes,
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/types.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/types.go
index 7e0641258b..d07a0a8a61 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/types.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/types.go
@@ -24,7 +24,6 @@ import (
 // +kubebuilder:printcolumn:JSONPath=".status.identity.id",description="Security Identity",name="Security Identity",type=integer
 // +kubebuilder:printcolumn:JSONPath=".status.policy.ingress.state",description="Ingress enforcement in the endpoint",name="Ingress Enforcement",type=string,priority=1
 // +kubebuilder:printcolumn:JSONPath=".status.policy.egress.state",description="Egress enforcement in the endpoint",name="Egress Enforcement",type=string,priority=1
-// +kubebuilder:printcolumn:JSONPath=".status.visibility-policy-status",description="Status of visibility policy in the endpoint",name="Visibility Policy",type=string,priority=1
 // +kubebuilder:printcolumn:JSONPath=".status.state",description="Endpoint current state",name="Endpoint State",type=string
 // +kubebuilder:printcolumn:JSONPath=".status.networking.addressing[0].ipv4",description="Endpoint IPv4 address",name="IPv4",type=string
 // +kubebuilder:printcolumn:JSONPath=".status.networking.addressing[0].ipv6",description="Endpoint IPv6 address",name="IPv6",type=string
@@ -77,8 +76,6 @@ type EndpointStatus struct {
 
 	Policy *EndpointPolicy `json:"policy,omitempty"`
 
-	VisibilityPolicyStatus *string `json:"visibility-policy-status,omitempty"`
-
 	// State is the state of the endpoint.
 	//
 	// +kubebuilder:validation:Enum=creating;waiting-for-identity;not-ready;waiting-to-regenerate;regenerating;restoring;ready;disconnecting;disconnected;invalid
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/zz_generated.deepcopy.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/zz_generated.deepcopy.go
index 029eeacecf..dcfda03400 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/zz_generated.deepcopy.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/zz_generated.deepcopy.go
@@ -1203,11 +1203,6 @@ func (in *EndpointStatus) DeepCopyInto(out *EndpointStatus) {
 		*out = new(EndpointPolicy)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.VisibilityPolicyStatus != nil {
-		in, out := &in.VisibilityPolicyStatus, &out.VisibilityPolicyStatus
-		*out = new(string)
-		**out = **in
-	}
 	if in.NamedPorts != nil {
 		in, out := &in.NamedPorts, &out.NamedPorts
 		*out = make(models.NamedPorts, len(*in))
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/zz_generated.deepequal.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/zz_generated.deepequal.go
index c0727c305e..7a8c9f35ea 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/zz_generated.deepequal.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2/zz_generated.deepequal.go
@@ -921,14 +921,6 @@ func (in *EndpointStatus) DeepEqual(other *EndpointStatus) bool {
 		}
 	}
 
-	if (in.VisibilityPolicyStatus == nil) != (other.VisibilityPolicyStatus == nil) {
-		return false
-	} else if in.VisibilityPolicyStatus != nil {
-		if *in.VisibilityPolicyStatus != *other.VisibilityPolicyStatus {
-			return false
-		}
-	}
-
 	if in.State != other.State {
 		return false
 	}
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_cluster_types.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_cluster_types.go
index dad7bb87f2..a0a4dae4fb 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_cluster_types.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_cluster_types.go
@@ -14,6 +14,7 @@ import (
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories={cilium,ciliumbgp},singular="ciliumbgpclusterconfig",path="ciliumbgpclusterconfigs",scope="Cluster",shortName={cbgpcluster}
 // +kubebuilder:printcolumn:JSONPath=".metadata.creationTimestamp",name="Age",type=date
+// +kubebuilder:subresource:status
 // +kubebuilder:storageversion
 
 // CiliumBGPClusterConfig is the Schema for the CiliumBGPClusterConfig API
@@ -25,6 +26,11 @@ type CiliumBGPClusterConfig struct {
 
 	// Spec defines the desired cluster configuration of the BGP control plane.
 	Spec CiliumBGPClusterConfigSpec `json:"spec"`
+
+	// Status is a running status of the cluster configuration
+	//
+	// +kubebuilder:validation:Optional
+	Status CiliumBGPClusterConfigStatus `json:"status"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -136,3 +142,23 @@ type PeerConfigReference struct {
 	// +kubebuilder:validation:Required
 	Name string `json:"name"`
 }
+
+type CiliumBGPClusterConfigStatus struct {
+	// The current conditions of the CiliumBGPClusterConfig
+	//
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	// +deepequal-gen=false
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// Conditions for CiliumBGPClusterConfig
+const (
+	// Node selector selects nothing
+	BGPClusterConfigConditionNoMatchingNode = "cilium.io/NoMatchingNode"
+	// Referenced peer configs are missing
+	BGPClusterConfigConditionMissingPeerConfigs = "cilium.io/MissingPeerConfigs"
+	// ClusterConfig with conflicting nodeSelector present
+	BGPClusterConfigConditionConflictingClusterConfigs = "cilium.io/ConflictingClusterConfig"
+)
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_peer_types.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_peer_types.go
index dc4cdb0336..f0e323bb2e 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_peer_types.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/bgp_peer_types.go
@@ -28,6 +28,7 @@ type CiliumBGPPeerConfigList struct {
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories={cilium,ciliumbgp},singular="ciliumbgppeerconfig",path="ciliumbgppeerconfigs",scope="Cluster",shortName={cbgppeer}
 // +kubebuilder:printcolumn:JSONPath=".metadata.creationTimestamp",name="Age",type=date
+// +kubebuilder:subresource:status
 // +kubebuilder:storageversion
 
 type CiliumBGPPeerConfig struct {
@@ -38,6 +39,11 @@ type CiliumBGPPeerConfig struct {
 
 	// Spec is the specification of the desired behavior of the CiliumBGPPeerConfig.
 	Spec CiliumBGPPeerConfigSpec `json:"spec"`
+
+	// Status is the running status of the CiliumBGPPeerConfig
+	//
+	// +kubebuilder:validation:Optional
+	Status CiliumBGPPeerConfigStatus `json:"status"`
 }
 
 type CiliumBGPPeerConfigSpec struct {
@@ -92,6 +98,22 @@ type CiliumBGPPeerConfigSpec struct {
 	Families []CiliumBGPFamilyWithAdverts `json:"families,omitempty"`
 }
 
+type CiliumBGPPeerConfigStatus struct {
+	// The current conditions of the CiliumBGPPeerConfig
+	//
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	// +deepequal-gen=false
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// Conditions for CiliumBGPPeerConfig
+const (
+	// Referenced auth secret is missing
+	BGPPeerConfigConditionMissingAuthSecret = "cilium.io/MissingAuthSecret"
+)
+
 // CiliumBGPFamily represents a AFI/SAFI address family pair.
 type CiliumBGPFamily struct {
 	// Afi is the Address Family Identifier (AFI) of the family.
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/zz_generated.deepcopy.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/zz_generated.deepcopy.go
index 0b0bf728de..ad712afe26 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/zz_generated.deepcopy.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/zz_generated.deepcopy.go
@@ -241,6 +241,7 @@ func (in *CiliumBGPClusterConfig) DeepCopyInto(out *CiliumBGPClusterConfig) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
 	return
 }
 
@@ -323,6 +324,29 @@ func (in *CiliumBGPClusterConfigSpec) DeepCopy() *CiliumBGPClusterConfigSpec {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CiliumBGPClusterConfigStatus) DeepCopyInto(out *CiliumBGPClusterConfigStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]metav1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CiliumBGPClusterConfigStatus.
+func (in *CiliumBGPClusterConfigStatus) DeepCopy() *CiliumBGPClusterConfigStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(CiliumBGPClusterConfigStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CiliumBGPFamily) DeepCopyInto(out *CiliumBGPFamily) {
 	*out = *in
@@ -935,6 +959,7 @@ func (in *CiliumBGPPeerConfig) DeepCopyInto(out *CiliumBGPPeerConfig) {
 	out.TypeMeta = in.TypeMeta
 	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
 	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
 	return
 }
 
@@ -1037,6 +1062,29 @@ func (in *CiliumBGPPeerConfigSpec) DeepCopy() *CiliumBGPPeerConfigSpec {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CiliumBGPPeerConfigStatus) DeepCopyInto(out *CiliumBGPPeerConfigStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]metav1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CiliumBGPPeerConfigStatus.
+func (in *CiliumBGPPeerConfigStatus) DeepCopy() *CiliumBGPPeerConfigStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(CiliumBGPPeerConfigStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CiliumBGPPeeringPolicy) DeepCopyInto(out *CiliumBGPPeeringPolicy) {
 	*out = *in
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/zz_generated.deepequal.go b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/zz_generated.deepequal.go
index 2bb8aced3e..cca99d9aea 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/zz_generated.deepequal.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1/zz_generated.deepequal.go
@@ -243,6 +243,10 @@ func (in *CiliumBGPClusterConfig) DeepEqual(other *CiliumBGPClusterConfig) bool
 		return false
 	}
 
+	if !in.Status.DeepEqual(&other.Status) {
+		return false
+	}
+
 	return true
 }
 
@@ -281,6 +285,16 @@ func (in *CiliumBGPClusterConfigSpec) DeepEqual(other *CiliumBGPClusterConfigSpe
 	return true
 }
 
+// DeepEqual is an autogenerated deepequal function, deeply comparing the
+// receiver with other. in must be non-nil.
+func (in *CiliumBGPClusterConfigStatus) DeepEqual(other *CiliumBGPClusterConfigStatus) bool {
+	if other == nil {
+		return false
+	}
+
+	return true
+}
+
 // DeepEqual is an autogenerated deepequal function, deeply comparing the
 // receiver with other. in must be non-nil.
 func (in *CiliumBGPFamily) DeepEqual(other *CiliumBGPFamily) bool {
@@ -960,6 +974,10 @@ func (in *CiliumBGPPeerConfig) DeepEqual(other *CiliumBGPPeerConfig) bool {
 		return false
 	}
 
+	if !in.Status.DeepEqual(&other.Status) {
+		return false
+	}
+
 	return true
 }
 
@@ -1030,6 +1048,16 @@ func (in *CiliumBGPPeerConfigSpec) DeepEqual(other *CiliumBGPPeerConfigSpec) boo
 	return true
 }
 
+// DeepEqual is an autogenerated deepequal function, deeply comparing the
+// receiver with other. in must be non-nil.
+func (in *CiliumBGPPeerConfigStatus) DeepEqual(other *CiliumBGPPeerConfigStatus) bool {
+	if other == nil {
+		return false
+	}
+
+	return true
+}
+
 // DeepEqual is an autogenerated deepequal function, deeply comparing the
 // receiver with other. in must be non-nil.
 func (in *CiliumBGPPeeringPolicy) DeepEqual(other *CiliumBGPPeeringPolicy) bool {
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/client/cell.go b/vendor/github.com/cilium/cilium/pkg/k8s/client/cell.go
index f0b6bc4360..629a182c1d 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/client/cell.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/client/cell.go
@@ -14,19 +14,25 @@ import (
 	"strings"
 	"time"
 
+	"github.com/cilium/hive"
 	"github.com/cilium/hive/cell"
+	"github.com/cilium/hive/script"
 	"github.com/sirupsen/logrus"
 	apiext_clientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	apiext_fake "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake"
 	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
+	versionapi "k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
+	fakediscovery "k8s.io/client-go/discovery/fake"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
 	"k8s.io/client-go/rest"
+	k8sTesting "k8s.io/client-go/testing"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/util/connrotation"
 	mcsapi_clientset "sigs.k8s.io/mcs-api/pkg/client/clientset/versioned"
@@ -42,6 +48,7 @@ import (
 	slim_metav1beta1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/meta/v1beta1"
 	slim_clientset "github.com/cilium/cilium/pkg/k8s/slim/k8s/client/clientset/versioned"
 	slim_fake "github.com/cilium/cilium/pkg/k8s/slim/k8s/client/clientset/versioned/fake"
+	"github.com/cilium/cilium/pkg/k8s/testutils"
 	k8sversion "github.com/cilium/cilium/pkg/k8s/version"
 	"github.com/cilium/cilium/pkg/logging/logfields"
 	"github.com/cilium/cilium/pkg/version"
@@ -456,7 +463,17 @@ func isConnReady(c kubernetes.Interface) error {
 	return err
 }
 
-var FakeClientCell = cell.Provide(NewFakeClientset)
+var FakeClientCell = cell.Module(
+	"k8s-fake-client",
+	"Fake Kubernetes client",
+
+	cell.Provide(
+		NewFakeClientset,
+		func(fc *FakeClientset) hive.ScriptCmdOut {
+			return hive.NewScriptCmd("k8s", FakeClientCommand(fc))
+		},
+	),
+)
 
 type (
 	MCSAPIFakeClientset     = mcsapi_fake.Clientset
@@ -477,6 +494,8 @@ type FakeClientset struct {
 
 	SlimFakeClientset *SlimFakeClientset
 
+	trackers map[string]k8sTesting.ObjectTracker
+
 	enabled bool
 }
 
@@ -509,6 +528,19 @@ func (c *FakeClientset) RestConfig() *rest.Config {
 }
 
 func NewFakeClientset() (*FakeClientset, Clientset) {
+	version := testutils.DefaultVersion
+	return NewFakeClientsetWithVersion(version)
+}
+
+func NewFakeClientsetWithVersion(version string) (*FakeClientset, Clientset) {
+	if version == "" {
+		version = testutils.DefaultVersion
+	}
+	resources, found := testutils.APIResources[version]
+	if !found {
+		panic("version " + version + " not found from testutils.APIResources")
+	}
+
 	client := FakeClientset{
 		SlimFakeClientset:       slim_fake.NewSimpleClientset(),
 		CiliumFakeClientset:     cilium_fake.NewSimpleClientset(),
@@ -517,10 +549,30 @@ func NewFakeClientset() (*FakeClientset, Clientset) {
 		KubernetesFakeClientset: fake.NewSimpleClientset(),
 		enabled:                 true,
 	}
+	client.KubernetesFakeClientset.Resources = resources
+	client.SlimFakeClientset.Resources = resources
+	client.CiliumFakeClientset.Resources = resources
+	client.APIExtFakeClientset.Resources = resources
+	client.trackers = map[string]k8sTesting.ObjectTracker{
+		"slim":       client.SlimFakeClientset.Tracker(),
+		"cilium":     client.CiliumFakeClientset.Tracker(),
+		"mcs":        client.MCSAPIFakeClientset.Tracker(),
+		"kubernetes": client.KubernetesFakeClientset.Tracker(),
+		"apiexit":    client.APIExtFakeClientset.Tracker(),
+	}
+
+	fd := client.KubernetesFakeClientset.Discovery().(*fakediscovery.FakeDiscovery)
+	fd.FakedServerVersion = toVersionInfo(version)
+
 	client.clientsetGetters = clientsetGetters{&client}
 	return &client, &client
 }
 
+func toVersionInfo(rawVersion string) *versionapi.Info {
+	parts := strings.Split(rawVersion, ".")
+	return &versionapi.Info{Major: parts[0], Minor: parts[1]}
+}
+
 type ClientBuilderFunc func(name string) (Clientset, error)
 
 // NewClientBuilder returns a function that creates a new Clientset with the given
@@ -545,6 +597,79 @@ func FakeClientBuilder() ClientBuilderFunc {
 	}
 }
 
+func FakeClientCommand(fc *FakeClientset) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "interact with fake k8s client",
+			Args:    "<command> args...",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			if len(args) < 1 {
+				return nil, fmt.Errorf("usage: k8s <command> files...\n<command> is one of add, update or delete.")
+			}
+
+			action := args[0]
+			if len(args) < 2 {
+				return nil, fmt.Errorf("usage: k8s %s files...", action)
+			}
+
+			for _, file := range args[1:] {
+				b, err := os.ReadFile(s.Path(file))
+				if err != nil {
+					// Try relative to current directory, e.g. to allow reading "testdata/foo.yaml"
+					b, err = os.ReadFile(file)
+				}
+				if err != nil {
+					return nil, fmt.Errorf("failed to read %s: %w", file, err)
+				}
+				obj, gvk, err := testutils.DecodeObjectGVK(b)
+				if err != nil {
+					return nil, fmt.Errorf("decode: %w", err)
+				}
+				gvr, _ := meta.UnsafeGuessKindToResource(*gvk)
+				objMeta, err := meta.Accessor(obj)
+				if err != nil {
+					return nil, fmt.Errorf("accessor: %w", err)
+				}
+				name := objMeta.GetName()
+				ns := objMeta.GetNamespace()
+
+				// Try to add the object to all the trackers. If one of them
+				// accepts we're good. We'll add to all since multiple trackers
+				// may accept (e.g. slim and kubernetes).
+
+				// err will get set to nil if any of the tracker methods succeed.
+				// start with a non-nil default error.
+				err = fmt.Errorf("none of the trackers of FakeClientset accepted %T", obj)
+				for trackerName, tracker := range fc.trackers {
+					var trackerErr error
+					switch action {
+					case "add":
+						trackerErr = tracker.Add(obj)
+					case "update":
+						trackerErr = tracker.Update(gvr, obj, ns)
+					case "delete":
+						trackerErr = tracker.Delete(gvr, ns, name)
+					default:
+						return nil, fmt.Errorf("unknown k8s action %q, expected 'add', 'update' or 'delete'", action)
+					}
+					if err != nil {
+						if trackerErr == nil {
+							// One of the trackers accepted the object, it's a success!
+							err = nil
+						} else {
+							err = errors.Join(err, fmt.Errorf("%s: %w", trackerName, trackerErr))
+						}
+					}
+				}
+				if err != nil {
+					return nil, err
+				}
+			}
+			return nil, nil
+		})
+}
+
 func init() {
 	// Register the metav1.Table and metav1.PartialObjectMetadata for the
 	// apiextclientset.
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/ciliumbgpclusterconfig.go b/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/ciliumbgpclusterconfig.go
index 95fe53344f..5a4adb3c92 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/ciliumbgpclusterconfig.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/ciliumbgpclusterconfig.go
@@ -26,6 +26,8 @@ type CiliumBGPClusterConfigsGetter interface {
 type CiliumBGPClusterConfigInterface interface {
 	Create(ctx context.Context, ciliumBGPClusterConfig *v2alpha1.CiliumBGPClusterConfig, opts v1.CreateOptions) (*v2alpha1.CiliumBGPClusterConfig, error)
 	Update(ctx context.Context, ciliumBGPClusterConfig *v2alpha1.CiliumBGPClusterConfig, opts v1.UpdateOptions) (*v2alpha1.CiliumBGPClusterConfig, error)
+	// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+	UpdateStatus(ctx context.Context, ciliumBGPClusterConfig *v2alpha1.CiliumBGPClusterConfig, opts v1.UpdateOptions) (*v2alpha1.CiliumBGPClusterConfig, error)
 	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
 	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
 	Get(ctx context.Context, name string, opts v1.GetOptions) (*v2alpha1.CiliumBGPClusterConfig, error)
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/ciliumbgppeerconfig.go b/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/ciliumbgppeerconfig.go
index 8b5c9f3ce9..dace3626c7 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/ciliumbgppeerconfig.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/ciliumbgppeerconfig.go
@@ -26,6 +26,8 @@ type CiliumBGPPeerConfigsGetter interface {
 type CiliumBGPPeerConfigInterface interface {
 	Create(ctx context.Context, ciliumBGPPeerConfig *v2alpha1.CiliumBGPPeerConfig, opts v1.CreateOptions) (*v2alpha1.CiliumBGPPeerConfig, error)
 	Update(ctx context.Context, ciliumBGPPeerConfig *v2alpha1.CiliumBGPPeerConfig, opts v1.UpdateOptions) (*v2alpha1.CiliumBGPPeerConfig, error)
+	// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+	UpdateStatus(ctx context.Context, ciliumBGPPeerConfig *v2alpha1.CiliumBGPPeerConfig, opts v1.UpdateOptions) (*v2alpha1.CiliumBGPPeerConfig, error)
 	Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
 	DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
 	Get(ctx context.Context, name string, opts v1.GetOptions) (*v2alpha1.CiliumBGPPeerConfig, error)
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/fake/fake_ciliumbgpclusterconfig.go b/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/fake/fake_ciliumbgpclusterconfig.go
index c45f25cf1c..a9951b2477 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/fake/fake_ciliumbgpclusterconfig.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/fake/fake_ciliumbgpclusterconfig.go
@@ -86,6 +86,18 @@ func (c *FakeCiliumBGPClusterConfigs) Update(ctx context.Context, ciliumBGPClust
 	return obj.(*v2alpha1.CiliumBGPClusterConfig), err
 }
 
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeCiliumBGPClusterConfigs) UpdateStatus(ctx context.Context, ciliumBGPClusterConfig *v2alpha1.CiliumBGPClusterConfig, opts v1.UpdateOptions) (result *v2alpha1.CiliumBGPClusterConfig, err error) {
+	emptyResult := &v2alpha1.CiliumBGPClusterConfig{}
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateSubresourceActionWithOptions(ciliumbgpclusterconfigsResource, "status", ciliumBGPClusterConfig, opts), emptyResult)
+	if obj == nil {
+		return emptyResult, err
+	}
+	return obj.(*v2alpha1.CiliumBGPClusterConfig), err
+}
+
 // Delete takes name of the ciliumBGPClusterConfig and deletes it. Returns an error if one occurs.
 func (c *FakeCiliumBGPClusterConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/fake/fake_ciliumbgppeerconfig.go b/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/fake/fake_ciliumbgppeerconfig.go
index 650a69554f..be7b6693b7 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/fake/fake_ciliumbgppeerconfig.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/client/clientset/versioned/typed/cilium.io/v2alpha1/fake/fake_ciliumbgppeerconfig.go
@@ -86,6 +86,18 @@ func (c *FakeCiliumBGPPeerConfigs) Update(ctx context.Context, ciliumBGPPeerConf
 	return obj.(*v2alpha1.CiliumBGPPeerConfig), err
 }
 
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeCiliumBGPPeerConfigs) UpdateStatus(ctx context.Context, ciliumBGPPeerConfig *v2alpha1.CiliumBGPPeerConfig, opts v1.UpdateOptions) (result *v2alpha1.CiliumBGPPeerConfig, err error) {
+	emptyResult := &v2alpha1.CiliumBGPPeerConfig{}
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateSubresourceActionWithOptions(ciliumbgppeerconfigsResource, "status", ciliumBGPPeerConfig, opts), emptyResult)
+	if obj == nil {
+		return emptyResult, err
+	}
+	return obj.(*v2alpha1.CiliumBGPPeerConfig), err
+}
+
 // Delete takes name of the ciliumBGPPeerConfig and deletes it. Returns an error if one occurs.
 func (c *FakeCiliumBGPPeerConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/client/config.go b/vendor/github.com/cilium/cilium/pkg/k8s/client/config.go
index a2ecbfae8a..35b79d7742 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/client/config.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/client/config.go
@@ -40,7 +40,7 @@ type SharedConfig struct {
 	// K8sHeartbeatTimeout configures the timeout for apiserver heartbeat
 	K8sHeartbeatTimeout time.Duration
 
-	// K8sEnableAPIDiscovery enables Kubernetes API discovery
+	// EnableAPIDiscovery enables Kubernetes API discovery
 	EnableK8sAPIDiscovery bool
 }
 
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/endpoints.go b/vendor/github.com/cilium/cilium/pkg/k8s/endpoints.go
index 2fecf24e35..29e612729f 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/endpoints.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/endpoints.go
@@ -450,8 +450,8 @@ type EndpointSlices struct {
 	epSlices map[string]*Endpoints
 }
 
-// newEndpointsSlices returns a new EndpointSlices
-func newEndpointsSlices() *EndpointSlices {
+// NewEndpointsSlices returns a new EndpointSlices
+func NewEndpointsSlices() *EndpointSlices {
 	return &EndpointSlices{
 		epSlices: map[string]*Endpoints{},
 	}
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/portforward.go b/vendor/github.com/cilium/cilium/pkg/k8s/portforward.go
new file mode 100644
index 0000000000..6e2e672278
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/portforward.go
@@ -0,0 +1,198 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package k8s
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"sort"
+	"strings"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/portforward"
+	"k8s.io/client-go/transport/spdy"
+	kutil "k8s.io/kubectl/pkg/util"
+	"k8s.io/kubectl/pkg/util/podutils"
+
+	"github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels"
+)
+
+// ForwardedPort holds the local and remote mapped ports.
+type ForwardedPort struct {
+	Local  uint16
+	Remote uint16
+}
+
+// PortForwardParameters are the needed parameters to call PortForward.
+//
+// Ports value follow the kubectl syntax: <local-port>:<remote-port>:
+//   - 5000 means 5000:5000 listening on 5000 port locally, forwarding to 5000 in the pod
+//   - 8888:5000 means listening on 8888 port locally, forwarding to 5000 in the pod
+//   - 0:5000 means listening on a random port locally, forwarding to 5000 in the pod
+//   - :5000 means listening on a random port locally, forwarding to 5000 in the pod
+type PortForwardParameters struct {
+	Namespace  string
+	Pod        string
+	Ports      []string
+	Addresses  []string
+	OutWriters OutWriters
+}
+
+// OutWriters holds the two io.Writer used by the port forward.
+// These can be safely disabled by setting them to nil.
+type OutWriters struct {
+	Out    io.Writer
+	ErrOut io.Writer
+}
+
+// PortForwarder augments the k8s client-go PortForwarder with helper methods using a clientset.
+type PortForwarder struct {
+	clientset kubernetes.Interface
+	config    *rest.Config
+}
+
+// NewPortForwarder creates a new PortForwarder ready to use.
+func NewPortForwarder(clientset kubernetes.Interface, config *rest.Config) *PortForwarder {
+	return &PortForwarder{clientset: clientset, config: config}
+}
+
+// PortForwardResult are the ports that have been forwarded by PortForward.
+type PortForwardResult struct {
+	ForwardedPorts []ForwardedPort
+}
+
+// PortForward executes in a goroutine a port forward command.
+// To stop the port-forwarding, use the context by cancelling it.
+func (pf *PortForwarder) PortForward(ctx context.Context, p PortForwardParameters) (*PortForwardResult, error) {
+	req := pf.clientset.CoreV1().RESTClient().Post().Namespace(p.Namespace).
+		Resource("pods").Name(p.Pod).SubResource(strings.ToLower("PortForward"))
+
+	roundTripper, upgrader, err := spdy.RoundTripperFor(pf.config)
+	if err != nil {
+		return nil, err
+	}
+
+	dialer := spdy.NewDialer(upgrader, &http.Client{Transport: roundTripper}, http.MethodPost, req.URL())
+	stopChan, readyChan := make(chan struct{}, 1), make(chan struct{}, 1)
+	if len(p.Addresses) == 0 {
+		p.Addresses = []string{"localhost"}
+	}
+
+	pw, err := portforward.NewOnAddresses(dialer, p.Addresses, p.Ports, stopChan, readyChan, p.OutWriters.Out, p.OutWriters.ErrOut)
+	if err != nil {
+		return nil, err
+	}
+
+	errChan := make(chan error, 1)
+	go func() {
+		if err := pw.ForwardPorts(); err != nil {
+			errChan <- err
+		}
+	}()
+
+	go func() {
+		<-ctx.Done()
+		close(stopChan)
+	}()
+
+	select {
+	case <-pw.Ready:
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case err := <-errChan:
+		return nil, err
+	}
+
+	ports, err := pw.GetPorts()
+	if err != nil {
+		return nil, err
+	}
+
+	forwardedPorts := make([]ForwardedPort, 0, len(ports))
+	for _, port := range ports {
+		forwardedPorts = append(forwardedPorts, ForwardedPort{port.Local, port.Remote})
+	}
+
+	return &PortForwardResult{
+		ForwardedPorts: forwardedPorts,
+	}, nil
+}
+
+// PortForwardServiceResult are the ports that have been forwarded by PortForwardService.
+type PortForwardServiceResult struct {
+	ForwardedPort ForwardedPort
+}
+
+// PortForwardService executes in a goroutine a port forward command towards one of the pod behind a
+// service. If `localPort` is 0, a random port is selected. If `svcPort` is 0, uses the first port
+// configured on the service.
+//
+// To stop the port-forwarding, use the context by cancelling it.
+func (pf *PortForwarder) PortForwardService(ctx context.Context, namespace, name string, localPort, svcPort int32) (*PortForwardServiceResult, error) {
+	svc, err := pf.clientset.CoreV1().Services(namespace).Get(ctx, name, metav1.GetOptions{})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get service %q: %w", name, err)
+	}
+
+	pod, err := pf.getFirstPodForService(ctx, svc)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get service %q: %w", name, err)
+	}
+
+	if svcPort == 0 {
+		svcPort = svc.Spec.Ports[0].Port
+	}
+
+	containerPort, err := kutil.LookupContainerPortNumberByServicePort(*svc, *pod, svcPort)
+	if err != nil {
+		return nil, fmt.Errorf("failed to lookup container port with service port %d: %w", svcPort, err)
+	}
+
+	p := PortForwardParameters{
+		Namespace:  pod.Namespace,
+		Pod:        pod.Name,
+		Ports:      []string{fmt.Sprintf("%d:%d", localPort, containerPort)},
+		Addresses:  nil, // default is localhost
+		OutWriters: OutWriters{Out: nil, ErrOut: nil},
+	}
+
+	res, err := pf.PortForward(ctx, p)
+	if err != nil {
+		return nil, fmt.Errorf("failed to port forward: %w", err)
+	}
+
+	return &PortForwardServiceResult{
+		ForwardedPort: res.ForwardedPorts[0],
+	}, nil
+}
+
+// getFirstPodForService returns the first pod in the list of pods matching the service selector,
+// sorted from most to less active (see `podutils.ActivePods` for more details).
+func (pf *PortForwarder) getFirstPodForService(ctx context.Context, svc *corev1.Service) (*corev1.Pod, error) {
+	selector := labels.SelectorFromSet(svc.Spec.Selector)
+	podList, err := pf.clientset.CoreV1().Pods(svc.Namespace).List(ctx, metav1.ListOptions{LabelSelector: selector.String()})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get list of pods for service %q: %w", svc.Name, err)
+	}
+	if len(podList.Items) == 0 {
+		return nil, fmt.Errorf("no pods found for service: %s", svc.Name)
+	}
+	if len(podList.Items) == 1 {
+		return &podList.Items[0], nil
+	}
+
+	pods := make([]*corev1.Pod, 0, len(podList.Items))
+	for _, pod := range podList.Items {
+		pods = append(pods, &pod)
+	}
+	sortBy := func(pods []*corev1.Pod) sort.Interface { return sort.Reverse(podutils.ActivePods(pods)) }
+	sort.Sort(sortBy(pods))
+
+	return pods[0], nil
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/service.go b/vendor/github.com/cilium/cilium/pkg/k8s/service.go
index 6e84cff86b..065b48f4bb 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/service.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/service.go
@@ -229,7 +229,7 @@ func ParseService(svc *slim_corev1.Service, nodePortAddrs []netip.Addr) (Service
 
 	if expType.canExpose(slim_corev1.ServiceTypeLoadBalancer) {
 		for _, ip := range svc.Status.LoadBalancer.Ingress {
-			if ip.IP != "" {
+			if ip.IP != "" && ip.IPMode == nil || *ip.IPMode == slim_corev1.LoadBalancerIPModeVIP {
 				loadBalancerIPs = append(loadBalancerIPs, ip.IP)
 			}
 		}
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/service_cache.go b/vendor/github.com/cilium/cilium/pkg/k8s/service_cache.go
index 600a679fab..3c4f10e6b0 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/service_cache.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/service_cache.go
@@ -301,7 +301,7 @@ func (s *ServiceCache) GetEndpointsOfService(svcID ServiceID) *Endpoints {
 // Services are iterated in random order.
 // The ServiceCache is read-locked during this function call. The passed in
 // Service and Endpoints references are read-only.
-func (s *ServiceCache) ForEachService(yield func(svcID ServiceID, svc *Service, eps *Endpoints) bool) {
+func (s *ServiceCache) ForEachService(yield func(svcID ServiceID, svc *Service, eps *EndpointSlices) bool) {
 	s.mutex.RLock()
 	defer s.mutex.RUnlock()
 
@@ -310,8 +310,7 @@ func (s *ServiceCache) ForEachService(yield func(svcID ServiceID, svc *Service,
 		if !ok {
 			continue
 		}
-		eps := ep.GetEndpoints()
-		if !yield(svcID, svc, eps) {
+		if !yield(svcID, svc, ep) {
 			return
 		}
 	}
@@ -454,7 +453,7 @@ func (s *ServiceCache) UpdateEndpoints(newEndpoints *Endpoints, swg *lock.Stoppa
 			return esID.ServiceID, newEndpoints
 		}
 	} else {
-		eps = newEndpointsSlices()
+		eps = NewEndpointsSlices()
 		s.endpoints[esID.ServiceID] = eps
 	}
 
@@ -628,19 +627,20 @@ func (s *ServiceCache) filterEndpoints(localEndpoints *Endpoints, svc *Service)
 //
 // OR Remote endpoints exist which correlate to the service.
 func (s *ServiceCache) correlateEndpoints(id ServiceID) (*Endpoints, bool) {
-	endpoints := newEndpoints()
-
-	localEndpoints := s.endpoints[id].GetEndpoints()
+	endpoints := s.endpoints[id].GetEndpoints()
 	svc, svcFound := s.services[id]
 
-	hasLocalEndpoints := localEndpoints != nil
+	hasLocalEndpoints := endpoints != nil
 	if hasLocalEndpoints {
-		localEndpoints = s.filterEndpoints(localEndpoints, svc)
+		endpoints = s.filterEndpoints(endpoints, svc)
 
-		for ip, e := range localEndpoints.Backends {
+		for _, e := range endpoints.Backends {
+			// The endpoints returned by GetEndpoints are already deep copies,
+			// hence we can mutate them in-place without problems.
 			e.Preferred = svcFound && svc.IncludeExternal && svc.ServiceAffinity == serviceAffinityLocal
-			endpoints.Backends[ip] = e.DeepCopy()
 		}
+	} else {
+		endpoints = newEndpoints()
 	}
 
 	var hasExternalEndpoints bool
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/synced/crd.go b/vendor/github.com/cilium/cilium/pkg/k8s/synced/crd.go
index 86b23a3054..c4dcbdffae 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/synced/crd.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/synced/crd.go
@@ -37,11 +37,8 @@ func CRDResourceName(crd string) string {
 
 func agentCRDResourceNames() []string {
 	result := []string{
-		CRDResourceName(v2.CNPName),
-		CRDResourceName(v2.CCNPName),
 		CRDResourceName(v2.CNName),
 		CRDResourceName(v2.CIDName),
-		CRDResourceName(v2alpha1.CCGName),
 		CRDResourceName(v2alpha1.CPIPName),
 	}
 
@@ -52,6 +49,18 @@ func agentCRDResourceNames() []string {
 		}
 	}
 
+	if option.Config.EnableCiliumNetworkPolicy {
+		result = append(result, CRDResourceName(v2.CNPName))
+	}
+
+	if option.Config.EnableCiliumClusterwideNetworkPolicy {
+		result = append(result, CRDResourceName(v2.CCNPName))
+	}
+
+	if option.Config.EnableCiliumNetworkPolicy || option.Config.EnableCiliumClusterwideNetworkPolicy {
+		result = append(result, CRDResourceName(v2alpha1.CCGName))
+	}
+
 	if option.Config.EnableIPv4EgressGateway {
 		result = append(result, CRDResourceName(v2.CEGPName))
 	}
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/synced/resources.go b/vendor/github.com/cilium/cilium/pkg/k8s/synced/resources.go
index 32280dca04..4512d3e163 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/synced/resources.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/synced/resources.go
@@ -9,7 +9,6 @@ import (
 	"golang.org/x/sync/errgroup"
 	"k8s.io/client-go/tools/cache"
 
-	"github.com/cilium/cilium/pkg/inctimer"
 	"github.com/cilium/cilium/pkg/lock"
 	"github.com/cilium/cilium/pkg/time"
 )
@@ -185,7 +184,7 @@ func (r *Resources) WaitForCacheSyncWithTimeout(timeout time.Duration, resourceN
 					// If timeout is reached, check if an event occurred that would
 					// have pushed back the timeout and wait for that amount of time.
 					select {
-					case now := <-inctimer.After(currTimeout):
+					case now := <-time.After(currTimeout):
 						lastEvent, never := r.getTimeOfLastEvent(resource)
 						if never {
 							return fmt.Errorf("timed out after %s, never received event for resource %q", timeout, resource)
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/testutils/decoder.go b/vendor/github.com/cilium/cilium/pkg/k8s/testutils/decoder.go
index 61ae4c4275..dec8f753cd 100644
--- a/vendor/github.com/cilium/cilium/pkg/k8s/testutils/decoder.go
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/testutils/decoder.go
@@ -8,6 +8,7 @@ import (
 	"sync"
 
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
@@ -63,6 +64,11 @@ func DecodeObject(bytes []byte) (runtime.Object, error) {
 	return obj, err
 }
 
+func DecodeObjectGVK(bytes []byte) (runtime.Object, *schema.GroupVersionKind, error) {
+	obj, gvk, err := Decoder().Decode(bytes, nil, nil)
+	return obj, gvk, err
+}
+
 func DecodeFile(path string) (runtime.Object, error) {
 	bs, err := os.ReadFile(path)
 	if err != nil {
diff --git a/vendor/github.com/cilium/cilium/pkg/k8s/testutils/resources.go b/vendor/github.com/cilium/cilium/pkg/k8s/testutils/resources.go
new file mode 100644
index 0000000000..2944a47d7a
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/k8s/testutils/resources.go
@@ -0,0 +1,85 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package testutils
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	discov1 "k8s.io/api/discovery/v1"
+	discov1beta1 "k8s.io/api/discovery/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	cilium_v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
+)
+
+var (
+	DefaultVersion = "1.26"
+
+	// APIResources is the list of API resources for the k8s version that we're mocking.
+	// This is mostly relevant for the feature detection at pkg/k8s/version/version.go.
+	// The lists here are currently not exhaustive and expanded on need-by-need basis.
+	APIResources = map[string][]*metav1.APIResourceList{
+		"1.16": {
+			CoreV1APIResources,
+			CiliumV2APIResources,
+		},
+		"1.24": {
+			CoreV1APIResources,
+			DiscoveryV1APIResources,
+			DiscoveryV1Beta1APIResources,
+			CiliumV2APIResources,
+		},
+		"1.25": {
+			CoreV1APIResources,
+			DiscoveryV1APIResources,
+			CiliumV2APIResources,
+		},
+		"1.26": {
+			CoreV1APIResources,
+			DiscoveryV1APIResources,
+			CiliumV2APIResources,
+		},
+	}
+
+	CoreV1APIResources = &metav1.APIResourceList{
+		GroupVersion: corev1.SchemeGroupVersion.String(),
+		APIResources: []metav1.APIResource{
+			{Name: "nodes", Kind: "Node"},
+			{Name: "pods", Namespaced: true, Kind: "Pod"},
+			{Name: "services", Namespaced: true, Kind: "Service"},
+			{Name: "endpoints", Namespaced: true, Kind: "Endpoint"},
+		},
+	}
+
+	CiliumV2APIResources = &metav1.APIResourceList{
+		TypeMeta:     metav1.TypeMeta{},
+		GroupVersion: cilium_v2.SchemeGroupVersion.String(),
+		APIResources: []metav1.APIResource{
+			{Name: cilium_v2.CNPluralName, Kind: cilium_v2.CNKindDefinition},
+			{Name: cilium_v2.CEPPluralName, Namespaced: true, Kind: cilium_v2.CEPKindDefinition},
+			{Name: cilium_v2.CIDPluralName, Namespaced: true, Kind: cilium_v2.CIDKindDefinition},
+			{Name: cilium_v2.CEGPPluralName, Namespaced: true, Kind: cilium_v2.CEGPKindDefinition},
+			{Name: cilium_v2.CNPPluralName, Namespaced: true, Kind: cilium_v2.CNPKindDefinition},
+			{Name: cilium_v2.CCNPPluralName, Namespaced: true, Kind: cilium_v2.CCNPKindDefinition},
+			{Name: cilium_v2.CLRPPluralName, Namespaced: true, Kind: cilium_v2.CLRPKindDefinition},
+			{Name: cilium_v2.CEWPluralName, Namespaced: true, Kind: cilium_v2.CEWKindDefinition},
+			{Name: cilium_v2.CCECPluralName, Namespaced: true, Kind: cilium_v2.CCECKindDefinition},
+			{Name: cilium_v2.CECPluralName, Namespaced: true, Kind: cilium_v2.CECKindDefinition},
+		},
+	}
+
+	DiscoveryV1APIResources = &metav1.APIResourceList{
+		TypeMeta:     metav1.TypeMeta{},
+		GroupVersion: discov1.SchemeGroupVersion.String(),
+		APIResources: []metav1.APIResource{
+			{Name: "endpointslices", Namespaced: true, Kind: "EndpointSlice"},
+		},
+	}
+
+	DiscoveryV1Beta1APIResources = &metav1.APIResourceList{
+		GroupVersion: discov1beta1.SchemeGroupVersion.String(),
+		APIResources: []metav1.APIResource{
+			{Name: "endpointslices", Namespaced: true, Kind: "EndpointSlice"},
+		},
+	}
+)
diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/dummy.go b/vendor/github.com/cilium/cilium/pkg/kvstore/dummy.go
index 14d3841ac0..83d6991e76 100644
--- a/vendor/github.com/cilium/cilium/pkg/kvstore/dummy.go
+++ b/vendor/github.com/cilium/cilium/pkg/kvstore/dummy.go
@@ -9,7 +9,6 @@ import (
 
 	client "go.etcd.io/etcd/client/v3"
 
-	"github.com/cilium/cilium/pkg/inctimer"
 	"github.com/cilium/cilium/pkg/time"
 )
 
@@ -66,9 +65,6 @@ func SetupDummyWithConfigOpts(tb testing.TB, dummyBackend string, opts map[strin
 		tb.Fatalf("Failed waiting for kvstore connection to be established: %v", err)
 	}
 
-	timer, done := inctimer.New()
-	defer done()
-
 	// Multiple tests might be running in parallel by go test if they are part of
 	// different packages. Let's implement a locking mechanism to ensure that only
 	// one at a time can access the kvstore, to prevent that they interact with
@@ -86,7 +82,7 @@ func SetupDummyWithConfigOpts(tb testing.TB, dummyBackend string, opts map[strin
 		}
 
 		select {
-		case <-timer.After(100 * time.Millisecond):
+		case <-time.After(100 * time.Millisecond):
 		case <-ctx.Done():
 			tb.Fatal("Timed out waiting to acquire the kvstore lock")
 		}
diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go b/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go
index dc43ad0f39..f865ebb774 100644
--- a/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go
+++ b/vendor/github.com/cilium/cilium/pkg/kvstore/etcd.go
@@ -28,7 +28,6 @@ import (
 
 	"github.com/cilium/cilium/pkg/backoff"
 	"github.com/cilium/cilium/pkg/defaults"
-	"github.com/cilium/cilium/pkg/inctimer"
 	"github.com/cilium/cilium/pkg/lock"
 	"github.com/cilium/cilium/pkg/logging/logfields"
 	"github.com/cilium/cilium/pkg/option"
@@ -1018,9 +1017,6 @@ func (e *etcdClient) statusChecker() {
 
 	var consecutiveQuorumErrors uint
 
-	statusTimer, statusTimerDone := inctimer.New()
-	defer statusTimerDone()
-
 	e.RWMutex.Lock()
 	// Ensure that lastHearbeat is always set to a non-zero value when starting
 	// the status checker, to guarantee that we can correctly compute the time
@@ -1106,7 +1102,7 @@ func (e *etcdClient) statusChecker() {
 		case <-e.stopStatusChecker:
 			close(e.statusCheckErrors)
 			return
-		case <-statusTimer.After(e.extraOptions.StatusCheckInterval(allConnected)):
+		case <-time.After(e.extraOptions.StatusCheckInterval(allConnected)):
 		}
 	}
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/kvstore/lock.go b/vendor/github.com/cilium/cilium/pkg/kvstore/lock.go
index c70ee81046..b28c74f083 100644
--- a/vendor/github.com/cilium/cilium/pkg/kvstore/lock.go
+++ b/vendor/github.com/cilium/cilium/pkg/kvstore/lock.go
@@ -13,7 +13,6 @@ import (
 
 	"github.com/cilium/cilium/pkg/debug"
 	"github.com/cilium/cilium/pkg/defaults"
-	"github.com/cilium/cilium/pkg/inctimer"
 	"github.com/cilium/cilium/pkg/lock"
 	"github.com/cilium/cilium/pkg/time"
 )
@@ -79,8 +78,6 @@ func (pl *pathLocks) runGC() {
 }
 
 func (pl *pathLocks) lock(ctx context.Context, path string) (id uuid.UUID, err error) {
-	lockTimer, lockTimerDone := inctimer.New()
-	defer lockTimerDone()
 	for {
 		pl.mutex.Lock()
 		if _, ok := pl.lockPaths[path]; !ok {
@@ -95,7 +92,7 @@ func (pl *pathLocks) lock(ctx context.Context, path string) (id uuid.UUID, err e
 		pl.mutex.Unlock()
 
 		select {
-		case <-lockTimer.After(time.Duration(10) * time.Millisecond):
+		case <-time.After(10 * time.Millisecond):
 		case <-ctx.Done():
 			err = fmt.Errorf("lock was cancelled: %w", ctx.Err())
 			return
diff --git a/vendor/github.com/cilium/cilium/pkg/labels/arraylist.go b/vendor/github.com/cilium/cilium/pkg/labels/arraylist.go
index 11e5669ec1..80d1b2ae3b 100644
--- a/vendor/github.com/cilium/cilium/pkg/labels/arraylist.go
+++ b/vendor/github.com/cilium/cilium/pkg/labels/arraylist.go
@@ -3,7 +3,10 @@
 
 package labels
 
-import "sort"
+import (
+	"fmt"
+	"sort"
+)
 
 // LabelArrayList is an array of LabelArrays. It is primarily intended as a
 // simple collection
@@ -35,16 +38,70 @@ func (ls LabelArrayList) GetModel() [][]string {
 // Equals returns true if the label arrays lists have the same label arrays in the same order.
 func (ls LabelArrayList) Equals(b LabelArrayList) bool {
 	if len(ls) != len(b) {
+		fmt.Printf("LEN DIFFERS: obtained %v, expected %v\n", ls, b)
 		return false
 	}
 	for l := range ls {
 		if !ls[l].Equals(b[l]) {
+			fmt.Printf("LABEL ARRAY %d DIFFERS: obtained %v, expected %v\n",
+				l, ls[l], b[l])
 			return false
 		}
 	}
 	return true
 }
 
+// Diff returns the string of differences between 'ls' and 'expected' LabelArrayList with
+// '+ ' or '- ' for obtaining something unexpected, or not obtaining the expected, respectively.
+// For use in debugging. Assumes sorted LabelArrayLists.
+func (ls LabelArrayList) Diff(expected LabelArrayList) (res string) {
+	res += ""
+	i := 0
+	j := 0
+	for i < len(ls) && j < len(expected) {
+		if ls[i].Equals(expected[j]) {
+			i++
+			j++
+			continue
+		}
+		if ls[i].Less(expected[j]) {
+			// obtained has an unexpected labelArray
+			res += "    + " + ls[i].String() + "\n"
+			i++
+		}
+		for j < len(expected) && expected[j].Less(ls[i]) {
+			// expected has a missing labelArray
+			res += "    - " + expected[j].String() + "\n"
+			j++
+		}
+	}
+	for i < len(ls) {
+		// obtained has an unexpected labelArray
+		res += "    + " + ls[i].String() + "\n"
+		i++
+	}
+	for j < len(expected) {
+		// expected has a missing labelArray
+		res += "    - " + expected[j].String() + "\n"
+		j++
+	}
+
+	return res
+}
+
+// GetModel returns the LabelArrayList as a [][]string. Each member LabelArray
+// becomes a []string.
+func (ls LabelArrayList) String() string {
+	res := ""
+	for _, v := range ls {
+		if res != "" {
+			res += ", "
+		}
+		res += v.String()
+	}
+	return res
+}
+
 // Sort sorts the LabelArrayList in-place, but also returns the sorted list
 // for convenience. The LabelArrays themselves must already be sorted. This is
 // true for all constructors of LabelArray.
diff --git a/vendor/github.com/cilium/cilium/pkg/loadbalancer/loadbalancer.go b/vendor/github.com/cilium/cilium/pkg/loadbalancer/loadbalancer.go
index 8f6554459f..1a07322388 100644
--- a/vendor/github.com/cilium/cilium/pkg/loadbalancer/loadbalancer.go
+++ b/vendor/github.com/cilium/cilium/pkg/loadbalancer/loadbalancer.go
@@ -79,13 +79,13 @@ const (
 	serviceFlagIntLocalScope   = 1 << 12
 	serviceFlagTwoScopes       = 1 << 13
 	serviceFlagQuarantined     = 1 << 14
-	serviceFlagFwdModeFlip     = 1 << 15
+	serviceFlagFwdModeDSR      = 1 << 15
 )
 
 type SvcFlagParam struct {
 	SvcType          SVCType
-	SvcFwdModeFlip   bool
 	SvcNatPolicy     SVCNatPolicy
+	SvcFwdModeDSR    bool
 	SvcExtLocal      bool
 	SvcIntLocal      bool
 	SessionAffinity  bool
@@ -147,8 +147,8 @@ func NewSvcFlag(p *SvcFlagParam) ServiceFlags {
 	if p.Quarantined {
 		flags |= serviceFlagQuarantined
 	}
-	if p.SvcFwdModeFlip {
-		flags |= serviceFlagFwdModeFlip
+	if p.SvcFwdModeDSR {
+		flags |= serviceFlagFwdModeDSR
 	}
 
 	return flags
@@ -253,8 +253,8 @@ func (s ServiceFlags) String() string {
 	if s&serviceFlagQuarantined != 0 {
 		str = append(str, "quarantined")
 	}
-	if s&serviceFlagFwdModeFlip != 0 {
-		str = append(str, "flip")
+	if s&serviceFlagFwdModeDSR != 0 {
+		str = append(str, "dsr")
 	}
 	return strings.Join(str, ", ")
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/logging/slog.go b/vendor/github.com/cilium/cilium/pkg/logging/slog.go
index ec95a7e6b6..ca062fe0f3 100644
--- a/vendor/github.com/cilium/cilium/pkg/logging/slog.go
+++ b/vendor/github.com/cilium/cilium/pkg/logging/slog.go
@@ -11,8 +11,13 @@ import (
 	"time"
 
 	"github.com/sirupsen/logrus"
+
+	"github.com/cilium/cilium/pkg/logging/logfields"
 )
 
+// logrErrorKey is the key used by the logr library for the error parameter.
+const logrErrorKey = "err"
+
 // SlogNopHandler discards all logs.
 var SlogNopHandler slog.Handler = nopHandler{}
 
@@ -26,7 +31,7 @@ func (n nopHandler) WithGroup(string) slog.Handler           { return n }
 var slogHandlerOpts = &slog.HandlerOptions{
 	AddSource:   false,
 	Level:       slog.LevelInfo,
-	ReplaceAttr: replaceLevelAndDropTime,
+	ReplaceAttr: replaceAttrFnWithoutTimestamp,
 }
 
 // Default slog logger. Will be overwritten once initializeSlog is called.
@@ -59,9 +64,9 @@ func initializeSlog(logOpts LogOptions, useStdout bool) {
 	logFormat := logOpts.GetLogFormat()
 	switch logFormat {
 	case LogFormatJSON, LogFormatText:
-		opts.ReplaceAttr = replaceLevelAndDropTime
+		opts.ReplaceAttr = replaceAttrFnWithoutTimestamp
 	case LogFormatJSONTimestamp, LogFormatTextTimestamp:
-		opts.ReplaceAttr = replaceLevel
+		opts.ReplaceAttr = replaceAttrFn
 	}
 
 	writer := os.Stderr
@@ -83,7 +88,7 @@ func initializeSlog(logOpts LogOptions, useStdout bool) {
 	}
 }
 
-func replaceLevel(groups []string, a slog.Attr) slog.Attr {
+func replaceAttrFn(groups []string, a slog.Attr) slog.Attr {
 	switch a.Key {
 	case slog.TimeKey:
 		// Adjust to timestamp format that logrus uses; except that we can't
@@ -95,21 +100,22 @@ func replaceLevel(groups []string, a slog.Attr) slog.Attr {
 			Key:   a.Key,
 			Value: slog.StringValue(strings.ToLower(a.Value.String())),
 		}
+	case logrErrorKey:
+		// Uniform the attribute identifying the error
+		return slog.Attr{
+			Key:   logfields.Error,
+			Value: a.Value,
+		}
 	}
 	return a
 }
 
-func replaceLevelAndDropTime(groups []string, a slog.Attr) slog.Attr {
+func replaceAttrFnWithoutTimestamp(groups []string, a slog.Attr) slog.Attr {
 	switch a.Key {
 	case slog.TimeKey:
 		// Drop timestamps
 		return slog.Attr{}
-	case slog.LevelKey:
-		// Lower-case the log level
-		return slog.Attr{
-			Key:   a.Key,
-			Value: slog.StringValue(strings.ToLower(a.Value.String())),
-		}
+	default:
+		return replaceAttrFn(groups, a)
 	}
-	return a
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/mac/mac_linux.go b/vendor/github.com/cilium/cilium/pkg/mac/mac_linux.go
index 9e9dd69ea7..8f0d415e7b 100644
--- a/vendor/github.com/cilium/cilium/pkg/mac/mac_linux.go
+++ b/vendor/github.com/cilium/cilium/pkg/mac/mac_linux.go
@@ -8,11 +8,13 @@ import (
 	"net"
 
 	"github.com/vishvananda/netlink"
+
+	"github.com/cilium/cilium/pkg/datapath/linux/safenetlink"
 )
 
 // HasMacAddr returns true if the given network interface has L2 addr.
 func HasMacAddr(iface string) bool {
-	link, err := netlink.LinkByName(iface)
+	link, err := safenetlink.LinkByName(iface)
 	if err != nil {
 		return false
 	}
@@ -26,7 +28,7 @@ func LinkHasMacAddr(link netlink.Link) bool {
 
 // ReplaceMacAddressWithLinkName replaces the MAC address of the given link
 func ReplaceMacAddressWithLinkName(ifName, macAddress string) error {
-	l, err := netlink.LinkByName(ifName)
+	l, err := safenetlink.LinkByName(ifName)
 	if err != nil {
 		if errors.As(err, &netlink.LinkNotFoundError{}) {
 			return nil
diff --git a/vendor/github.com/cilium/cilium/pkg/monitor/api/files.go b/vendor/github.com/cilium/cilium/pkg/monitor/api/files.go
index c2057b761f..b314a0582d 100644
--- a/vendor/github.com/cilium/cilium/pkg/monitor/api/files.go
+++ b/vendor/github.com/cilium/cilium/pkg/monitor/api/files.go
@@ -33,6 +33,7 @@ var files = map[uint8]string{
 	112: "encap.h",
 	113: "encrypt.h",
 	114: "host_firewall.h",
+	115: "nodeport_egress.h",
 
 	// @@ source files list end
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/node/address.go b/vendor/github.com/cilium/cilium/pkg/node/address.go
index 74225b98ae..8bfeea9948 100644
--- a/vendor/github.com/cilium/cilium/pkg/node/address.go
+++ b/vendor/github.com/cilium/cilium/pkg/node/address.go
@@ -262,12 +262,6 @@ func SetRouterInfo(info RouterInfo) {
 	addrs.mu.Unlock()
 }
 
-// GetHostMasqueradeIPv4 returns the IPv4 address to be used for masquerading
-// any traffic that is being forwarded from the host into the Cilium cluster.
-func GetHostMasqueradeIPv4() net.IP {
-	return GetInternalIPv4Router()
-}
-
 // SetIPv4AllocRange sets the IPv4 address pool to use when allocating
 // addresses for local endpoints
 func SetIPv4AllocRange(net *cidr.CIDR) {
@@ -320,12 +314,6 @@ func GetIPv6() net.IP {
 	return clone(n.GetNodeIP(true))
 }
 
-// GetHostMasqueradeIPv6 returns the IPv6 address to be used for masquerading
-// any traffic that is being forwarded from the host into the Cilium cluster.
-func GetHostMasqueradeIPv6() net.IP {
-	return GetIPv6Router()
-}
-
 // GetIPv6Router returns the IPv6 address of the router, e.g. address
 // of cilium_host device.
 func GetIPv6Router() net.IP {
diff --git a/vendor/github.com/cilium/cilium/pkg/node/address_linux.go b/vendor/github.com/cilium/cilium/pkg/node/address_linux.go
index 0f244f0bc0..b35e3261b0 100644
--- a/vendor/github.com/cilium/cilium/pkg/node/address_linux.go
+++ b/vendor/github.com/cilium/cilium/pkg/node/address_linux.go
@@ -14,6 +14,7 @@ import (
 	"github.com/vishvananda/netlink"
 	"golang.org/x/sys/unix"
 
+	"github.com/cilium/cilium/pkg/datapath/linux/safenetlink"
 	"github.com/cilium/cilium/pkg/ip"
 )
 
@@ -31,7 +32,7 @@ func firstGlobalAddr(intf string, preferredIP net.IP, family int, preferPublic b
 	}
 
 	if intf != "" && intf != "undefined" {
-		link, err = netlink.LinkByName(intf)
+		link, err = safenetlink.LinkByName(intf)
 		if err != nil {
 			link = nil
 		} else {
@@ -40,7 +41,7 @@ func firstGlobalAddr(intf string, preferredIP net.IP, family int, preferPublic b
 	}
 
 retryInterface:
-	addr, err := netlink.AddrList(link, family)
+	addr, err := safenetlink.AddrList(link, family)
 	if err != nil {
 		return nil, err
 	}
@@ -167,11 +168,11 @@ func firstGlobalV6Addr(intf string, preferredIP net.IP, preferPublic bool) (net.
 // getCiliumHostIPsFromNetDev returns the first IPv4 link local and returns
 // it
 func getCiliumHostIPsFromNetDev(devName string) (ipv4GW, ipv6Router net.IP) {
-	hostDev, err := netlink.LinkByName(devName)
+	hostDev, err := safenetlink.LinkByName(devName)
 	if err != nil {
 		return nil, nil
 	}
-	addrs, err := netlink.AddrList(hostDev, netlink.FAMILY_ALL)
+	addrs, err := safenetlink.AddrList(hostDev, netlink.FAMILY_ALL)
 	if err != nil {
 		return nil, nil
 	}
diff --git a/vendor/github.com/cilium/cilium/pkg/node/ip_linux.go b/vendor/github.com/cilium/cilium/pkg/node/ip_linux.go
index f2078f774a..615d1c586a 100644
--- a/vendor/github.com/cilium/cilium/pkg/node/ip_linux.go
+++ b/vendor/github.com/cilium/cilium/pkg/node/ip_linux.go
@@ -7,6 +7,8 @@ import (
 	"strings"
 
 	"github.com/vishvananda/netlink"
+
+	"github.com/cilium/cilium/pkg/datapath/linux/safenetlink"
 )
 
 func init() {
@@ -18,7 +20,7 @@ func initExcludedIPs() {
 	prefixes := []string{
 		"docker",
 	}
-	links, err := netlink.LinkList()
+	links, err := safenetlink.LinkList()
 	if err != nil {
 		return
 	}
@@ -48,7 +50,7 @@ func initExcludedIPs() {
 				continue
 			}
 		}
-		addr, err := netlink.AddrList(l, netlink.FAMILY_ALL)
+		addr, err := safenetlink.AddrList(l, netlink.FAMILY_ALL)
 		if err != nil {
 			continue
 		}
diff --git a/vendor/github.com/cilium/cilium/pkg/option/config.go b/vendor/github.com/cilium/cilium/pkg/option/config.go
index ce10af41be..9611e85212 100644
--- a/vendor/github.com/cilium/cilium/pkg/option/config.go
+++ b/vendor/github.com/cilium/cilium/pkg/option/config.go
@@ -9,7 +9,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"math"
 	"net"
 	"net/netip"
@@ -31,10 +30,8 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
-	"google.golang.org/protobuf/types/known/fieldmaskpb"
 	k8sLabels "k8s.io/apimachinery/pkg/labels"
 
-	flowpb "github.com/cilium/cilium/api/v1/flow"
 	"github.com/cilium/cilium/api/v1/models"
 	"github.com/cilium/cilium/pkg/cidr"
 	clustermeshTypes "github.com/cilium/cilium/pkg/clustermesh/types"
@@ -549,6 +546,9 @@ const (
 	// AuthMapEntriesDefault defines the default auth map limit.
 	AuthMapEntriesDefault = 1 << 19
 
+	// BPFConntrackAccounting controls whether CT accounting for packets and bytes is enabled
+	BPFConntrackAccountingDefault = false
+
 	// AuthMapEntriesName configures max entries for BPF auth map.
 	AuthMapEntriesName = "bpf-auth-map-max"
 
@@ -796,9 +796,6 @@ const (
 	// or direct routing is used and the node CIDR and pod CIDR overlap.
 	EncryptionStrictModeAllowRemoteNodeIdentities = "encryption-strict-mode-allow-remote-node-identities"
 
-	// EnableWireguardUserspaceFallback is the name of the option that enables the fallback to WireGuard userspace mode
-	EnableWireguardUserspaceFallback = "enable-wireguard-userspace-fallback"
-
 	// WireguardPersistentKeepalivee controls Wireguard PersistentKeepalive option. Set 0 to disable.
 	WireguardPersistentKeepalive = "wireguard-persistent-keepalive"
 
@@ -969,141 +966,6 @@ const (
 	// PolicyAccountingArg argument enable policy accounting.
 	PolicyAccountingArg = "policy-accounting"
 
-	// EnableHubble enables hubble in the agent.
-	EnableHubble = "enable-hubble"
-
-	// HubbleSocketPath specifies the UNIX domain socket for Hubble server to listen to.
-	HubbleSocketPath = "hubble-socket-path"
-
-	// HubbleListenAddress specifies address for Hubble server to listen to.
-	HubbleListenAddress = "hubble-listen-address"
-
-	// HubblePreferIpv6 controls whether IPv6 or IPv4 addresses should be preferred for
-	// communication to agents, if both are available.
-	HubblePreferIpv6 = "hubble-prefer-ipv6"
-
-	// HubbleTLSDisabled allows the Hubble server to run on the given listen
-	// address without TLS.
-	HubbleTLSDisabled = "hubble-disable-tls"
-
-	// HubbleTLSCertFile specifies the path to the public key file for the
-	// Hubble server. The file must contain PEM encoded data.
-	HubbleTLSCertFile = "hubble-tls-cert-file"
-
-	// HubbleTLSKeyFile specifies the path to the private key file for the
-	// Hubble server. The file must contain PEM encoded data.
-	HubbleTLSKeyFile = "hubble-tls-key-file"
-
-	// HubbleTLSClientCAFiles specifies the path to one or more client CA
-	// certificates to use for TLS with mutual authentication (mTLS). The files
-	// must contain PEM encoded data.
-	HubbleTLSClientCAFiles = "hubble-tls-client-ca-files"
-
-	// HubbleEventBufferCapacity specifies the capacity of Hubble events buffer.
-	HubbleEventBufferCapacity = "hubble-event-buffer-capacity"
-
-	// HubbleEventQueueSize specifies the buffer size of the channel to receive monitor events.
-	HubbleEventQueueSize = "hubble-event-queue-size"
-
-	// HubbleMetricsServer specifies the addresses to serve Hubble metrics on.
-	HubbleMetricsServer = "hubble-metrics-server"
-
-	// HubbleMetricsTLSEnabled allows the Hubble metrics server to run on the given listen
-	// address with TLS.
-	HubbleMetricsTLSEnabled = "hubble-metrics-server-enable-tls"
-
-	// HubbleMetricsServerTLSCertFile specifies the path to the public key file for the
-	// Hubble metrics server. The file must contain PEM encoded data.
-	HubbleMetricsTLSCertFile = "hubble-metrics-server-tls-cert-file"
-
-	// HubbleMetricsServerTLSKeyFile specifies the path to the private key file for the
-	// Hubble metrics server. The file must contain PEM encoded data.
-	HubbleMetricsTLSKeyFile = "hubble-metrics-server-tls-key-file"
-
-	// HubbleMetricsServerTLSClientCAFiles specifies the path to one or more client CA
-	// certificates to use for TLS with mutual authentication (mTLS) on the Hubble metrics server.
-	// The files must contain PEM encoded data.
-	HubbleMetricsTLSClientCAFiles = "hubble-metrics-server-tls-client-ca-files"
-
-	// HubbleMetrics specifies enabled metrics and their configuration options.
-	HubbleMetrics = "hubble-metrics"
-
-	// HubbleFlowlogsConfigFilePath specifies the filepath with configuration of hubble flowlogs.
-	// e.g. "/etc/cilium/flowlog.yaml"
-	HubbleFlowlogsConfigFilePath = "hubble-flowlogs-config-path"
-
-	// HubbleExportFilePath specifies the filepath to write Hubble events to.
-	// e.g. "/var/run/cilium/hubble/events.log"
-	HubbleExportFilePath = "hubble-export-file-path"
-
-	// HubbleExportFileMaxSizeMB specifies the file size in MB at which to rotate
-	// the Hubble export file.
-	HubbleExportFileMaxSizeMB = "hubble-export-file-max-size-mb"
-
-	// HubbleExportFileMaxBacks specifies the number of rotated files to keep.
-	HubbleExportFileMaxBackups = "hubble-export-file-max-backups"
-
-	// HubbleExportFileCompress specifies whether rotated files are compressed.
-	HubbleExportFileCompress = "hubble-export-file-compress"
-
-	// HubbleExportAllowlist specifies allow list filter use by exporter.
-	HubbleExportAllowlist = "hubble-export-allowlist"
-
-	// HubbleExportDenylist specifies deny list filter use by exporter.
-	HubbleExportDenylist = "hubble-export-denylist"
-
-	// HubbleExportFieldmask specifies list of fields to log in exporter.
-	HubbleExportFieldmask = "hubble-export-fieldmask"
-
-	// EnableHubbleRecorderAPI specifies if the Hubble Recorder API should be served
-	EnableHubbleRecorderAPI = "enable-hubble-recorder-api"
-
-	// EnableHubbleOpenMetrics enables exporting hubble metrics in OpenMetrics format.
-	EnableHubbleOpenMetrics = "enable-hubble-open-metrics"
-
-	// HubbleRecorderStoragePath specifies the directory in which pcap files
-	// created via the Hubble Recorder API are stored
-	HubbleRecorderStoragePath = "hubble-recorder-storage-path"
-
-	// HubbleRecorderSinkQueueSize is the queue size for each recorder sink
-	HubbleRecorderSinkQueueSize = "hubble-recorder-sink-queue-size"
-
-	// HubbleSkipUnknownCGroupIDs specifies if events with unknown cgroup ids should be skipped
-	HubbleSkipUnknownCGroupIDs = "hubble-skip-unknown-cgroup-ids"
-
-	// HubbleMonitorEvents specifies Cilium monitor events for Hubble to observe.
-	// By default, Hubble observes all monitor events.
-	HubbleMonitorEvents = "hubble-monitor-events"
-
-	// HubbleRedactEnabled controls if sensitive information will be redacted from L7 flows
-	HubbleRedactEnabled = "hubble-redact-enabled"
-
-	// HubbleRedactHttpURLQuery controls if the URL query will be redacted from flows
-	HubbleRedactHttpURLQuery = "hubble-redact-http-urlquery"
-
-	// HubbleRedactHttpUserInfo controls if the user info will be redacted from flows
-	HubbleRedactHttpUserInfo = "hubble-redact-http-userinfo"
-
-	// HubbleRedactKafkaApiKey controls if the Kafka API key will be redacted from flows
-	HubbleRedactKafkaApiKey = "hubble-redact-kafka-apikey"
-
-	// HubbleRedactHttpHeadersAllow controls which http headers will not be redacted from flows
-	HubbleRedactHttpHeadersAllow = "hubble-redact-http-headers-allow"
-
-	// HubbleRedactHttpHeadersDeny controls which http headers will be redacted from flows
-	HubbleRedactHttpHeadersDeny = "hubble-redact-http-headers-deny"
-
-	// HubbleDropEvents controls whether Hubble should create v1.Events
-	// for packet drops related to pods
-	HubbleDropEvents = "hubble-drop-events"
-
-	// HubbleDropEventsInterval controls the minimum time between emitting events
-	// with the same source and destination IP
-	HubbleDropEventsInterval = "hubble-drop-events-interval"
-
-	// HubbleDropEventsReasons controls which drop reasons to emit events for
-	HubbleDropEventsReasons = "hubble-drop-events-reasons"
-
 	// K8sClientConnectionTimeout configures the timeout for K8s client connections.
 	K8sClientConnectionTimeout = "k8s-client-connection-timeout"
 
@@ -1139,6 +1001,9 @@ const (
 	// LBAffinityMapMaxEntries configures max entries of bpf map for session affinity.
 	LBAffinityMapMaxEntries = "bpf-lb-affinity-map-max"
 
+	// LBSourceRangeAllTypes configures service source ranges for all service types.
+	LBSourceRangeAllTypes = "bpf-lb-source-range-all-types"
+
 	// LBSourceRangeMapMaxEntries configures max entries of bpf map for service source ranges.
 	LBSourceRangeMapMaxEntries = "bpf-lb-source-range-map-max"
 
@@ -1237,6 +1102,13 @@ const (
 	// EnableK8sNetworkPolicy enables support for K8s NetworkPolicy.
 	EnableK8sNetworkPolicy = "enable-k8s-networkpolicy"
 
+	// EnableCiliumNetworkPolicy enables support for Cilium Network Policy.
+	EnableCiliumNetworkPolicy = "enable-cilium-network-policy"
+
+	// EnableCiliumClusterwideNetworkPolicy enables support for Cilium Clusterwide
+	// Network Policy.
+	EnableCiliumClusterwideNetworkPolicy = "enable-cilium-clusterwide-network-policy"
+
 	// PolicyCIDRMatchMode defines the entities that CIDR selectors can reach
 	PolicyCIDRMatchMode = "policy-cidr-match-mode"
 
@@ -1256,8 +1128,8 @@ const (
 	// BPFEventsTraceEnabled defines the TraceNotification setting for any endpoint
 	BPFEventsTraceEnabled = "bpf-events-trace-enabled"
 
-	// BPFConntrackAccountingEnabled controls whether CT accounting for packets and bytes is enabled
-	BPFConntrackAccountingEnabled = "bpf-conntrack-accounting-enabled"
+	// BPFConntrackAccounting controls whether CT accounting for packets and bytes is enabled
+	BPFConntrackAccounting = "bpf-conntrack-accounting"
 
 	// EnableInternalTrafficPolicy enables handling routing for services with internalTrafficPolicy configured
 	EnableInternalTrafficPolicy = "enable-internal-traffic-policy"
@@ -1314,6 +1186,9 @@ const (
 
 	// EnableExternalWorkloads enables the support for external workloads.
 	EnableExternalWorkloads = "enable-external-workloads"
+
+	// EnableSourceIPVerification enables the source ip verification, defaults to true
+	EnableSourceIPVerification = "enable-source-ip-verification"
 )
 
 const (
@@ -1696,9 +1571,6 @@ type DaemonConfig struct {
 	// or direct routing is used and the node CIDR and pod CIDR overlap.
 	EncryptionStrictModeAllowRemoteNodeIdentities bool
 
-	// EnableWireguardUserspaceFallback enables the fallback to the userspace implementation
-	EnableWireguardUserspaceFallback bool
-
 	// WireguardPersistentKeepalive controls Wireguard PersistentKeepalive option.
 	WireguardPersistentKeepalive time.Duration
 
@@ -2147,141 +2019,6 @@ type DaemonConfig struct {
 	// PolicyAccounting enable policy accounting
 	PolicyAccounting bool
 
-	// EnableHubble specifies whether to enable the hubble server.
-	EnableHubble bool
-
-	// HubbleSocketPath specifies the UNIX domain socket for Hubble server to listen to.
-	HubbleSocketPath string
-
-	// HubbleListenAddress specifies address for Hubble to listen to.
-	HubbleListenAddress string
-
-	// HubblePreferIpv6 controls whether IPv6 or IPv4 addresses should be preferred for
-	// communication to agents, if both are available.
-	HubblePreferIpv6 bool
-
-	// HubbleTLSDisabled allows the Hubble server to run on the given listen
-	// address without TLS.
-	HubbleTLSDisabled bool
-
-	// HubbleTLSCertFile specifies the path to the public key file for the
-	// Hubble server. The file must contain PEM encoded data.
-	HubbleTLSCertFile string
-
-	// HubbleTLSKeyFile specifies the path to the private key file for the
-	// Hubble server. The file must contain PEM encoded data.
-	HubbleTLSKeyFile string
-
-	// HubbleTLSClientCAFiles specifies the path to one or more client CA
-	// certificates to use for TLS with mutual authentication (mTLS). The files
-	// must contain PEM encoded data.
-	HubbleTLSClientCAFiles []string
-
-	// HubbleEventBufferCapacity specifies the capacity of Hubble events buffer.
-	HubbleEventBufferCapacity int
-
-	// HubbleEventQueueSize specifies the buffer size of the channel to receive monitor events.
-	HubbleEventQueueSize int
-
-	// HubbleMetricsServer specifies the addresses to serve Hubble metrics on.
-	HubbleMetricsServer string
-
-	// HubbleMetricsServerTLSEnabled allows the Hubble metrics server to run on the given listen
-	// address with TLS.
-	HubbleMetricsServerTLSEnabled bool
-
-	// HubbleMetricsServerTLSCertFile specifies the path to the public key file for the
-	// Hubble server. The file must contain PEM encoded data.
-	HubbleMetricsServerTLSCertFile string
-
-	// HubbleMetricsServerTLSKeyFile specifies the path to the private key file for the
-	// Hubble server. The file must contain PEM encoded data.
-	HubbleMetricsServerTLSKeyFile string
-
-	// HubbleMetricsServerTLSClientCAFiles specifies the path to one or more client CA
-	// certificates to use for TLS with mutual authentication (mTLS). The files
-	// must contain PEM encoded data.
-	HubbleMetricsServerTLSClientCAFiles []string
-
-	// HubbleMetrics specifies enabled metrics and their configuration options.
-	HubbleMetrics []string
-
-	// HubbleFlowlogsConfigFilePath specifies the filepath with configuration of hubble flowlogs.
-	// e.g. "/etc/cilium/flowlog.yaml"
-	HubbleFlowlogsConfigFilePath string
-
-	// HubbleExportFilePath specifies the filepath to write Hubble events to.
-	// e.g. "/var/run/cilium/hubble/events.log"
-	HubbleExportFilePath string
-
-	// HubbleExportFileMaxSizeMB specifies the file size in MB at which to rotate
-	// the Hubble export file.
-	HubbleExportFileMaxSizeMB int
-
-	// HubbleExportFileMaxBacks specifies the number of rotated files to keep.
-	HubbleExportFileMaxBackups int
-
-	// HubbleExportFileCompress specifies whether rotated files are compressed.
-	HubbleExportFileCompress bool
-
-	// HubbleExportAllowlist specifies allow list filter use by exporter.
-	HubbleExportAllowlist []*flowpb.FlowFilter
-
-	// HubbleExportDenylist specifies deny list filter use by exporter.
-	HubbleExportDenylist []*flowpb.FlowFilter
-
-	// HubbleExportFieldmask specifies list of fields to log in exporter.
-	HubbleExportFieldmask []string
-
-	// EnableHubbleRecorderAPI specifies if the Hubble Recorder API should be served
-	EnableHubbleRecorderAPI bool
-
-	// EnableHubbleOpenMetrics enables exporting hubble metrics in OpenMetrics format.
-	EnableHubbleOpenMetrics bool
-
-	// HubbleRecorderStoragePath specifies the directory in which pcap files
-	// created via the Hubble Recorder API are stored
-	HubbleRecorderStoragePath string
-
-	// HubbleRecorderSinkQueueSize is the queue size for each recorder sink
-	HubbleRecorderSinkQueueSize int
-
-	// HubbleSkipUnknownCGroupIDs specifies if events with unknown cgroup ids should be skipped
-	HubbleSkipUnknownCGroupIDs bool
-
-	// HubbleMonitorEvents specifies Cilium monitor events for Hubble to observe.
-	// By default, Hubble observes all monitor events.
-	HubbleMonitorEvents []string
-
-	// HubbleRedactEnabled controls if Hubble will be redacting sensitive information from L7 flows
-	HubbleRedactEnabled bool
-
-	// HubbleRedactURLQuery controls if the URL query will be redacted from flows
-	HubbleRedactHttpURLQuery bool
-
-	// HubbleRedactUserInfo controls if the user info will be redacted from flows
-	HubbleRedactHttpUserInfo bool
-
-	// HubbleRedactKafkaApiKey controls if Kafka API key will be redacted from flows
-	HubbleRedactKafkaApiKey bool
-
-	// HubbleRedactHttpHeadersAllow controls which http headers will not be redacted from flows
-	HubbleRedactHttpHeadersAllow []string
-
-	// HubbleRedactHttpHeadersDeny controls which http headers will be redacted from flows
-	HubbleRedactHttpHeadersDeny []string
-
-	// HubbleDropEvents controls whether Hubble should create v1.Events
-	// for packet drops related to pods
-	HubbleDropEvents bool
-
-	// HubbleDropEventsInterval controls the minimum time between emitting events
-	// with the same source and destination IP
-	HubbleDropEventsInterval time.Duration
-
-	// HubbleDropEventsReasons controls which drop reasons to emit events for
-	HubbleDropEventsReasons []string
-
 	// EnableIPv4FragmentsTracking enables IPv4 fragments tracking for
 	// L4-based lookups. Needs LRU map support.
 	EnableIPv4FragmentsTracking bool
@@ -2328,6 +2065,10 @@ type DaemonConfig struct {
 	// LBAffinityMapEntries is the maximum number of entries allowed in BPF lbmap for session affinities.
 	LBAffinityMapEntries int
 
+	// LBSourceRangeAllTypes enables propagation of loadbalancerSourceRanges to all Kubernetes
+	// service types which were created from the LoadBalancer service.
+	LBSourceRangeAllTypes bool
+
 	// LBSourceRangeMapEntries is the maximum number of entries allowed in BPF lbmap for source ranges.
 	LBSourceRangeMapEntries int
 
@@ -2443,8 +2184,8 @@ type DaemonConfig struct {
 	// BPFEventsTraceEnabled  controls whether the Cilium datapath exposes "trace" events to Cilium monitor and Hubble.
 	BPFEventsTraceEnabled bool
 
-	// BPFConntrackAccountingEnabled controls whether CT accounting for packets and bytes is enabled.
-	BPFConntrackAccountingEnabled bool
+	// BPFConntrackAccounting controls whether CT accounting for packets and bytes is enabled.
+	BPFConntrackAccounting bool
 
 	// IPAMCiliumNodeUpdateRate is the maximum rate at which the CiliumNode custom
 	// resource is updated.
@@ -2453,6 +2194,13 @@ type DaemonConfig struct {
 	// EnableK8sNetworkPolicy enables support for K8s NetworkPolicy.
 	EnableK8sNetworkPolicy bool
 
+	// EnableCiliumNetworkPolicy enables support for Cilium Network Policy.
+	EnableCiliumNetworkPolicy bool
+
+	// EnableCiliumClusterwideNetworkPolicy enables support for Cilium Clusterwide
+	// Network Policy.
+	EnableCiliumClusterwideNetworkPolicy bool
+
 	// PolicyCIDRMatchMode is the list of entities that can be selected by CIDR policy.
 	// Currently supported values:
 	// - world
@@ -2488,6 +2236,9 @@ type DaemonConfig struct {
 
 	// EnableNonDefaultDenyPolicies allows policies to define whether they are operating in default-deny mode
 	EnableNonDefaultDenyPolicies bool
+
+	// EnableSourceIPVerification enables the source ip validation of connection from endpoints to endpoints
+	EnableSourceIPVerification bool
 }
 
 var (
@@ -2531,21 +2282,25 @@ var (
 
 		K8sEnableLeasesFallbackDiscovery: defaults.K8sEnableLeasesFallbackDiscovery,
 
-		ExternalClusterIP:      defaults.ExternalClusterIP,
-		EnableVTEP:             defaults.EnableVTEP,
-		EnableBGPControlPlane:  defaults.EnableBGPControlPlane,
-		EnableK8sNetworkPolicy: defaults.EnableK8sNetworkPolicy,
-		PolicyCIDRMatchMode:    defaults.PolicyCIDRMatchMode,
-		MaxConnectedClusters:   defaults.MaxConnectedClusters,
+		ExternalClusterIP:                    defaults.ExternalClusterIP,
+		EnableVTEP:                           defaults.EnableVTEP,
+		EnableBGPControlPlane:                defaults.EnableBGPControlPlane,
+		EnableK8sNetworkPolicy:               defaults.EnableK8sNetworkPolicy,
+		EnableCiliumNetworkPolicy:            defaults.EnableCiliumNetworkPolicy,
+		EnableCiliumClusterwideNetworkPolicy: defaults.EnableCiliumClusterwideNetworkPolicy,
+		PolicyCIDRMatchMode:                  defaults.PolicyCIDRMatchMode,
+		MaxConnectedClusters:                 defaults.MaxConnectedClusters,
 
 		BPFEventsDropEnabled:          defaults.BPFEventsDropEnabled,
 		BPFEventsPolicyVerdictEnabled: defaults.BPFEventsPolicyVerdictEnabled,
 		BPFEventsTraceEnabled:         defaults.BPFEventsTraceEnabled,
-		BPFConntrackAccountingEnabled: defaults.BPFConntrackAccountingEnabled,
+		BPFConntrackAccounting:        defaults.BPFConntrackAccounting,
 		EnableEnvoyConfig:             defaults.EnableEnvoyConfig,
 		EnableInternalTrafficPolicy:   defaults.EnableInternalTrafficPolicy,
 
 		EnableNonDefaultDenyPolicies: defaults.EnableNonDefaultDenyPolicies,
+
+		EnableSourceIPVerification: defaults.EnableSourceIPVerification,
 	}
 )
 
@@ -2669,6 +2424,11 @@ func (c *DaemonConfig) IPv6Enabled() bool {
 	return c.EnableIPv6
 }
 
+// LBProtoDiffEnabled returns true if LoadBalancerProtocolDifferentiation is enabled
+func (c *DaemonConfig) LBProtoDiffEnabled() bool {
+	return c.LoadBalancerProtocolDifferentiation
+}
+
 // IPv6NDPEnabled returns true if IPv6 NDP support is enabled
 func (c *DaemonConfig) IPv6NDPEnabled() bool {
 	return c.EnableIPv6NDP
@@ -2798,13 +2558,6 @@ func (c *DaemonConfig) validateIPv6NAT46x64CIDR() error {
 	return nil
 }
 
-func (c *DaemonConfig) validateHubbleRedact() error {
-	if len(c.HubbleRedactHttpHeadersAllow) > 0 && len(c.HubbleRedactHttpHeadersDeny) > 0 {
-		return fmt.Errorf("Only one of --hubble-redact-http-headers-allow and --hubble-redact-http-headers-deny can be specified, not both")
-	}
-	return nil
-}
-
 func (c *DaemonConfig) validateContainerIPLocalReservedPorts() error {
 	if c.ContainerIPLocalReservedPorts == "" || c.ContainerIPLocalReservedPorts == defaults.ContainerIPLocalReservedPortsAuto {
 		return nil
@@ -2829,10 +2582,6 @@ func (c *DaemonConfig) Validate(vp *viper.Viper) error {
 			c.IPv6NAT46x64CIDR, err)
 	}
 
-	if err := c.validateHubbleRedact(); err != nil {
-		return err
-	}
-
 	if c.MTU < 0 {
 		return fmt.Errorf("MTU '%d' cannot be negative", c.MTU)
 	}
@@ -2869,7 +2618,7 @@ func (c *DaemonConfig) Validate(vp *viper.Viper) error {
 	if err := cinfo.InitClusterIDMax(); err != nil {
 		return err
 	}
-	if err := cinfo.Validate(log); err != nil {
+	if err := cinfo.Validate(); err != nil {
 		return err
 	}
 
@@ -3002,7 +2751,30 @@ func (c *DaemonConfig) parseExcludedLocalAddresses(s []string) error {
 	return nil
 }
 
-// Populate sets all options with the values from viper
+// SetupLogging sets all logging-related options with the values from viper,
+// then setup logging based on these options and the given tag.
+//
+// This allows initializing logging as early as possible, then log entries
+// produced below in Populate can honor the requested logging configurations.
+func (c *DaemonConfig) SetupLogging(vp *viper.Viper, tag string) {
+	c.Debug = vp.GetBool(DebugArg)
+	c.LogDriver = vp.GetStringSlice(LogDriver)
+
+	if m, err := command.GetStringMapStringE(vp, LogOpt); err != nil {
+		log.Fatalf("unable to parse %s: %s", LogOpt, err)
+	} else {
+		c.LogOpt = m
+	}
+
+	if err := logging.SetupLogging(c.LogDriver, logging.LogOptions(c.LogOpt), tag, c.Debug); err != nil {
+		log.Fatal(err)
+	}
+}
+
+// Populate sets all non-logging options with the values from viper.
+//
+// This function may emit logs. Consider calling SetupLogging before this
+// to make sure that they honor logging-related options.
 func (c *DaemonConfig) Populate(vp *viper.Viper) {
 	var err error
 
@@ -3022,7 +2794,6 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
 	c.ClusterName = vp.GetString(clustermeshTypes.OptClusterName)
 	c.MaxConnectedClusters = vp.GetUint32(clustermeshTypes.OptMaxConnectedClusters)
 	c.DatapathMode = vp.GetString(DatapathMode)
-	c.Debug = vp.GetBool(DebugArg)
 	c.DebugVerbose = vp.GetStringSlice(DebugVerbose)
 	c.EnableIPv4 = vp.GetBool(EnableIPv4Name)
 	c.EnableIPv6 = vp.GetBool(EnableIPv6Name)
@@ -3037,7 +2808,6 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
 	c.L2AnnouncerLeaseDuration = vp.GetDuration(L2AnnouncerLeaseDuration)
 	c.L2AnnouncerRenewDeadline = vp.GetDuration(L2AnnouncerRenewDeadline)
 	c.L2AnnouncerRetryPeriod = vp.GetDuration(L2AnnouncerRetryPeriod)
-	c.EnableWireguardUserspaceFallback = vp.GetBool(EnableWireguardUserspaceFallback)
 	c.WireguardPersistentKeepalive = vp.GetDuration(WireguardPersistentKeepalive)
 	c.EnableWellKnownIdentities = vp.GetBool(EnableWellKnownIdentities)
 	c.EnableXDPPrefilter = vp.GetBool(EnableXDPPrefilter)
@@ -3110,7 +2880,6 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
 	c.LabelPrefixFile = vp.GetString(LabelPrefixFile)
 	c.Labels = vp.GetStringSlice(Labels)
 	c.LibDir = vp.GetString(LibDir)
-	c.LogDriver = vp.GetStringSlice(LogDriver)
 	c.LogSystemLoadConfig = vp.GetBool(LogSystemLoadConfigName)
 	c.LoopbackIPv4 = vp.GetString(LoopbackIPv4)
 	c.LocalRouterIPv4 = vp.GetString(LocalRouterIPv4)
@@ -3173,8 +2942,9 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
 	c.BPFEventsDropEnabled = vp.GetBool(BPFEventsDropEnabled)
 	c.BPFEventsPolicyVerdictEnabled = vp.GetBool(BPFEventsPolicyVerdictEnabled)
 	c.BPFEventsTraceEnabled = vp.GetBool(BPFEventsTraceEnabled)
-	c.BPFConntrackAccountingEnabled = vp.GetBool(BPFConntrackAccountingEnabled)
+	c.BPFConntrackAccounting = vp.GetBool(BPFConntrackAccounting)
 	c.EnableIPSecEncryptedOverlay = vp.GetBool(EnableIPSecEncryptedOverlay)
+	c.LBSourceRangeAllTypes = vp.GetBool(LBSourceRangeAllTypes)
 
 	c.ServiceNoBackendResponse = vp.GetString(ServiceNoBackendResponse)
 	switch c.ServiceNoBackendResponse {
@@ -3397,12 +3167,6 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
 		c.KVStoreOpt = m
 	}
 
-	if m, err := command.GetStringMapStringE(vp, LogOpt); err != nil {
-		log.Fatalf("unable to parse %s: %s", LogOpt, err)
-	} else {
-		c.LogOpt = m
-	}
-
 	bpfEventsDefaultRateLimit := vp.GetUint32(BPFEventsDefaultRateLimit)
 	bpfEventsDefaultBurstLimit := vp.GetUint32(BPFEventsDefaultBurstLimit)
 	switch {
@@ -3483,82 +3247,6 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
 	}
 	c.KubeProxyReplacementHealthzBindAddr = vp.GetString(KubeProxyReplacementHealthzBindAddr)
 
-	// Hubble options.
-	c.EnableHubble = vp.GetBool(EnableHubble)
-	c.EnableHubbleOpenMetrics = vp.GetBool(EnableHubbleOpenMetrics)
-	c.HubbleSocketPath = vp.GetString(HubbleSocketPath)
-	c.HubbleListenAddress = vp.GetString(HubbleListenAddress)
-	c.HubblePreferIpv6 = vp.GetBool(HubblePreferIpv6)
-	c.HubbleTLSDisabled = vp.GetBool(HubbleTLSDisabled)
-	c.HubbleTLSCertFile = vp.GetString(HubbleTLSCertFile)
-	c.HubbleTLSKeyFile = vp.GetString(HubbleTLSKeyFile)
-	c.HubbleTLSClientCAFiles = vp.GetStringSlice(HubbleTLSClientCAFiles)
-	c.HubbleEventBufferCapacity = vp.GetInt(HubbleEventBufferCapacity)
-	c.HubbleEventQueueSize = vp.GetInt(HubbleEventQueueSize)
-	if c.HubbleEventQueueSize == 0 {
-		c.HubbleEventQueueSize = getDefaultMonitorQueueSize(runtime.NumCPU())
-	}
-	c.HubbleMetricsServer = vp.GetString(HubbleMetricsServer)
-	c.HubbleMetricsServerTLSEnabled = vp.GetBool(HubbleMetricsTLSEnabled)
-	c.HubbleMetricsServerTLSCertFile = vp.GetString(HubbleMetricsTLSCertFile)
-	c.HubbleMetricsServerTLSKeyFile = vp.GetString(HubbleMetricsTLSKeyFile)
-	c.HubbleMetricsServerTLSClientCAFiles = vp.GetStringSlice(HubbleMetricsTLSClientCAFiles)
-	c.HubbleMetrics = vp.GetStringSlice(HubbleMetrics)
-
-	c.HubbleExportFilePath = vp.GetString(HubbleExportFilePath)
-	c.HubbleExportFileMaxSizeMB = vp.GetInt(HubbleExportFileMaxSizeMB)
-	c.HubbleExportFileMaxBackups = vp.GetInt(HubbleExportFileMaxBackups)
-	c.HubbleExportFileCompress = vp.GetBool(HubbleExportFileCompress)
-
-	for _, enc := range vp.GetStringSlice(HubbleExportAllowlist) {
-		dec := json.NewDecoder(strings.NewReader(enc))
-		var result flowpb.FlowFilter
-		if err := dec.Decode(&result); err != nil {
-			if errors.Is(err, io.EOF) {
-				break
-			}
-			log.Fatalf("failed to decode hubble-export-allowlist '%v': %s", enc, err)
-		}
-		c.HubbleExportAllowlist = append(c.HubbleExportAllowlist, &result)
-	}
-
-	for _, enc := range vp.GetStringSlice(HubbleExportDenylist) {
-		dec := json.NewDecoder(strings.NewReader(enc))
-		var result flowpb.FlowFilter
-		if err := dec.Decode(&result); err != nil {
-			if errors.Is(err, io.EOF) {
-				break
-			}
-			log.Fatalf("failed to decode hubble-export-denylist '%v': %s", enc, err)
-		}
-		c.HubbleExportDenylist = append(c.HubbleExportDenylist, &result)
-	}
-
-	if fm := vp.GetStringSlice(HubbleExportFieldmask); len(fm) > 0 {
-		_, err := fieldmaskpb.New(&flowpb.Flow{}, fm...)
-		if err != nil {
-			log.Fatalf("hubble-export-fieldmask contains invalid fieldmask '%v': %s", fm, err)
-		}
-		c.HubbleExportFieldmask = vp.GetStringSlice(HubbleExportFieldmask)
-	}
-
-	c.HubbleFlowlogsConfigFilePath = vp.GetString(HubbleFlowlogsConfigFilePath)
-
-	c.EnableHubbleRecorderAPI = vp.GetBool(EnableHubbleRecorderAPI)
-	c.HubbleRecorderStoragePath = vp.GetString(HubbleRecorderStoragePath)
-	c.HubbleRecorderSinkQueueSize = vp.GetInt(HubbleRecorderSinkQueueSize)
-	c.HubbleSkipUnknownCGroupIDs = vp.GetBool(HubbleSkipUnknownCGroupIDs)
-	c.HubbleMonitorEvents = vp.GetStringSlice(HubbleMonitorEvents)
-	c.HubbleRedactEnabled = vp.GetBool(HubbleRedactEnabled)
-	c.HubbleRedactHttpURLQuery = vp.GetBool(HubbleRedactHttpURLQuery)
-	c.HubbleRedactHttpUserInfo = vp.GetBool(HubbleRedactHttpUserInfo)
-	c.HubbleRedactKafkaApiKey = vp.GetBool(HubbleRedactKafkaApiKey)
-	c.HubbleRedactHttpHeadersAllow = vp.GetStringSlice(HubbleRedactHttpHeadersAllow)
-	c.HubbleRedactHttpHeadersDeny = vp.GetStringSlice(HubbleRedactHttpHeadersDeny)
-	c.HubbleDropEvents = vp.GetBool(HubbleDropEvents)
-	c.HubbleDropEventsInterval = vp.GetDuration(HubbleDropEventsInterval)
-	c.HubbleDropEventsReasons = vp.GetStringSlice(HubbleDropEventsReasons)
-
 	// Hidden options
 	c.CompilerFlags = vp.GetStringSlice(CompilerFlags)
 	c.ConfigFile = vp.GetString(ConfigFile)
@@ -3585,6 +3273,9 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
 	c.EnableNodeSelectorLabels = vp.GetBool(EnableNodeSelectorLabels)
 	c.NodeLabels = vp.GetStringSlice(NodeLabels)
 
+	c.EnableCiliumNetworkPolicy = vp.GetBool(EnableCiliumNetworkPolicy)
+	c.EnableCiliumClusterwideNetworkPolicy = vp.GetBool(EnableCiliumClusterwideNetworkPolicy)
+
 	// Parse node label patterns
 	nodeLabelPatterns := vp.GetStringSlice(ExcludeNodeLabelPatterns)
 	for _, pattern := range nodeLabelPatterns {
@@ -3603,6 +3294,8 @@ func (c *DaemonConfig) Populate(vp *viper.Viper) {
 	c.LoadBalancerProtocolDifferentiation = vp.GetBool(LoadBalancerProtocolDifferentiation)
 
 	c.EnableInternalTrafficPolicy = vp.GetBool(EnableInternalTrafficPolicy)
+
+	c.EnableSourceIPVerification = vp.GetBool(EnableSourceIPVerification)
 }
 
 func (c *DaemonConfig) populateLoadBalancerSettings(vp *viper.Viper) {
@@ -4327,14 +4020,6 @@ func InitConfig(cmd *cobra.Command, programName, configName string, vp *viper.Vi
 	}
 }
 
-func getDefaultMonitorQueueSize(numCPU int) int {
-	monitorQueueSize := numCPU * defaults.MonitorQueueSizePerCPU
-	if monitorQueueSize > defaults.MonitorQueueSizePerCPUMaximum {
-		monitorQueueSize = defaults.MonitorQueueSizePerCPUMaximum
-	}
-	return monitorQueueSize
-}
-
 // BPFEventBufferConfig contains parsed configuration for a bpf map event buffer.
 type BPFEventBufferConfig struct {
 	Enabled bool
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/cidr.go b/vendor/github.com/cilium/cilium/pkg/policy/api/cidr.go
index 68e900aaea..f377c41c5a 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/api/cidr.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/api/cidr.go
@@ -4,11 +4,10 @@
 package api
 
 import (
-	"net"
 	"net/netip"
 	"strings"
 
-	"github.com/cilium/cilium/pkg/ip"
+	slim_metav1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/meta/v1"
 	"github.com/cilium/cilium/pkg/labels"
 	"github.com/cilium/cilium/pkg/option"
 )
@@ -22,6 +21,10 @@ type CIDR string
 var (
 	ipv4All = CIDR("0.0.0.0/0")
 	ipv6All = CIDR("::/0")
+
+	worldLabelNonDualStack = labels.Label{Source: labels.LabelSourceReserved, Key: labels.IDNameWorld}
+	worldLabelV4           = labels.Label{Source: labels.LabelSourceReserved, Key: labels.IDNameWorldIPv4}
+	worldLabelV6           = labels.Label{Source: labels.LabelSourceReserved, Key: labels.IDNameWorldIPv6}
 )
 
 // CIDRRule is a rule that specifies a CIDR prefix to/from which outside
@@ -136,52 +139,76 @@ type CIDRRuleSlice []CIDRRule
 
 // GetAsEndpointSelectors returns the provided CIDRRule slice as a slice of
 // endpoint selectors
+//
+// The ExceptCIDRs block is inserted as a negative match. Specifically, the
+// DoesNotExist qualifier. For example, the CIDRRule
+//
+//	cidr: 1.1.1.0/24
+//	exceptCIDRs: ["1.1.1.1/32"]
+//
+// results in the selector equivalent to "cidr:1.1.1.0/24 !cidr:1.1.1.1/32".
+//
+// This works because the label selectors will select numeric identities belonging only
+// to the shorter prefixes. However, longer prefixes will have a different numeric
+// identity, as the bpf ipcache is an LPM lookup. This essentially acts as a
+// "carve-out", using the LPM mechanism to exlude subsets of a larger prefix.
 func (s CIDRRuleSlice) GetAsEndpointSelectors() EndpointSelectorSlice {
-	cidrs := ComputeResultantCIDRSet(s)
-	ces := cidrs.GetAsEndpointSelectors()
+	ces := make(EndpointSelectorSlice, 0, len(s))
 
-	// expand cidrgroup selectors
 	for _, r := range s {
-		if r.CIDRGroupRef != "" {
-			ces = append(ces, NewESFromLabels(LabelForCIDRGroupRef(string(r.CIDRGroupRef))))
+		ls := slim_metav1.LabelSelector{
+			MatchExpressions: make([]slim_metav1.LabelSelectorRequirement, 0, 1+len(r.ExceptCIDRs)),
 		}
-	}
-
-	return ces
-}
-
-// StringSlice returns the CIDRRuleSlice as a slice of strings.
-func (s CIDRRuleSlice) StringSlice() []string {
-	result := make([]string, 0, len(s))
-	for _, c := range s {
-		result = append(result, c.String())
-	}
-	return result
-}
 
-// ComputeResultantCIDRSet converts a slice of CIDRRules into a slice of
-// individual CIDRs. This expands the cidr defined by each CIDRRule, applies
-// the CIDR exceptions defined in "ExceptCIDRs", and forms a minimal set of
-// CIDRs that cover all of the CIDRRules.
-//
-// Assumes no error checking is necessary as CIDRRule.Sanitize already does this.
-func ComputeResultantCIDRSet(cidrs CIDRRuleSlice) CIDRSlice {
-	var allResultantAllowedCIDRs CIDRSlice
-	for _, s := range cidrs {
-		_, allowNet, _ := net.ParseCIDR(string(s.Cidr))
-
-		var removeSubnets []*net.IPNet
-		for _, t := range s.ExceptCIDRs {
-			_, removeSubnet, _ := net.ParseCIDR(string(t))
-			removeSubnets = append(removeSubnets, removeSubnet)
+		// add the "main" label:
+		// either a CIDR or CIDRGroupRef
+		if r.Cidr != "" {
+			var lbl labels.Label
+			switch r.Cidr {
+			case ipv4All:
+				if option.Config.IsDualStack() {
+					lbl = worldLabelV4
+				} else {
+					lbl = worldLabelNonDualStack
+				}
+			case ipv6All:
+				if option.Config.IsDualStack() {
+					lbl = worldLabelV6
+				} else {
+					lbl = worldLabelNonDualStack
+				}
+			default:
+				lbl, _ = labels.IPStringToLabel(string(r.Cidr))
+			}
+			ls.MatchExpressions = append(ls.MatchExpressions, slim_metav1.LabelSelectorRequirement{
+				Key:      lbl.GetExtendedKey(),
+				Operator: slim_metav1.LabelSelectorOpExists,
+			})
+		} else if r.CIDRGroupRef != "" {
+			lbl := LabelForCIDRGroupRef(string(r.CIDRGroupRef))
+			ls.MatchExpressions = append(ls.MatchExpressions, slim_metav1.LabelSelectorRequirement{
+				Key:      lbl.GetExtendedKey(),
+				Operator: slim_metav1.LabelSelectorOpExists,
+			})
+		} else {
+			// should never be hit, but paranoia
+			continue
 		}
-		resultantAllowedCIDRs := ip.RemoveCIDRs([]*net.IPNet{allowNet}, removeSubnets)
 
-		for _, u := range resultantAllowedCIDRs {
-			allResultantAllowedCIDRs = append(allResultantAllowedCIDRs, CIDR(u.String()))
+		// exclude any excepted CIDRs.
+		// Do so by inserting a "DoesNotExist" requirement for the given prefix key
+		for _, exceptCIDR := range r.ExceptCIDRs {
+			lbl, _ := labels.IPStringToLabel(string(exceptCIDR))
+			ls.MatchExpressions = append(ls.MatchExpressions, slim_metav1.LabelSelectorRequirement{
+				Key:      lbl.GetExtendedKey(),
+				Operator: slim_metav1.LabelSelectorOpDoesNotExist,
+			})
 		}
+
+		ces = append(ces, NewESFromK8sLabelSelector("", &ls))
 	}
-	return allResultantAllowedCIDRs
+
+	return ces
 }
 
 // addrsToCIDRRules generates CIDRRules for the IPs passed in.
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/rule_validation.go b/vendor/github.com/cilium/cilium/pkg/policy/api/rule_validation.go
index 9c78f93faa..86cb890b20 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/api/rule_validation.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/api/rule_validation.go
@@ -28,6 +28,9 @@ var (
 // Sanitize validates and sanitizes a policy rule. Minor edits such as
 // capitalization of the protocol name are automatically fixed up. More
 // fundamental violations will cause an error to be returned.
+//
+// Note: this function is called from both the operator and the agent;
+// make sure any configuration flags are bound in **both** binaries.
 func (r *Rule) Sanitize() error {
 	if option.Config.EnableNonDefaultDenyPolicies {
 		// Fill in the default traffic posture of this Rule.
@@ -218,13 +221,30 @@ func countNonGeneratedCIDRRules(s CIDRRuleSlice) int {
 	return n
 }
 
+// countNonGeneratedEndpoints counts the number of EndpointSelector items which are not
+// `Generated`, i.e. were directly provided by the user.
+// The `Generated` field is currently only set by the `ToServices`
+// implementation, which extracts service endpoints and translates them as
+// ToEndpoints rules before the CNP is passed to the policy repository.
+// Therefore, we want to allow the combination of ToEndpoints and ToServices
+// rules, if (and only if) the ToEndpoints only contains `Generated` entries.
+func countNonGeneratedEndpoints(s []EndpointSelector) int {
+	n := 0
+	for _, c := range s {
+		if !c.Generated {
+			n++
+		}
+	}
+	return n
+}
+
 func (e *EgressRule) sanitize(hostPolicy bool) error {
 	var retErr error
 
 	l3Members := map[string]int{
 		"ToCIDR":      len(e.ToCIDR),
 		"ToCIDRSet":   countNonGeneratedCIDRRules(e.ToCIDRSet),
-		"ToEndpoints": len(e.ToEndpoints),
+		"ToEndpoints": countNonGeneratedEndpoints(e.ToEndpoints),
 		"ToEntities":  len(e.ToEntities),
 		"ToServices":  len(e.ToServices),
 		"ToFQDNs":     len(e.ToFQDNs),
@@ -236,7 +256,7 @@ func (e *EgressRule) sanitize(hostPolicy bool) error {
 		"ToCIDRSet":   true,
 		"ToEndpoints": true,
 		"ToEntities":  true,
-		"ToServices":  false, // see https://github.com/cilium/cilium/issues/20067
+		"ToServices":  true,
 		"ToFQDNs":     true,
 		"ToGroups":    true,
 		"ToNodes":     true,
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/selector.go b/vendor/github.com/cilium/cilium/pkg/policy/api/selector.go
index c23aa0d9c2..7dc6c987fb 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/api/selector.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/api/selector.go
@@ -34,6 +34,10 @@ type EndpointSelector struct {
 	// EndpointSelectors are created via `NewESFromMatchRequirements`. It is
 	// immutable after its creation.
 	cachedLabelSelectorString string `json:"-"`
+
+	// Generated indicates whether the rule was generated based on other rules
+	// or provided by user
+	Generated bool `json:"-"`
 }
 
 // LabelSelectorString returns a user-friendly string representation of
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/api/zz_generated.deepequal.go b/vendor/github.com/cilium/cilium/pkg/policy/api/zz_generated.deepequal.go
index ced0d973b7..557a0ba65a 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/api/zz_generated.deepequal.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/api/zz_generated.deepequal.go
@@ -414,6 +414,9 @@ func (in *EndpointSelector) DeepEqual(other *EndpointSelector) bool {
 	if in.cachedLabelSelectorString != other.cachedLabelSelectorString {
 		return false
 	}
+	if in.Generated != other.Generated {
+		return false
+	}
 
 	return true
 }
@@ -1377,6 +1380,9 @@ func (in *ServiceSelector) DeepEqual(other *ServiceSelector) bool {
 	if in.cachedLabelSelectorString != other.cachedLabelSelectorString {
 		return false
 	}
+	if in.Generated != other.Generated {
+		return false
+	}
 
 	return true
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/cidr.go b/vendor/github.com/cilium/cilium/pkg/policy/cidr.go
index 33f14a9cd9..e854e677a0 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/cidr.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/cidr.go
@@ -8,6 +8,8 @@ import (
 
 	"github.com/cilium/cilium/pkg/ip"
 	"github.com/cilium/cilium/pkg/policy/api"
+
+	"k8s.io/apimachinery/pkg/util/sets"
 )
 
 // getPrefixesFromCIDR fetches all CIDRs referred to by the specified slice
@@ -18,58 +20,75 @@ func getPrefixesFromCIDR(cidrs api.CIDRSlice) []netip.Prefix {
 }
 
 // GetPrefixesFromCIDRSet fetches all CIDRs referred to by the specified slice
-// and returns them as regular golang CIDR objects.
+// and returns them as regular golang CIDR objects. Includes CIDRs listed in
+// ExceptCIDRs fields.
 //
 // Assumes that validation already occurred on 'rules'.
 func GetPrefixesFromCIDRSet(rules api.CIDRRuleSlice) []netip.Prefix {
-	cidrs := api.ComputeResultantCIDRSet(rules)
-	return getPrefixesFromCIDR(cidrs)
+	out := make([]netip.Prefix, 0, len(rules))
+	for _, rule := range rules {
+		if rule.Cidr != "" {
+			pfx, err := netip.ParsePrefix(string(rule.Cidr))
+			if err == nil {
+				// must parse, was already validated.
+				out = append(out, pfx.Masked())
+			}
+		}
+		for _, except := range rule.ExceptCIDRs {
+			pfx, err := netip.ParsePrefix(string(except))
+			if err == nil {
+				out = append(out, pfx.Masked())
+			}
+		}
+	}
+
+	return out
 }
 
 // GetCIDRPrefixes runs through the specified 'rules' to find every reference
 // to a CIDR in the rules, and returns a slice containing all of these CIDRs.
-// Multiple rules referring to the same CIDR will result in multiple copies of
-// the CIDR in the returned slice.
+//
+// Includes prefixes referenced solely by "ExceptCIDRs" entries.
 //
 // Assumes that validation already occurred on 'rules'.
 func GetCIDRPrefixes(rules api.Rules) []netip.Prefix {
 	if len(rules) == 0 {
 		return nil
 	}
-	res := make([]netip.Prefix, 0, 32)
+	res := make(sets.Set[netip.Prefix], 32)
 	for _, r := range rules {
 		for _, ir := range r.Ingress {
 			if len(ir.FromCIDR) > 0 {
-				res = append(res, getPrefixesFromCIDR(ir.FromCIDR)...)
+				res.Insert(getPrefixesFromCIDR(ir.FromCIDR)...)
 			}
 			if len(ir.FromCIDRSet) > 0 {
-				res = append(res, GetPrefixesFromCIDRSet(ir.FromCIDRSet)...)
+				res.Insert(GetPrefixesFromCIDRSet(ir.FromCIDRSet)...)
 			}
 		}
 		for _, ir := range r.IngressDeny {
 			if len(ir.FromCIDR) > 0 {
-				res = append(res, getPrefixesFromCIDR(ir.FromCIDR)...)
+				res.Insert(getPrefixesFromCIDR(ir.FromCIDR)...)
 			}
 			if len(ir.FromCIDRSet) > 0 {
-				res = append(res, GetPrefixesFromCIDRSet(ir.FromCIDRSet)...)
+				res.Insert(GetPrefixesFromCIDRSet(ir.FromCIDRSet)...)
 			}
 		}
 		for _, er := range r.Egress {
 			if len(er.ToCIDR) > 0 {
-				res = append(res, getPrefixesFromCIDR(er.ToCIDR)...)
+				res.Insert(getPrefixesFromCIDR(er.ToCIDR)...)
 			}
 			if len(er.ToCIDRSet) > 0 {
-				res = append(res, GetPrefixesFromCIDRSet(er.ToCIDRSet)...)
+				res.Insert(GetPrefixesFromCIDRSet(er.ToCIDRSet)...)
 			}
 		}
 		for _, er := range r.EgressDeny {
 			if len(er.ToCIDR) > 0 {
-				res = append(res, getPrefixesFromCIDR(er.ToCIDR)...)
+				res.Insert(getPrefixesFromCIDR(er.ToCIDR)...)
 			}
 			if len(er.ToCIDRSet) > 0 {
-				res = append(res, GetPrefixesFromCIDRSet(er.ToCIDRSet)...)
+				res.Insert(GetPrefixesFromCIDRSet(er.ToCIDRSet)...)
 			}
 		}
 	}
-	return res
+	return res.UnsortedList()
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/distillery.go b/vendor/github.com/cilium/cilium/pkg/policy/distillery.go
index ce55f54e6f..61b5822393 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/distillery.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/distillery.go
@@ -5,6 +5,7 @@ package policy
 
 import (
 	"fmt"
+	"iter"
 	"sync/atomic"
 
 	"github.com/cilium/cilium/pkg/container/versioned"
@@ -17,9 +18,13 @@ import (
 // the policy repository and ready to be distilled against a set of identities
 // to compute datapath-level policy configuration.
 type SelectorPolicy interface {
+	// CreateRedirects is used to ensure the endpoint has created all the needed redirects
+	// before a new EndpointPolicy is created.
+	RedirectFilters() iter.Seq2[*L4Filter, *PerSelectorPolicy]
+
 	// Consume returns the policy in terms of connectivity to peer
 	// Identities.
-	Consume(owner PolicyOwner) *EndpointPolicy
+	Consume(owner PolicyOwner, redirects map[string]uint16) *EndpointPolicy
 }
 
 // PolicyCache represents a cache of resolved policies for identities.
@@ -35,7 +40,7 @@ type PolicyCache struct {
 }
 
 // NewPolicyCache creates a new cache of SelectorPolicy.
-func NewPolicyCache(repo *Repository, idmgr *identitymanager.IdentityManager) *PolicyCache {
+func NewPolicyCache(repo *Repository, idmgr identitymanager.IDManager) *PolicyCache {
 	cache := &PolicyCache{
 		repo:     repo,
 		policies: make(map[identityPkg.NumericIdentity]*cachedSelectorPolicy),
@@ -229,10 +234,14 @@ func (cip *cachedSelectorPolicy) setPolicy(policy *selectorPolicy) {
 //
 // This denotes that a particular endpoint is 'consuming' the policy from the
 // selector policy cache.
-func (cip *cachedSelectorPolicy) Consume(owner PolicyOwner) *EndpointPolicy {
+func (cip *cachedSelectorPolicy) Consume(owner PolicyOwner, redirects map[string]uint16) *EndpointPolicy {
 	// TODO: This currently computes the EndpointPolicy from SelectorPolicy
 	// on-demand, however in future the cip is intended to cache the
 	// EndpointPolicy for this Identity and emit datapath deltas instead.
 	isHost := cip.identity.ID == identityPkg.ReservedIdentityHost
-	return cip.getPolicy().DistillPolicy(owner, isHost)
+	return cip.getPolicy().DistillPolicy(owner, redirects, isHost)
+}
+
+func (cip *cachedSelectorPolicy) RedirectFilters() iter.Seq2[*L4Filter, *PerSelectorPolicy] {
+	return cip.getPolicy().RedirectFilters()
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/l4.go b/vendor/github.com/cilium/cilium/pkg/policy/l4.go
index b47c67fcb9..041bed8a65 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/l4.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/l4.go
@@ -12,7 +12,6 @@ import (
 	"strconv"
 	"strings"
 	"sync/atomic"
-	"testing"
 
 	cilium "github.com/cilium/proxy/go/cilium/api"
 	"github.com/sirupsen/logrus"
@@ -60,8 +59,9 @@ func (l4rule *PerSelectorPolicy) covers(l3l4rule *PerSelectorPolicy) bool {
 	if l3l4IsRedirect && !l4OnlyIsRedirect {
 		// Can not skip if l3l4-rule is redirect while l4-only is not
 		return false
-	} else if l3l4IsRedirect && l4OnlyIsRedirect && l3l4rule.Listener != l4rule.Listener {
-		// L3l4 rule has a different listener, it can not be skipped
+	} else if l3l4IsRedirect && l4OnlyIsRedirect &&
+		(l3l4rule.Listener != l4rule.Listener || l3l4rule.Priority != l4rule.Priority) {
+		// L3l4 rule has a different listener or priority, it can not be skipped
 		return false
 	}
 
@@ -504,7 +504,7 @@ func (l4 *L4Filter) GetPort() uint16 {
 }
 
 // Equals returns true if two L4Filters are equal
-func (l4 *L4Filter) Equals(_ *testing.T, bL4 *L4Filter) bool {
+func (l4 *L4Filter) Equals(bL4 *L4Filter) bool {
 	if l4.Port == bL4.Port &&
 		l4.EndPort == bL4.EndPort &&
 		l4.PortName == bL4.PortName &&
@@ -529,14 +529,24 @@ func (l4 *L4Filter) Equals(_ *testing.T, bL4 *L4Filter) bool {
 }
 
 // ChangeState allows caller to revert changes made by (multiple) toMapState call(s)
+// All fields are maps so we can pass this by value.
 type ChangeState struct {
-	Adds    Keys        // Added or modified keys, if not nil
-	Deletes Keys        // deleted keys, if not nil
-	Old     MapStateMap // Old values of all modified or deleted keys, if not nil
+	Adds    Keys                  // Added or modified keys, if not nil
+	Deletes Keys                  // deleted keys, if not nil
+	old     map[Key]mapStateEntry // Old values of all modified or deleted keys, if not nil
+}
+
+// NewRevertState returns an empty ChangeState suitable for reverting MapState changes.
+// The private 'old' field is initialized so that old state can be restored if need be.
+func NewRevertState() ChangeState {
+	return ChangeState{
+		Adds: make(Keys),
+		old:  make(map[Key]mapStateEntry),
+	}
 }
 
 func (c *ChangeState) Empty() bool {
-	return len(c.Adds)+len(c.Deletes)+len(c.Old) == 0
+	return len(c.Adds)+len(c.Deletes)+len(c.old) == 0
 }
 
 // toMapState converts a single filter into a MapState entries added to 'p.PolicyMapState'.
@@ -548,7 +558,7 @@ func (c *ChangeState) Empty() bool {
 // 'redirects' is the map of currently realized redirects, it is used to find the proxy port for any redirects.
 // p.SelectorCache is used as Identities interface during this call, which only has GetPrefix() that
 // needs no lock.
-func (l4 *L4Filter) toMapState(p *EndpointPolicy, features policyFeatures, redirects map[string]uint16, changes ChangeState) {
+func (l4 *L4Filter) toMapState(p *EndpointPolicy, features policyFeatures, changes ChangeState) {
 	port := l4.Port
 	proto := l4.U8Proto
 
@@ -588,9 +598,10 @@ func (l4 *L4Filter) toMapState(p *EndpointPolicy, features policyFeatures, redir
 		wildcardRule = l4.PerSelectorPolicies[l4.wildcard]
 	}
 
+	isL4Wildcard := (l4.Port != 0 || l4.PortName != "") && l4.wildcard != nil
 	for cs, currentRule := range l4.PerSelectorPolicies {
 		// have wildcard and this is an L3L4 key?
-		isL3L4withWildcardPresent := (l4.Port != 0 || l4.PortName != "") && l4.wildcard != nil && cs != l4.wildcard
+		isL3L4withWildcardPresent := isL4Wildcard && cs != l4.wildcard
 
 		if isL3L4withWildcardPresent && wildcardRule.covers(currentRule) {
 			logger.WithField(logfields.EndpointSelector, cs).Debug("ToMapState: Skipping L3/L4 key due to existing L4-only key")
@@ -600,6 +611,7 @@ func (l4 *L4Filter) toMapState(p *EndpointPolicy, features policyFeatures, redir
 		isDenyRule := currentRule != nil && currentRule.IsDeny
 		isRedirect := currentRule.IsRedirect()
 		listener := currentRule.GetListener()
+		priority := currentRule.GetPriority()
 		if !isDenyRule && isL3L4withWildcardPresent && !isRedirect {
 			// Inherit the redirect status from the wildcard rule.
 			// This is now needed as 'covers()' can pass non-redirect L3L4 rules
@@ -608,27 +620,27 @@ func (l4 *L4Filter) toMapState(p *EndpointPolicy, features policyFeatures, redir
 			// L4-only rule.
 			isRedirect = wildcardRule.IsRedirect()
 			listener = wildcardRule.GetListener()
+			priority = wildcardRule.GetPriority()
 		}
 		hasAuth, authType := currentRule.GetAuthType()
 		var proxyPort uint16
 		if isRedirect {
-			var exists bool
-			proxyID := ProxyID(uint16(p.PolicyOwner.GetID()), l4.Ingress, string(l4.Protocol), port, listener)
-			proxyPort, exists = redirects[proxyID]
-			if !exists {
+			var err error
+			proxyPort, err = p.LookupRedirectPort(l4.Ingress, string(l4.Protocol), port, listener)
+			if err != nil {
 				// Skip unrealized redirects; this happens routineously just
 				// before new redirects are realized. Once created, we are called
 				// again.
-				logger.WithField(logfields.EndpointSelector, cs).Debugf("Skipping unrealized redirect %s (%v)", proxyID, redirects)
+				logger.WithError(err).WithField(logfields.EndpointSelector, cs).Debugf("Skipping unrealized redirect")
 				continue
 			}
 		}
-		entry := NewMapStateEntry(cs, l4.RuleOrigin[cs], proxyPort, currentRule.GetListener(), currentRule.GetPriority(), isDenyRule, hasAuth, authType)
+		entry := newMapStateEntry(cs, l4.RuleOrigin[cs], proxyPort, priority, isDenyRule, hasAuth, authType)
 
 		if cs.IsWildcard() {
 			for _, keyToAdd := range keysToAdd {
 				keyToAdd.Identity = 0
-				p.policyMapState.denyPreferredInsertWithChanges(keyToAdd, entry, features, changes)
+				p.policyMapState.insertWithChanges(keyToAdd, entry, features, changes)
 
 				if port == 0 {
 					// Allow-all
@@ -660,15 +672,15 @@ func (l4 *L4Filter) toMapState(p *EndpointPolicy, features policyFeatures, redir
 		for _, id := range idents {
 			for _, keyToAdd := range keysToAdd {
 				keyToAdd.Identity = id
-				p.policyMapState.denyPreferredInsertWithChanges(keyToAdd, entry, features, changes)
+				p.policyMapState.insertWithChanges(keyToAdd, entry, features, changes)
 				// If Cilium is in dual-stack mode then the "World" identity
 				// needs to be split into two identities to represent World
 				// IPv6 and IPv4 traffic distinctly from one another.
 				if id == identity.ReservedIdentityWorld && option.Config.IsDualStack() {
 					keyToAdd.Identity = identity.ReservedIdentityWorldIPv4
-					p.policyMapState.denyPreferredInsertWithChanges(keyToAdd, entry, features, changes)
+					p.policyMapState.insertWithChanges(keyToAdd, entry, features, changes)
 					keyToAdd.Identity = identity.ReservedIdentityWorldIPv6
-					p.policyMapState.denyPreferredInsertWithChanges(keyToAdd, entry, features, changes)
+					p.policyMapState.insertWithChanges(keyToAdd, entry, features, changes)
 				}
 			}
 		}
@@ -677,7 +689,7 @@ func (l4 *L4Filter) toMapState(p *EndpointPolicy, features policyFeatures, redir
 		log.WithFields(logrus.Fields{
 			logfields.PolicyKeysAdded:   changes.Adds,
 			logfields.PolicyKeysDeleted: changes.Deletes,
-			logfields.PolicyEntriesOld:  changes.Old,
+			logfields.PolicyEntriesOld:  changes.old,
 		}).Debug("ToMapChange changes")
 	}
 }
@@ -1106,7 +1118,7 @@ func addL4Filter(policyCtx PolicyContext,
 	ctx *SearchContext, resMap L4PolicyMap,
 	p api.PortProtocol, proto api.L4Proto,
 	filterToMerge *L4Filter,
-	ruleLabels labels.LabelArray) error {
+) error {
 
 	existingFilter := resMap.ExactLookup(p.Port, uint16(p.EndPort), string(proto))
 	if existingFilter == nil {
@@ -1144,16 +1156,17 @@ type L4PolicyMap interface {
 	IngressCoversContext(ctx *SearchContext) api.Decision
 	EgressCoversContext(ctx *SearchContext) api.Decision
 	ForEach(func(l4 *L4Filter) bool)
-	Equals(t *testing.T, bMap L4PolicyMap) bool
-	Diff(t *testing.T, expectedMap L4PolicyMap) string
+	TestingOnlyEquals(bMap L4PolicyMap) bool
+	TestingOnlyDiff(expectedMap L4PolicyMap) string
 	Len() int
 }
 
 // NewL4PolicyMap creates an new L4PolicMap.
 func NewL4PolicyMap() L4PolicyMap {
 	return &l4PolicyMap{
-		namedPortMap: make(map[string]*L4Filter),
-		rangePortMap: bitlpm.NewUintTrie[uint32, map[portProtoKey]*L4Filter](),
+		namedPortMap:   make(map[string]*L4Filter),
+		rangePortMap:   make(map[portProtoKey]*L4Filter),
+		rangePortIndex: bitlpm.NewUintTrie[uint32, map[portProtoKey]struct{}](),
 	}
 }
 
@@ -1161,8 +1174,9 @@ func NewL4PolicyMap() L4PolicyMap {
 // set of values. The initMap argument does not support port ranges.
 func NewL4PolicyMapWithValues(initMap map[string]*L4Filter) L4PolicyMap {
 	l4M := &l4PolicyMap{
-		namedPortMap: make(map[string]*L4Filter),
-		rangePortMap: bitlpm.NewUintTrie[uint32, map[portProtoKey]*L4Filter](),
+		namedPortMap:   make(map[string]*L4Filter),
+		rangePortMap:   make(map[portProtoKey]*L4Filter),
+		rangePortIndex: bitlpm.NewUintTrie[uint32, map[portProtoKey]struct{}](),
 	}
 	for k, v := range initMap {
 		portProtoSlice := strings.Split(k, "/")
@@ -1186,16 +1200,13 @@ type l4PolicyMap struct {
 	// level, because they can only be resolved at the endpoint/identity
 	// level. Named ports cannot have ranges.
 	namedPortMap map[string]*L4Filter
-	// rangePortMap has to keep a map of L4Filters rather than
-	// a single L4Filter reference so that the l4PolicyMap does
-	// not merge L4Filter that are not the same port range, but
-	// share an overlapping range in the trie.
-	rangePortMap *bitlpm.UintTrie[uint32, map[portProtoKey]*L4Filter]
-	// rangeMapLen counts the number of unique L4Filters in
-	// the rangePortMap. It must be tracked separately from
-	// rangePortMap as L4Filters are split up when
-	// the port range length is not a power of two.
-	rangeMapLen int
+	// rangePortMap is a map of all L4Filters indexed by their port-
+	// protocol.
+	rangePortMap map[portProtoKey]*L4Filter
+	// rangePortIndex is an index of all L4Filters so that
+	// L4Filters that have overlapping port ranges can be looked up
+	// by with a single port.
+	rangePortIndex *bitlpm.UintTrie[uint32, map[portProtoKey]struct{}]
 }
 
 func parsePortProtocol(port, protocol string) (uint16, uint8) {
@@ -1226,22 +1237,21 @@ func (l4M *l4PolicyMap) Upsert(port string, endPort uint16, protocol string, l4
 		endPort: endPort,
 		proto:   protoU,
 	}
-	var upsertHappened bool
-	for _, mp := range PortRangeToMaskedPorts(portU, endPort) {
-		k := makePolicyMapKey(mp.port, mp.mask, protoU)
-		prefix := 32 - uint(bits.TrailingZeros16(mp.mask))
-		portProtoMap, ok := l4M.rangePortMap.ExactLookup(prefix, k)
-		if !ok {
-			portProtoMap = make(map[portProtoKey]*L4Filter)
-			l4M.rangePortMap.Upsert(prefix, k, portProtoMap)
-		}
-		if !upsertHappened {
-			if _, ok := portProtoMap[ppK]; !ok {
-				l4M.rangeMapLen += 1
-				upsertHappened = true
+	_, indexExists := l4M.rangePortMap[ppK]
+	l4M.rangePortMap[ppK] = l4
+	// We do not need to reindex a key that already exists,
+	// even if the filter changed.
+	if !indexExists {
+		for _, mp := range PortRangeToMaskedPorts(portU, endPort) {
+			k := makePolicyMapKey(mp.port, mp.mask, protoU)
+			prefix := 32 - uint(bits.TrailingZeros16(mp.mask))
+			portProtoSet, ok := l4M.rangePortIndex.ExactLookup(prefix, k)
+			if !ok {
+				portProtoSet = make(map[portProtoKey]struct{})
+				l4M.rangePortIndex.Upsert(prefix, k, portProtoSet)
 			}
+			portProtoSet[ppK] = struct{}{}
 		}
-		portProtoMap[ppK] = l4
 	}
 }
 
@@ -1258,23 +1268,21 @@ func (l4M *l4PolicyMap) Delete(port string, endPort uint16, protocol string) {
 		endPort: endPort,
 		proto:   protoU,
 	}
-	var deleteHappened bool
-	for _, mp := range PortRangeToMaskedPorts(portU, endPort) {
-		k := makePolicyMapKey(mp.port, mp.mask, protoU)
-		prefix := 32 - uint(bits.TrailingZeros16(mp.mask))
-		portProtoMap, ok := l4M.rangePortMap.ExactLookup(prefix, k)
-		if !ok {
-			return
-		}
-		if _, ok := portProtoMap[ppK]; ok {
-			delete(portProtoMap, ppK)
-			if !deleteHappened {
-				l4M.rangeMapLen -= 1
-				deleteHappened = true
+	_, indexExists := l4M.rangePortMap[ppK]
+	delete(l4M.rangePortMap, ppK)
+	// Only delete the index if the key exists.
+	if indexExists {
+		for _, mp := range PortRangeToMaskedPorts(portU, endPort) {
+			k := makePolicyMapKey(mp.port, mp.mask, protoU)
+			prefix := 32 - uint(bits.TrailingZeros16(mp.mask))
+			portProtoSet, ok := l4M.rangePortIndex.ExactLookup(prefix, k)
+			if !ok {
+				return
+			}
+			delete(portProtoSet, ppK)
+			if len(portProtoSet) == 0 {
+				l4M.rangePortIndex.Delete(prefix, k)
 			}
-		}
-		if len(portProtoMap) == 0 {
-			l4M.rangePortMap.Delete(prefix, k)
 		}
 	}
 }
@@ -1291,18 +1299,7 @@ func (l4M *l4PolicyMap) ExactLookup(port string, endPort uint16, protocol string
 		endPort: endPort,
 		proto:   protoU,
 	}
-	for _, mp := range PortRangeToMaskedPorts(portU, endPort) {
-		k := makePolicyMapKey(mp.port, mp.mask, protoU)
-		prefix := 32 - uint(bits.TrailingZeros16(mp.mask))
-		portProtoMap, ok := l4M.rangePortMap.ExactLookup(prefix, k)
-		if !ok {
-			return nil
-		}
-		if l4, ok := portProtoMap[ppK]; ok {
-			return l4
-		}
-	}
-	return nil
+	return l4M.rangePortMap[ppK]
 }
 
 // MatchesLabels checks if a given port, protocol, and labels matches
@@ -1318,13 +1315,16 @@ func (l4M *l4PolicyMap) MatchesLabels(port, protocol string, labels labels.Label
 
 	portU, protoU := parsePortProtocol(port, protocol)
 	l4PortProtoKeys := make(map[portProtoKey]struct{})
-	l4M.rangePortMap.Ancestors(32, makePolicyMapKey(portU, 0xffff, protoU),
-		func(_ uint, _ uint32, portProtoMap map[portProtoKey]*L4Filter) bool {
-			for k, v := range portProtoMap {
-				if _, ok := l4PortProtoKeys[k]; !ok {
-					match, isDeny = v.matchesLabels(labels)
-					if isDeny {
-						return false
+	l4M.rangePortIndex.Ancestors(32, makePolicyMapKey(portU, 0xffff, protoU),
+		func(_ uint, _ uint32, portProtoSet map[portProtoKey]struct{}) bool {
+			for k := range portProtoSet {
+				v, ok := l4M.rangePortMap[k]
+				if ok {
+					if _, ok := l4PortProtoKeys[k]; !ok {
+						match, isDeny = v.matchesLabels(labels)
+						if isDeny {
+							return false
+						}
 					}
 				}
 			}
@@ -1336,23 +1336,19 @@ func (l4M *l4PolicyMap) MatchesLabels(port, protocol string, labels labels.Label
 // ForEach iterates over all L4Filters in the l4PolicyMap.
 func (l4M *l4PolicyMap) ForEach(fn func(l4 *L4Filter) bool) {
 	for _, f := range l4M.namedPortMap {
-		fn(f)
+		if !fn(f) {
+			return
+		}
 	}
-	l4PortProtoKeys := make(map[portProtoKey]struct{})
-	l4M.rangePortMap.ForEach(func(prefix uint, key uint32, portPortoMap map[portProtoKey]*L4Filter) bool {
-		for k, v := range portPortoMap {
-			// We check for redundant L4Filters, because we split them apart in the index.
-			if _, ok := l4PortProtoKeys[k]; !ok {
-				fn(v)
-				l4PortProtoKeys[k] = struct{}{}
-			}
+	for _, v := range l4M.rangePortMap {
+		if !fn(v) {
+			return
 		}
-		return true
-	})
+	}
 }
 
 // Equals returns true if both L4PolicyMaps are equal.
-func (l4M *l4PolicyMap) Equals(_ *testing.T, bMap L4PolicyMap) bool {
+func (l4M *l4PolicyMap) TestingOnlyEquals(bMap L4PolicyMap) bool {
 	if l4M.Len() != bMap.Len() {
 		return false
 	}
@@ -1363,14 +1359,14 @@ func (l4M *l4PolicyMap) Equals(_ *testing.T, bMap L4PolicyMap) bool {
 			port = fmt.Sprintf("%d", l4.Port)
 		}
 		l4B := bMap.ExactLookup(port, l4.EndPort, string(l4.Protocol))
-		equal = l4.Equals(nil, l4B)
+		equal = l4.Equals(l4B)
 		return equal
 	})
 	return equal
 }
 
 // Diff returns the difference between to L4PolicyMaps.
-func (l4M *l4PolicyMap) Diff(_ *testing.T, expected L4PolicyMap) (res string) {
+func (l4M *l4PolicyMap) TestingOnlyDiff(expected L4PolicyMap) (res string) {
 	res += "Missing (-), Unexpected (+):\n"
 	expected.ForEach(func(eV *L4Filter) bool {
 		port := eV.PortName
@@ -1379,7 +1375,7 @@ func (l4M *l4PolicyMap) Diff(_ *testing.T, expected L4PolicyMap) (res string) {
 		}
 		oV := l4M.ExactLookup(port, eV.Port, string(eV.Protocol))
 		if oV != nil {
-			if !eV.Equals(nil, oV) {
+			if !eV.Equals(oV) {
 				res += "- " + eV.String() + "\n"
 				res += "+ " + oV.String() + "\n"
 			}
@@ -1407,7 +1403,7 @@ func (l4M *l4PolicyMap) Len() int {
 	if l4M == nil {
 		return 0
 	}
-	return len(l4M.namedPortMap) + l4M.rangeMapLen
+	return len(l4M.namedPortMap) + len(l4M.rangePortMap)
 }
 
 type policyFeatures uint8
@@ -1631,14 +1627,18 @@ func (l4Policy *L4Policy) AccumulateMapChanges(l4 *L4Filter, cs CachedSelector,
 		var proxyPort uint16
 		if redirect {
 			var err error
-			proxyPort, err = epPolicy.PolicyOwner.LookupRedirectPort(l4.Ingress, string(l4.Protocol), port, listener)
+			proxyPort, err = epPolicy.LookupRedirectPort(l4.Ingress, string(l4.Protocol), port, listener)
 			if err != nil {
-				// This happens for new redirects that have not been realized
-				// yet. The accumulated changes should only be consumed after new
-				// redirects have been realized. ConsumeMapChanges then maps this
-				// invalid value to the real redirect port before the entry is
-				// visible to the endpoint package.
-				proxyPort = unrealizedRedirectPort
+				log.WithFields(logrus.Fields{
+					logfields.EndpointSelector: cs,
+					logfields.Port:             port,
+					logfields.Protocol:         proto,
+					logfields.TrafficDirection: direction,
+					logfields.IsRedirect:       redirect,
+					logfields.Listener:         listener,
+					logfields.ListenerPriority: priority,
+				}).Warn("AccumulateMapChanges: Missing redirect.")
+				continue
 			}
 		}
 		var keysToAdd []Key
@@ -1646,7 +1646,7 @@ func (l4Policy *L4Policy) AccumulateMapChanges(l4 *L4Filter, cs CachedSelector,
 			keysToAdd = append(keysToAdd,
 				KeyForDirection(direction).WithPortProtoPrefix(proto, mp.port, uint8(bits.LeadingZeros16(^mp.mask))))
 		}
-		value := NewMapStateEntry(cs, derivedFrom, proxyPort, listener, priority, isDeny, hasAuth, authType)
+		value := newMapStateEntry(cs, derivedFrom, proxyPort, priority, isDeny, hasAuth, authType)
 
 		if option.Config.Debug {
 			authString := "default"
@@ -1666,7 +1666,7 @@ func (l4Policy *L4Policy) AccumulateMapChanges(l4 *L4Filter, cs CachedSelector,
 				logfields.ListenerPriority: priority,
 			}).Debug("AccumulateMapChanges")
 		}
-		epPolicy.policyMapChanges.AccumulateMapChanges(cs, adds, deletes, keysToAdd, value)
+		epPolicy.policyMapChanges.AccumulateMapChanges(adds, deletes, keysToAdd, value)
 	}
 }
 
@@ -1674,6 +1674,7 @@ func (l4Policy *L4Policy) AccumulateMapChanges(l4 *L4Filter, cs CachedSelector,
 func (l4Policy *L4Policy) SyncMapChanges(l4 *L4Filter, txn *versioned.Tx) {
 	// SelectorCache may not be called into while holding this lock!
 	l4Policy.mutex.RLock()
+
 	for epPolicy := range l4Policy.users {
 		epPolicy.policyMapChanges.SyncMapChanges(txn)
 	}
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/mapstate.go b/vendor/github.com/cilium/cilium/pkg/policy/mapstate.go
index f9ac6d3d90..0fce54077d 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/mapstate.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/mapstate.go
@@ -5,6 +5,7 @@ package policy
 
 import (
 	"fmt"
+	"iter"
 	"maps"
 	"slices"
 	"strconv"
@@ -13,6 +14,7 @@ import (
 	"github.com/sirupsen/logrus"
 
 	"github.com/cilium/cilium/pkg/container/bitlpm"
+	"github.com/cilium/cilium/pkg/container/set"
 	"github.com/cilium/cilium/pkg/container/versioned"
 	"github.com/cilium/cilium/pkg/identity"
 	"github.com/cilium/cilium/pkg/labels"
@@ -31,7 +33,10 @@ import (
 // lest ye find yourself with hundreds of unnecessary imports.
 type Key = policyTypes.Key
 type Keys = policyTypes.Keys
+type MapStateOwner = any // Key or CachedSelector
 
+// Map type for external use. Internally we have more detail in private 'mapSteteEntry' type,
+// as well as more extensive indexing via tries.
 type MapStateMap map[Key]MapStateEntry
 
 func EgressKey() policyTypes.Key {
@@ -62,44 +67,14 @@ const (
 	LabelAllowLocalHostIngress = "allow-localhost-ingress"
 	LabelAllowAnyIngress       = "allow-any-ingress"
 	LabelAllowAnyEgress        = "allow-any-egress"
-	LabelVisibilityAnnotation  = "visibility-annotation"
-
-	// Using largest possible port value since it has the lowest priority
-	unrealizedRedirectPort = uint16(65535)
 )
 
-// MapState is a map interface for policy maps
-type MapState interface {
-	Get(Key) (MapStateEntry, bool)
-
-	// ForEach allows iteration over the MapStateEntries. It returns true if
-	// the iteration was not stopped early by the callback.
-	ForEach(func(Key, MapStateEntry) (cont bool)) (complete bool)
-	GetIdentities(*logrus.Logger) ([]int64, []int64)
-	GetDenyIdentities(*logrus.Logger) ([]int64, []int64)
-	Len() int
-
-	// private accessors
-	deniesL4(policyOwner PolicyOwner, l4 *L4Filter) bool
-
-	//
-	// modifiers are private
-	//
-	delete(Key)
-	insert(Key, MapStateEntry)
-	revertChanges(ChangeState)
-
-	addVisibilityKeys(PolicyOwner, uint16, *VisibilityMetadata, ChangeState)
-	allowAllIdentities(ingress, egress bool)
-	determineAllowLocalhostIngress()
-	denyPreferredInsertWithChanges(newKey Key, newEntry MapStateEntry, features policyFeatures, changes ChangeState)
-	deleteKeyWithChanges(key Key, owner MapStateOwner, changes ChangeState)
-
-	// For testing from other packages only
-	Equals(MapState) bool
-	Diff(expected MapState) string
-	WithState(initMap MapStateMap) MapState
-}
+var (
+	LabelsAllowAnyIngress = labels.LabelArrayList{labels.LabelArray{
+		labels.NewLabel(LabelKeyPolicyDerivedFrom, LabelAllowAnyIngress, labels.LabelSourceReserved)}}
+	LabelsAllowAnyEgress = labels.LabelArrayList{labels.LabelArray{
+		labels.NewLabel(LabelKeyPolicyDerivedFrom, LabelAllowAnyEgress, labels.LabelSourceReserved)}}
+)
 
 // mapState is a state of a policy map.
 type mapState struct {
@@ -121,12 +96,12 @@ type mapState struct {
 // intermediate node in the Trie with its own sub node associated with
 // TrafficDirection, Protocol, and Port. When identity is not indexed
 // then one policy will map to one key-prefix with a builtin map type
-// that associates each identity with a MapStateEntry. This strategy
+// that associates each identity with a mapStateEntry. This strategy
 // greatly enhances the usefuleness of the Trie and improves lookup,
 // deletion, and insertion times.
 type mapStateMap struct {
 	// entries is the map containing the MapStateEntries
-	entries MapStateMap
+	entries map[Key]mapStateEntry
 	// trie is a Trie that indexes policy Keys without their identity
 	// and stores the identities in an associated builtin map.
 	trie bitlpm.Trie[bitlpm.Key[policyTypes.LPMKey], IDSet]
@@ -134,12 +109,16 @@ type mapStateMap struct {
 
 type IDSet map[identity.NumericIdentity]struct{}
 
-func (msm *mapStateMap) Lookup(k Key) (MapStateEntry, bool) {
+func (msm *mapStateMap) Empty() bool {
+	return len(msm.entries) == 0
+}
+
+func (msm *mapStateMap) Lookup(k Key) (mapStateEntry, bool) {
 	v, ok := msm.entries[k]
 	return v, ok
 }
 
-func (msm *mapStateMap) upsert(k Key, e MapStateEntry) {
+func (msm *mapStateMap) upsert(k Key, e mapStateEntry) {
 	_, exists := msm.entries[k]
 
 	// upsert entry
@@ -177,6 +156,15 @@ func (msm *mapStateMap) delete(k Key) {
 }
 
 func (msm *mapStateMap) ForEach(f func(Key, MapStateEntry) bool) bool {
+	for k, e := range msm.entries {
+		if !f(k, e.MapStateEntry) {
+			return false
+		}
+	}
+	return true
+}
+
+func (msm *mapStateMap) forEach(f func(Key, mapStateEntry) bool) bool {
 	for k, e := range msm.entries {
 		if !f(k, e) {
 			return false
@@ -185,7 +173,7 @@ func (msm *mapStateMap) ForEach(f func(Key, MapStateEntry) bool) bool {
 	return true
 }
 
-func (msm *mapStateMap) forKey(k Key, f func(Key, MapStateEntry) bool) bool {
+func (msm *mapStateMap) forKey(k Key, f func(Key, mapStateEntry) bool) bool {
 	e, ok := msm.entries[k]
 	if ok {
 		return f(k, e)
@@ -197,226 +185,214 @@ func (msm *mapStateMap) forKey(k Key, f func(Key, MapStateEntry) bool) bool {
 	return true
 }
 
-// ForEachNarrowerKeyWithBroaderID iterates over narrower port/proto's and broader IDs in the trie.
-// Equal port/protos or identities are not included.
-func (msm *mapStateMap) ForEachNarrowerKeyWithBroaderID(key Key, f func(Key, MapStateEntry) bool) {
-	msm.trie.Descendants(key.PrefixLength(), key, func(_ uint, lpmKey bitlpm.Key[policyTypes.LPMKey], idSet IDSet) bool {
-		// k is the key from trie with 0'ed ID
-		k := Key{
-			LPMKey: lpmKey.Value(),
-		}
-
-		// Descendants iterates over equal port/proto, caller expects to see only narrower keys so skip it
-		if k.PortProtoIsEqual(key) {
-			return true
-		}
-
-		// ANY identities are ancestors of all
-		// identities, visit them first, but not if key is also ANY
-		if key.Identity != 0 {
-			if _, exists := idSet[0]; exists {
-				k.Identity = 0
-				if !msm.forKey(k, f) {
-					return false
-				}
-			}
+// forDifferentKeys calls 'f' for each Key 'k' with identities in 'idSet', if different from 'key'.
+func (msm *mapStateMap) forDifferentKeys(key, k Key, idSet IDSet, f func(Key, mapStateEntry) bool) bool {
+	for id := range idSet {
+		k.Identity = id
+		if key != k && !msm.forKey(k, f) {
+			return false
 		}
-		return true
-	})
+	}
+	return true
 }
 
-// ForEachBroaderOrEqualKey iterates over broader or equal keys in the trie.
-func (msm *mapStateMap) ForEachBroaderOrEqualKey(key Key, f func(Key, MapStateEntry) bool) {
-	msm.trie.Ancestors(key.PrefixLength(), key, func(_ uint, lpmKey bitlpm.Key[policyTypes.LPMKey], idSet IDSet) bool {
-		// k is the key from trie with 0'ed ID
-		k := Key{
-			LPMKey: lpmKey.Value(),
-		}
-
-		// ANY identity is an ancestor of all identities, visit them first
-		if _, exists := idSet[0]; exists {
-			k.Identity = 0
+// forSpecificIDs calls 'f' for each non-ANY ID in 'idSet' with port/proto from 'k'.
+func (msm *mapStateMap) forSpecificIDs(k Key, idSet IDSet, f func(Key, mapStateEntry) bool) bool {
+	for id := range idSet {
+		if id != 0 {
+			k.Identity = id
 			if !msm.forKey(k, f) {
 				return false
 			}
 		}
+	}
+	return true
+}
 
-		// Need to visit all keys with the same identity
-		// ANY identity was already visited above
-		if key.Identity != 0 {
-			_, exists := idSet[key.Identity]
-			if exists {
-				k.Identity = key.Identity
-				if !msm.forKey(k, f) {
-					return false
-				}
-			}
+// forIDs calls 'f' for each ID in 'idSet' with port/proto from 'k'.
+func (msm *mapStateMap) forIDs(k Key, idSet IDSet, f func(Key, mapStateEntry) bool) bool {
+	for id := range idSet {
+		k.Identity = id
+		if !msm.forKey(k, f) {
+			return false
 		}
-		return true
-	})
+	}
+	return true
 }
 
-func (msm *mapStateMap) forDescendantIDs(keyIdentity identity.NumericIdentity, k Key, idSet IDSet, f func(Key, MapStateEntry) bool) bool {
-	switch identity.NumericIdentity(keyIdentity) {
-	case identity.IdentityUnknown: // 0
-		// All identities are descendants of ANY
-		for id := range idSet {
-			if id != 0 {
-				k.Identity = id
-				if !msm.forKey(k, f) {
-					return false
-				}
-			}
+// forID calls 'f' for 'k' if 'k.Identity' exists in 'idSet'.
+func (msm *mapStateMap) forID(k Key, idSet IDSet, f func(Key, mapStateEntry) bool) bool {
+	if _, exists := idSet[k.Identity]; exists {
+		if !msm.forKey(k, f) {
+			return false
 		}
 	}
 	return true
 }
 
-// ForEachNarrowerOrEqualKey iterates over narrower or equal keys in the trie.
-func (msm *mapStateMap) ForEachNarrowerOrEqualKey(key Key, f func(Key, MapStateEntry) bool) {
-	msm.trie.Descendants(key.PrefixLength(), key, func(_ uint, lpmKey bitlpm.Key[policyTypes.LPMKey], idSet IDSet) bool {
-		// k is the key from trie with 0'ed ID
-		k := Key{
-			LPMKey: lpmKey.Value(),
-		}
+// NarrowerKeysWithWildcardID iterates over ANY keys with narrower port/proto's in the trie.
+// Equal port/protos are not included.
+// New keys with the protocol/port of the iterated keys can be safely added during iteration as this
+// operation does not change the trie, but only adds elements to the idSet that is not used after
+// yielding.
+func (msm *mapStateMap) NarrowerKeysWithWildcardID(key Key) iter.Seq2[Key, mapStateEntry] {
+	return func(yield func(Key, mapStateEntry) bool) {
+		iter := msm.trie.DescendantIterator(key.PrefixLength(), key)
+		for ok, lpmKey, idSet := iter.Next(); ok; ok, lpmKey, idSet = iter.Next() {
+			k := Key{LPMKey: lpmKey.Value()}
 
-		// Need to visit all keys with the same identity
-		_, exists := idSet[key.Identity]
-		if exists {
-			k.Identity = key.Identity
-			if !msm.forKey(k, f) {
-				return false
+			// Visit narrower ANY keys
+			if !k.PortProtoIsEqual(key) && !msm.forID(k.WithIdentity(0), idSet, yield) {
+				return
 			}
 		}
-
-		return msm.forDescendantIDs(key.Identity, k, idSet, f)
-	})
+	}
 }
 
-// ForEachBroaderKeyWithNarrowerID iterates over broader proto/port with narrower identity in the trie.
-// Equal port/protos or identities are not included.
-func (msm *mapStateMap) ForEachBroaderKeyWithNarrowerID(key Key, f func(Key, MapStateEntry) bool) {
-	msm.trie.Ancestors(key.PrefixLength(), key, func(_ uint, lpmKey bitlpm.Key[policyTypes.LPMKey], idSet IDSet) bool {
-		// k is the key from trie with 0'ed ID
-		k := Key{
-			LPMKey: lpmKey.Value(),
-		}
+// BroaderOrEqualKeys iterates over broader or equal (broader or equal port/proto and the same
+// or wildcard ID) in the trie.
+func (msm *mapStateMap) BroaderOrEqualKeys(key Key) iter.Seq2[Key, mapStateEntry] {
+	return func(yield func(Key, mapStateEntry) bool) {
+		iter := msm.trie.AncestorIterator(key.PrefixLength(), key)
+		for ok, lpmKey, idSet := iter.Next(); ok; ok, lpmKey, idSet = iter.Next() {
+			k := Key{LPMKey: lpmKey.Value()}
 
-		// Skip equal PortProto
-		if k.PortProtoIsEqual(key) {
-			return true
-		}
+			// ANY identity is broader or equal to all identities, visit it first if it exists
+			if !msm.forID(k.WithIdentity(0), idSet, yield) {
+				return
+			}
 
-		return msm.forDescendantIDs(key.Identity, k, idSet, f)
-	})
+			// Visit key with the same identity, if it exists.
+			// ANY identity was already visited above.
+			if key.Identity != 0 && !msm.forID(k.WithIdentity(key.Identity), idSet, yield) {
+				return
+			}
+		}
+	}
 }
 
-// ForEachBroaderOrEqualDatapathKey iterates over broader or equal keys in the trie.
-// Visits all keys that datapath would match IF the 'key' was not added to the policy map.
-// NOTE that CIDRs are not considered here as datapath does not support LPM matching in security IDs.
-func (msm *mapStateMap) ForEachBroaderOrEqualDatapathKey(key Key, f func(Key, MapStateEntry) bool) {
-	msm.trie.Ancestors(key.PrefixLength(), key, func(_ uint, lpmKey bitlpm.Key[policyTypes.LPMKey], idSet IDSet) bool {
-		// k is the key from trie with 0'ed ID
-		k := Key{
-			LPMKey: lpmKey.Value(),
-		}
+// NarrowerKeys iterates over narrower keys in the trie.
+func (msm *mapStateMap) NarrowerKeys(key Key) iter.Seq2[Key, mapStateEntry] {
+	return func(yield func(Key, mapStateEntry) bool) {
+		iter := msm.trie.DescendantIterator(key.PrefixLength(), key)
+		for ok, lpmKey, idSet := iter.Next(); ok; ok, lpmKey, idSet = iter.Next() {
+			k := Key{LPMKey: lpmKey.Value()}
 
-		// ANY identities are ancestors of all identities, visit them first
-		if _, exists := idSet[0]; exists {
-			k.Identity = 0
-			if !msm.forKey(k, f) {
-				return false
+			// All identities are narrower than ANY identity, visit different keys
+			if key.Identity == 0 {
+				if !msm.forDifferentKeys(key, k, idSet, yield) {
+					return
+				}
+			} else { // key has a specific identity
+				// Need to visit the key with the same identity, if PortProto is different,
+				// and one exists.
+				if !k.PortProtoIsEqual(key) && !msm.forID(k.WithIdentity(key.Identity), idSet, yield) {
+					return
+				}
 			}
 		}
+	}
+}
 
-		// Need to visit all keys with the same identity
-		// ANY identity was already visited above
-		if key.Identity != 0 {
-			_, exists := idSet[key.Identity]
-			if exists {
-				k.Identity = key.Identity
-				if !msm.forKey(k, f) {
-					return false
+// NarrowerOrEqualKeys iterates over narrower or equal keys in the trie.
+// Iterated keys can be safely deleted during iteration due to DescendantIterator holding enough
+// state that allows iteration to be continued even if the current trie node is removed.
+func (msm *mapStateMap) NarrowerOrEqualKeys(key Key) iter.Seq2[Key, mapStateEntry] {
+	return func(yield func(Key, mapStateEntry) bool) {
+		iter := msm.trie.DescendantIterator(key.PrefixLength(), key)
+		for ok, lpmKey, idSet := iter.Next(); ok; ok, lpmKey, idSet = iter.Next() {
+			k := Key{LPMKey: lpmKey.Value()}
+
+			// All identities are narrower or equal to ANY identity.
+			if key.Identity == 0 {
+				if !msm.forIDs(k, idSet, yield) {
+					return
+				}
+			} else { // key has a specific identity
+				// Need to visit the key with the same identity, if it exists.
+				if !msm.forID(k.WithIdentity(key.Identity), idSet, yield) {
+					return
 				}
 			}
 		}
-		return true
-	})
+	}
 }
 
-// ForEachNarrowerOrEqualDatapathKey iterates over narrower or equal keys in the trie.
-// Visits all keys that datapath matches that would match 'key' if those keys were not in the policy map.
-// NOTE that CIDRs are not considered here as datapath does not support LPM matching in security IDs.
-func (msm *mapStateMap) ForEachNarrowerOrEqualDatapathKey(key Key, f func(Key, MapStateEntry) bool) {
-	msm.trie.Descendants(key.PrefixLength(), key, func(_ uint, lpmKey bitlpm.Key[policyTypes.LPMKey], idSet IDSet) bool {
-		// k is the key from trie with 0'ed ID
-		k := Key{
-			LPMKey: lpmKey.Value(),
+// BroaderKeysWithSpecificID iterates over keys with broader proto/port and a specific
+// identity in the trie.
+// Equal port/protos or identities are not included.
+func (msm *mapStateMap) BroaderKeysWithSpecificID(key Key) iter.Seq2[Key, mapStateEntry] {
+	return func(yield func(Key, mapStateEntry) bool) {
+		iter := msm.trie.AncestorIterator(key.PrefixLength(), key)
+		for ok, lpmKey, idSet := iter.Next(); ok; ok, lpmKey, idSet = iter.Next() {
+			k := Key{LPMKey: lpmKey.Value()}
+
+			// Visit different keys with specific IDs
+			if !k.PortProtoIsEqual(key) && !msm.forSpecificIDs(k, idSet, yield) {
+				return
+			}
 		}
+	}
+}
+
+// CoveringKeys iterates over broader port/proto entries in the trie in LPM order,
+// with most specific match being returned first.
+func (msm *mapStateMap) CoveringKeys(key Key) iter.Seq2[Key, mapStateEntry] {
+	return func(yield func(Key, mapStateEntry) bool) {
+		iter := msm.trie.AncestorLongestPrefixFirstIterator(key.PrefixLength(), key)
+		for ok, lpmKey, idSet := iter.Next(); ok; ok, lpmKey, idSet = iter.Next() {
+			k := Key{LPMKey: lpmKey.Value()}
 
-		// All identities are descendants of ANY identity.
-		if key.Identity == 0 {
-			for id := range idSet {
-				k.Identity = id
-				if !msm.forKey(k, f) {
-					return false
+			// Visit key with the same identity, if port/proto is different.
+			// ANY identity is visited below.
+			if key.Identity != 0 && !k.PortProtoIsEqual(key) {
+				if !msm.forID(k.WithIdentity(key.Identity), idSet, yield) {
+					return
 				}
 			}
-		}
 
-		// Need to visit all keys with the same identity.
-		// ANY identity was already visited above.
-		if key.Identity != 0 {
-			_, exists := idSet[key.Identity]
-			if exists {
-				k.Identity = key.Identity
-				if !msm.forKey(k, f) {
-					return false
+			// ANY identity covers all non-ANY identities, visit them second.
+			// Keys with ANY identity visit ANY keys only if port/proto is different.
+			if key.Identity != 0 || !k.PortProtoIsEqual(key) {
+				if !msm.forID(k.WithIdentity(0), idSet, yield) {
+					return
 				}
 			}
 		}
-		return true
-	})
+	}
 }
 
-// ForEachKeyWithBroaderOrEqualPortProto iterates over broader or equal port/proto entries in the trie.
-func (msm *mapStateMap) ForEachKeyWithBroaderOrEqualPortProto(key Key, f func(Key, MapStateEntry) bool) {
-	msm.trie.Ancestors(key.PrefixLength(), key, func(prefix uint, lpmKey bitlpm.Key[policyTypes.LPMKey], idSet IDSet) bool {
-		k := Key{
-			LPMKey: lpmKey.Value(),
-		}
-		for id := range idSet {
-			k.Identity = id
-			if !msm.forKey(k, f) {
-				return false
-			}
-		}
-		return true
-	})
-}
+// SubsetKeys iterates over narrower or equal port/proto entries in the trie in an LPM order
+// (least specific match first).
+func (msm *mapStateMap) SubsetKeys(key Key) iter.Seq2[Key, mapStateEntry] {
+	return func(yield func(Key, mapStateEntry) bool) {
+		iter := msm.trie.DescendantShortestPrefixFirstIterator(key.PrefixLength(), key)
+		for ok, lpmKey, idSet := iter.Next(); ok; ok, lpmKey, idSet = iter.Next() {
+			k := Key{LPMKey: lpmKey.Value()}
 
-// ForEachKeyWithNarrowerOrEqualPortProto iterates over narrower or equal port/proto entries in the trie.
-func (msm *mapStateMap) ForEachKeyWithNarrowerOrEqualPortProto(key Key, f func(Key, MapStateEntry) bool) {
-	msm.trie.Descendants(key.PrefixLength(), key, func(prefix uint, lpmKey bitlpm.Key[policyTypes.LPMKey], idSet IDSet) bool {
-		k := Key{
-			LPMKey: lpmKey.Value(),
-		}
-		for id := range idSet {
-			k.Identity = id
-			if !msm.forKey(k, f) {
-				return false
+			// For an ANY key, visit all different keys
+			if key.Identity == 0 {
+				if !msm.forDifferentKeys(key, k, idSet, yield) {
+					return
+				}
+			} else { // key has a specific ID
+				// Visit only keys with the ANY or the same ID, if they exist
+				if !msm.forID(k.WithIdentity(0), idSet, yield) {
+					return
+				}
+				// Else visit the different key with the same identity
+				if !k.PortProtoIsEqual(key) && !msm.forID(k.WithIdentity(key.Identity), idSet, yield) {
+					return
+				}
 			}
 		}
-		return true
-	})
+	}
 }
 
 func (msm *mapStateMap) Len() int {
 	return len(msm.entries)
 }
 
-type MapStateOwner interface{}
-
 // MapStateEntry is the configuration associated with a Key in a
 // MapState. This is a minimized version of policymap.PolicyEntry.
 type MapStateEntry struct {
@@ -425,64 +401,113 @@ type MapStateEntry struct {
 	// Key. Any other value signifies proxy redirection.
 	ProxyPort uint16
 
-	// priority is used to select the Listener if multiple rules would apply different listeners
-	// to a policy map entry. Lower numbers indicate higher priority. If left out, the proxy
-	// port number (10000-20000) is used.
-	priority uint16
-
-	// Listener name for proxy redirection, if any
-	Listener string
-
 	// IsDeny is true when the policy should be denied.
 	IsDeny bool
 
-	// hasAuthType is 'DefaultAuthType' when policy has no explicit AuthType set. In this case the
-	// value of AuthType is derived from more generic entries covering this entry.
-	hasAuthType HasAuthType
-
 	// AuthType is non-zero when authentication is required for the traffic to be allowed.
 	AuthType AuthType
+}
 
-	// DerivedFromRules tracks the policy rules this entry derives from
+// mapSteteEntry is the entry type with additional internal bookkeping of the relation between
+// explicitly and implicitly added entries.
+type mapStateEntry struct {
+	MapStateEntry
+
+	// priority is used to select the proxy port if multiple rules would apply different proxy
+	// ports to a policy map entry. Lower numbers indicate higher priority. If left out, the
+	// proxy port number (10000-20000) is used.
+	priority uint16
+
+	// hasAuthType is 'DefaultAuthType' when policy has no explicit AuthType set. In this case
+	// the value of AuthType is derived from more generic entries covering this entry.
+	hasAuthType HasAuthType
+
+	// derivedFromRules tracks the policy rules this entry derives from.
 	// In sorted order.
-	DerivedFromRules labels.LabelArrayList
+	derivedFromRules labels.LabelArrayList
 
-	// Owners collects the keys in the map and selectors in the policy that require this key to be present.
+	// owners collects the keys in the map and selectors in the policy that require this key to be present.
 	// TODO: keep track which selector needed the entry to be deny, redirect, or just allow.
-	owners map[MapStateOwner]struct{}
+	owners set.Set[MapStateOwner]
 
 	// dependents contains the keys for entries create based on this entry. These entries
 	// will be deleted once all of the owners are deleted.
 	dependents Keys
 }
 
-// NewMapStateEntry creates a map state entry. If redirect is true, the
+// newMapStateEntry creates a map state entry. If redirect is true, the
 // caller is expected to replace the ProxyPort field before it is added to
 // the actual BPF map.
 // 'cs' is used to keep track of which policy selectors need this entry. If it is 'nil' this entry
 // will become sticky and cannot be completely removed via incremental updates. Even in this case
 // the entry may be overridden or removed by a deny entry.
-func NewMapStateEntry(cs MapStateOwner, derivedFrom labels.LabelArrayList, proxyPort uint16, listener string, priority uint16, deny bool, hasAuth HasAuthType, authType AuthType) MapStateEntry {
+func newMapStateEntry(cs MapStateOwner, derivedFrom labels.LabelArrayList, proxyPort uint16, priority uint16, deny bool, hasAuth HasAuthType, authType AuthType) mapStateEntry {
 	if proxyPort == 0 {
-		listener = ""
 		priority = 0
 	} else if priority == 0 {
 		priority = proxyPort // default for tie-breaking
 	}
-	return MapStateEntry{
-		ProxyPort:        proxyPort,
-		Listener:         listener,
+	return mapStateEntry{
+		MapStateEntry: MapStateEntry{
+			ProxyPort: proxyPort,
+			IsDeny:    deny,
+			AuthType:  authType,
+		},
 		priority:         priority,
-		DerivedFromRules: derivedFrom,
-		IsDeny:           deny,
 		hasAuthType:      hasAuth,
-		AuthType:         authType,
-		owners:           map[MapStateOwner]struct{}{cs: {}},
+		derivedFromRules: derivedFrom,
+		owners:           set.NewSet(cs),
 	}
 }
 
+// dependentOf returns a new mapStateEntry that is a copy of 'e', but has 'ownerKey' as the sole
+// owner, and has no dependent keys.
+func (e *mapStateEntry) dependentOf(ownerKey Key) mapStateEntry {
+	return mapStateEntry{
+		MapStateEntry:    e.MapStateEntry,
+		priority:         e.priority,
+		hasAuthType:      e.hasAuthType,
+		derivedFromRules: slices.Clone(e.derivedFromRules),
+		owners:           set.NewSet[MapStateOwner](ownerKey),
+	}
+}
+
+// dependentFrom returns a new mapStateEntry that is a copy of 'e', but has 'ownerKey' as the sole
+// owner, and has no dependent keys.
+func (e mapStateEntry) authOverrideFrom(ownerKey Key, entry *mapStateEntry) mapStateEntry {
+	lbls := slices.Clone(e.derivedFromRules)
+	lbls.MergeSorted(entry.derivedFromRules)
+
+	return mapStateEntry{
+		MapStateEntry:    e.MapStateEntry.WithAuthType(entry.AuthType),
+		priority:         e.priority,
+		hasAuthType:      DefaultAuthType,
+		derivedFromRules: lbls,
+		owners:           set.NewSet[MapStateOwner](ownerKey),
+	}
+}
+
+func (e MapStateEntry) toMapStateEntry(priority uint16, hasAuth HasAuthType, cs MapStateOwner, derivedFrom labels.LabelArrayList) mapStateEntry {
+	if e.ProxyPort == 0 {
+		priority = 0
+	} else if priority == 0 {
+		priority = e.ProxyPort // default for tie-breaking
+	}
+	return mapStateEntry{
+		MapStateEntry:    e,
+		priority:         priority,
+		hasAuthType:      hasAuth,
+		derivedFromRules: derivedFrom,
+		owners:           set.NewSet(cs),
+	}
+}
+
+func (e *mapStateEntry) GetRuleLabels() labels.LabelArrayList {
+	return e.derivedFromRules
+}
+
 // AddDependent adds 'key' to the set of dependent keys.
-func (e *MapStateEntry) AddDependent(key Key) {
+func (e *mapStateEntry) AddDependent(key Key) {
 	if e.dependents == nil {
 		e.dependents = make(Keys, 1)
 	}
@@ -490,7 +515,7 @@ func (e *MapStateEntry) AddDependent(key Key) {
 }
 
 // RemoveDependent removes 'key' from the set of dependent keys.
-func (e *MapStateEntry) RemoveDependent(key Key) {
+func (e *mapStateEntry) RemoveDependent(key Key) {
 	delete(e.dependents, key)
 	// Nil the map when empty. This is mainly to make unit testing easier.
 	if len(e.dependents) == 0 {
@@ -500,33 +525,14 @@ func (e *MapStateEntry) RemoveDependent(key Key) {
 
 // HasDependent returns true if the 'key' is contained
 // within the set of dependent keys
-func (e *MapStateEntry) HasDependent(key Key) bool {
-	if e.dependents == nil {
-		return false
-	}
+func (e *mapStateEntry) HasDependent(key Key) bool {
 	_, ok := e.dependents[key]
 	return ok
 }
 
-// NewMapState creates a new MapState interface
-func NewMapState() MapState {
-	return newMapState()
-}
-
-func (ms *mapState) WithState(initMap MapStateMap) MapState {
-	return ms.withState(initMap)
-}
-
-func (ms *mapState) withState(initMap MapStateMap) *mapState {
-	for k, v := range initMap {
-		ms.insert(k, v)
-	}
-	return ms
-}
-
 func newMapStateMap() mapStateMap {
 	return mapStateMap{
-		entries: make(MapStateMap),
+		entries: make(map[Key]mapStateEntry),
 		trie:    bitlpm.NewTrie[policyTypes.LPMKey, IDSet](policyTypes.MapStatePrefixLen),
 	}
 }
@@ -540,6 +546,15 @@ func newMapState() *mapState {
 
 // Get the MapStateEntry that matches the Key.
 func (ms *mapState) Get(k Key) (MapStateEntry, bool) {
+	v, ok := ms.get(k)
+	if ok {
+		return v.MapStateEntry, ok
+	}
+	return MapStateEntry{}, false
+}
+
+// Get the mapStateEntry that matches the Key.
+func (ms *mapState) get(k Key) (mapStateEntry, bool) {
 	if k.DestPort == 0 && k.PortPrefixLen() > 0 {
 		log.WithFields(logrus.Fields{
 			logfields.Stacktrace: hclog.Stacktrace(),
@@ -553,14 +568,13 @@ func (ms *mapState) Get(k Key) (MapStateEntry, bool) {
 	return ms.allows.Lookup(k)
 }
 
-// insert the Key and matcthing MapStateEntry into the
-// MapState
-func (ms *mapState) insert(k Key, v MapStateEntry) {
+// insert the Key and MapStateEntry into the MapState
+func (ms *mapState) insert(k Key, v mapStateEntry) {
 	if k.DestPort == 0 && k.PortPrefixLen() > 0 {
 		log.WithFields(logrus.Fields{
 			logfields.Stacktrace: hclog.Stacktrace(),
 			logfields.PolicyKey:  k,
-		}).Errorf("mapState.Get: invalid port prefix length for wildcard port")
+		}).Errorf("mapState.insert: invalid port prefix length for wildcard port")
 	}
 	if v.IsDeny {
 		ms.allows.delete(k)
@@ -571,7 +585,27 @@ func (ms *mapState) insert(k Key, v MapStateEntry) {
 	}
 }
 
-// Delete removes the Key an related MapStateEntry.
+// updateExisting re-inserts an existing entry to its map, to be used to persist changes in the
+// entry.
+// NOTE: Only to be used when Key and v.IsDeny has not been changed!
+func (ms *mapState) updateExisting(k Key, v mapStateEntry) {
+	if v.IsDeny {
+		ms.denies.entries[k] = v
+	} else {
+		ms.allows.entries[k] = v
+	}
+}
+
+// deleteExisting removes the Key an related MapStateEntry.
+func (ms *mapState) deleteExisting(k Key, v mapStateEntry) {
+	if v.IsDeny {
+		ms.denies.delete(k)
+	} else {
+		ms.allows.delete(k)
+	}
+}
+
+// delete removes the Key and related MapStateEntry.
 func (ms *mapState) delete(k Key) {
 	ms.allows.delete(k)
 	ms.denies.delete(k)
@@ -583,32 +617,93 @@ func (ms *mapState) ForEach(f func(Key, MapStateEntry) (cont bool)) (complete bo
 	return ms.allows.ForEach(f) && ms.denies.ForEach(f)
 }
 
+// Empty returns 'true' if there are no entries in the map
+func (ms *mapState) Empty() bool {
+	return ms.allows.Len() == 0 && ms.denies.Len() == 0
+}
+
+// forEach iterates over every Key MapStateEntry and stops when the function
+// argument returns false. It returns false iff the iteration was cut short.
+// Used for testing.
+func (ms *mapState) forEach(f func(Key, mapStateEntry) (cont bool)) (complete bool) {
+	return ms.allows.forEach(f) && ms.denies.forEach(f)
+}
+
 // Len returns the length of the map
 func (ms *mapState) Len() int {
 	return ms.allows.Len() + ms.denies.Len()
 }
 
-// Equals determines if this MapState is equal to the
-// argument MapState
-// Only used for testing, but also from the endpoint package!
-func (msA *mapState) Equals(msB MapState) bool {
+// equalsWithLabels determines if this mapState is equal to the
+// argument MapState. Only compares the exported MapStateEntry and derivedFromLabels.
+// Only used for testing.
+func (msA *mapState) equalsWithLabels(msB *mapState) bool {
 	if msA.Len() != msB.Len() {
 		return false
 	}
-	return msA.ForEach(func(kA Key, vA MapStateEntry) bool {
-		vB, ok := msB.Get(kA)
+	return msA.forEach(func(kA Key, vA mapStateEntry) bool {
+		vB, ok := msB.get(kA)
 		return ok && (&vB).DatapathAndDerivedFromEqual(&vA)
 	})
 }
 
+// Equals determines if this MapState is equal to the
+// argument (exported) MapStateMap
+// Only used for testing from other packages.
+func (msA *mapState) Equals(msB MapStateMap) bool {
+	if msA.Len() != len(msB) {
+		return false
+	}
+	return msA.forEach(func(kA Key, vA mapStateEntry) bool {
+		vB, ok := msB[kA]
+		return ok && vB == vA.MapStateEntry
+	})
+}
+
+// deepEquals determines if this MapState is equal to the argument MapState.
+// Only used for testing.
+func (msA *mapState) deepEquals(msB *mapState) bool {
+	if msA.Len() != msB.Len() {
+		return false
+	}
+	return msA.forEach(func(kA Key, vA mapStateEntry) bool {
+		vB, ok := msB.get(kA)
+		return ok && (&vB).deepEqual(&vA)
+	})
+}
+
 // Diff returns the string of differences between 'obtained' and 'expected' prefixed with
 // '+ ' or '- ' for obtaining something unexpected, or not obtaining the expected, respectively.
+// For use in debugging from other packages.
+func (obtained *mapState) Diff(expected MapStateMap) (res string) {
+	res += "Missing (-), Unexpected (+):\n"
+	for kE, vE := range expected {
+		if vO, ok := obtained.get(kE); ok {
+			if vO.MapStateEntry != vE {
+				res += "- " + kE.String() + ": " + vE.String() + "\n"
+				res += "+ " + kE.String() + ": " + vO.MapStateEntry.String() + "\n"
+			}
+		} else {
+			res += "- " + kE.String() + ": " + vE.String() + "\n"
+		}
+	}
+	obtained.ForEach(func(kO Key, vO MapStateEntry) bool {
+		if _, ok := expected[kO]; !ok {
+			res += "+ " + kO.String() + ": " + vO.String() + "\n"
+		}
+		return true
+	})
+	return res
+}
+
+// diff returns the string of differences between 'obtained' and 'expected' prefixed with
+// '+ ' or '- ' for obtaining something unexpected, or not obtaining the expected, respectively.
 // For use in debugging.
-func (obtained *mapState) Diff(expected MapState) (res string) {
+func (obtained *mapState) diff(expected *mapState) (res string) {
 	res += "Missing (-), Unexpected (+):\n"
-	expected.ForEach(func(kE Key, vE MapStateEntry) bool {
-		if vO, ok := obtained.Get(kE); ok {
-			if !(&vO).DatapathAndDerivedFromEqual(&vE) {
+	expected.forEach(func(kE Key, vE mapStateEntry) bool {
+		if vO, ok := obtained.get(kE); ok {
+			if !(&vO).deepEqual(&vE) {
 				res += "- " + kE.String() + ": " + vE.String() + "\n"
 				res += "+ " + kE.String() + ": " + vO.String() + "\n"
 			}
@@ -617,9 +712,9 @@ func (obtained *mapState) Diff(expected MapState) (res string) {
 		}
 		return true
 	})
-	obtained.ForEach(func(kE Key, vE MapStateEntry) bool {
-		if _, ok := expected.Get(kE); !ok {
-			res += "+ " + kE.String() + ": " + vE.String() + "\n"
+	obtained.forEach(func(kO Key, vO mapStateEntry) bool {
+		if _, ok := expected.get(kO); !ok {
+			res += "+ " + kO.String() + ": " + vO.String() + "\n"
 		}
 		return true
 	})
@@ -635,14 +730,13 @@ func (ms *mapState) AddDependent(owner Key, dependent Key, changes ChangeState)
 	}
 }
 
-// addDependentOnEntry adds 'dependent' to the set of dependent keys of 'e'.
-func (ms *mapState) addDependentOnEntry(owner Key, e MapStateEntry, dependent Key, changes ChangeState) {
+// addDependentOnEntry adds 'dependent' to the set of dependent keys of 'e', where 'e' already
+// exists in 'ms'.
+func (ms *mapState) addDependentOnEntry(owner Key, e mapStateEntry, dependent Key, changes ChangeState) {
 	if _, exists := e.dependents[dependent]; !exists {
-		if changes.Old != nil {
-			changes.Old[owner] = e
-		}
+		changes.insertOldIfNotExists(owner, e)
 		e.AddDependent(dependent)
-		ms.insert(owner, e)
+		ms.updateExisting(owner, e)
 	}
 }
 
@@ -665,17 +759,17 @@ func (ms *mapState) RemoveDependent(owner Key, dependent Key, changes ChangeStat
 	}
 }
 
-// Merge adds owners, dependents, and DerivedFromRules from a new 'entry' to an existing
+// merge adds owners, dependents, and DerivedFromRules from a new 'entry' to an existing
 // entry 'e'. 'entry' is not modified.
 // Merge is only called if both entries are allow or deny entries, so deny precedence is not
 // considered here.
 // ProxyPort, and AuthType are merged by giving precedence to proxy redirection over no proxy
 // redirection, and explicit auth type over default auth type.
-func (e *MapStateEntry) Merge(entry *MapStateEntry) {
+func (e *mapStateEntry) merge(entry *mapStateEntry) {
 	// Bail out loudly if both entries are not denies or allows
 	if e.IsDeny != entry.IsDeny {
 		log.WithField(logfields.Stacktrace, hclog.Stacktrace()).
-			Errorf("MapStateEntry.Merge: both entries must be allows or denies")
+			Errorf("MapStateEntry.merge: both entries must be allows or denies")
 		return
 	}
 	// Only allow entries have proxy redirection or auth requirement
@@ -687,7 +781,6 @@ func (e *MapStateEntry) Merge(entry *MapStateEntry) {
 			// Proxy port value is the tie-breaker when priorities have the same value.
 			if !e.IsRedirectEntry() || entry.priority < e.priority || entry.priority == e.priority && entry.ProxyPort < e.ProxyPort {
 				e.ProxyPort = entry.ProxyPort
-				e.Listener = entry.Listener
 				e.priority = entry.priority
 			}
 		}
@@ -708,12 +801,7 @@ func (e *MapStateEntry) Merge(entry *MapStateEntry) {
 		}
 	}
 
-	if e.owners == nil && len(entry.owners) > 0 {
-		e.owners = make(map[MapStateOwner]struct{}, len(entry.owners))
-	}
-	for k, v := range entry.owners {
-		e.owners[k] = v
-	}
+	e.owners.Merge(entry.owners)
 
 	// merge dependents
 	for k := range entry.dependents {
@@ -721,8 +809,8 @@ func (e *MapStateEntry) Merge(entry *MapStateEntry) {
 	}
 
 	// merge DerivedFromRules
-	if len(entry.DerivedFromRules) > 0 {
-		e.DerivedFromRules.MergeSorted(entry.DerivedFromRules)
+	if len(entry.derivedFromRules) > 0 {
+		e.derivedFromRules.MergeSorted(entry.derivedFromRules)
 	}
 }
 
@@ -731,55 +819,37 @@ func (e *MapStateEntry) IsRedirectEntry() bool {
 	return e.ProxyPort != 0
 }
 
-// DatapathEqual returns true of two entries are equal in the datapath's PoV,
-// i.e., IsDeny, ProxyPort and AuthType are the same for both entries.
-func (e *MapStateEntry) DatapathEqual(o *MapStateEntry) bool {
-	if e == nil || o == nil {
-		return e == o
-	}
-
-	return e.IsDeny == o.IsDeny && e.ProxyPort == o.ProxyPort && e.AuthType == o.AuthType
-}
-
 // DatapathAndDerivedFromEqual returns true of two entries are equal in the datapath's PoV,
 // i.e., IsDeny, ProxyPort and AuthType are the same for both entries, and the DerivedFromRules
 // fields are also equal.
 // This is used for testing only via mapState.Equal and mapState.Diff.
-func (e *MapStateEntry) DatapathAndDerivedFromEqual(o *MapStateEntry) bool {
+func (e *mapStateEntry) DatapathAndDerivedFromEqual(o *mapStateEntry) bool {
 	if e == nil || o == nil {
 		return e == o
 	}
 
-	return e.IsDeny == o.IsDeny && e.ProxyPort == o.ProxyPort && e.AuthType == o.AuthType &&
-		e.DerivedFromRules.DeepEqual(&o.DerivedFromRules)
+	return e.MapStateEntry == o.MapStateEntry && e.derivedFromRules.DeepEqual(&o.derivedFromRules)
 }
 
 // DeepEqual is a manually generated deepequal function, deeply comparing the
 // receiver with other. in must be non-nil.
 // Defined manually due to deepequal-gen not supporting interface types.
-// 'cachedNets' member is ignored in comparison, as it is a cached value and
-// makes no functional difference.
-func (e *MapStateEntry) DeepEqual(o *MapStateEntry) bool {
-	if !e.DatapathEqual(o) {
+func (e *mapStateEntry) deepEqual(o *mapStateEntry) bool {
+	if e.MapStateEntry != o.MapStateEntry {
 		return false
 	}
 
-	if e.Listener != o.Listener || e.priority != o.priority {
+	if e.priority != o.priority {
 		return false
 	}
 
-	if !e.DerivedFromRules.DeepEqual(&o.DerivedFromRules) {
+	if !e.derivedFromRules.DeepEqual(&o.derivedFromRules) {
 		return false
 	}
 
-	if len(e.owners) != len(o.owners) {
+	if !e.owners.Equal(o.owners) {
 		return false
 	}
-	for k := range o.owners {
-		if _, exists := e.owners[k]; !exists {
-			return false
-		}
-	}
 
 	if len(e.dependents) != len(o.dependents) {
 		return false
@@ -790,65 +860,64 @@ func (e *MapStateEntry) DeepEqual(o *MapStateEntry) bool {
 		}
 	}
 
-	// ignoring cachedNets
-
 	return true
 }
 
+func (e MapStateEntry) WithAuthType(authType AuthType) MapStateEntry {
+	e.AuthType = authType
+	return e
+}
+
 // String returns a string representation of the MapStateEntry
 func (e MapStateEntry) String() string {
 	return "ProxyPort=" + strconv.FormatUint(uint64(e.ProxyPort), 10) +
-		",Listener=" + e.Listener +
 		",IsDeny=" + strconv.FormatBool(e.IsDeny) +
-		",AuthType=" + e.AuthType.String() +
-		",DerivedFromRules=" + fmt.Sprintf("%v", e.DerivedFromRules)
+		",AuthType=" + e.AuthType.String()
 }
 
-// denyPreferredInsert inserts a key and entry into the map by given preference
-// to deny entries, and L3-only deny entries over L3-L4 allows.
-// This form may be used when a full policy is computed and we are not yet interested
-// in accumulating incremental changes.
-// Caller may insert the same MapStateEntry multiple times for different Keys, but all from the same
-// owner.
-func (ms *mapState) denyPreferredInsert(newKey Key, newEntry MapStateEntry, features policyFeatures) {
-	// Enforce nil values from NewMapStateEntry
-	newEntry.dependents = nil
-
-	ms.denyPreferredInsertWithChanges(newKey, newEntry, features, ChangeState{})
+// String returns a string representation of the MapStateEntry
+func (e mapStateEntry) String() string {
+	return e.MapStateEntry.String() +
+		",derivedFromRules=" + fmt.Sprintf("%v", e.derivedFromRules) +
+		",priority=" + strconv.FormatUint(uint64(e.priority), 10) +
+		",owners=" + e.owners.String() +
+		",dependents=" + fmt.Sprintf("%v", e.dependents)
 }
 
 // addKeyWithChanges adds a 'key' with value 'entry' to 'keys' keeping track of incremental changes in 'adds' and 'deletes', and any changed or removed old values in 'old', if not nil.
-func (ms *mapState) addKeyWithChanges(key Key, entry MapStateEntry, changes ChangeState) {
+func (ms *mapState) addKeyWithChanges(key Key, entry mapStateEntry, changes ChangeState) bool {
 	// Keep all owners that need this entry so that it is deleted only if all the owners delete their contribution
 	var datapathEqual bool
-	oldEntry, exists := ms.Get(key)
+	oldEntry, exists := ms.get(key)
 	// Only merge if both old and new are allows or denies
 	if exists && (oldEntry.IsDeny == entry.IsDeny) {
 		// Do nothing if entries are equal
-		if entry.DeepEqual(&oldEntry) {
-			return // nothing to do
+		if entry.deepEqual(&oldEntry) {
+			return false // nothing to do
 		}
 
 		// Save old value before any changes, if desired
-		if changes.Old != nil {
-			changes.insertOldIfNotExists(key, oldEntry)
-		}
+		changes.insertOldIfNotExists(key, oldEntry)
 
 		// Compare for datapath equalness before merging, as the old entry is updated in
 		// place!
-		datapathEqual = oldEntry.DatapathEqual(&entry)
-
-		oldEntry.Merge(&entry)
-		ms.insert(key, oldEntry)
+		datapathEqual = oldEntry.MapStateEntry == entry.MapStateEntry
+		oldEntry.merge(&entry)
+		ms.updateExisting(key, oldEntry)
 	} else if !exists || entry.IsDeny {
 		// Insert a new entry if one did not exist or a deny entry is overwriting an allow
 		// entry.
-		// Newly inserted entries must have their own containers, so that they
-		// remain separate when new owners/dependents are added to existing entries
-		entry.DerivedFromRules = slices.Clone(entry.DerivedFromRules)
-		entry.owners = maps.Clone(entry.owners)
-		entry.dependents = maps.Clone(entry.dependents)
+
+		// Save old value before any changes, if any
+		if exists {
+			changes.insertOldIfNotExists(key, oldEntry)
+		}
+
+		// Callers already have cloned the containers, no need to do it again here
 		ms.insert(key, entry)
+	} else {
+		// Do not record and incremental add if nothing was done
+		return false
 	}
 
 	// Record an incremental Add if desired and entry is new or changed
@@ -859,30 +928,38 @@ func (ms *mapState) addKeyWithChanges(key Key, entry MapStateEntry, changes Chan
 			delete(changes.Deletes, key)
 		}
 	}
+
+	return true
 }
 
-// deleteKeyWithChanges deletes a 'key' from 'keys' keeping track of incremental changes in 'adds' and 'deletes'.
-// The key is unconditionally deleted if 'cs' is nil, otherwise only the contribution of this 'cs' is removed.
+// deleteKeyWithChanges deletes a 'key' from 'keys' keeping track of incremental changes in 'adds'
+// and 'deletes'.
+// The key is unconditionally deleted if 'owner' is nil, otherwise only the contribution of this
+// 'owner' is removed.
 func (ms *mapState) deleteKeyWithChanges(key Key, owner MapStateOwner, changes ChangeState) {
-	if entry, exists := ms.Get(key); exists {
+	if entry, exists := ms.get(key); exists {
 		// Save old value before any changes, if desired
 		oldAdded := changes.insertOldIfNotExists(key, entry)
 		if owner != nil {
-			// remove the contribution of the given selector only
-			if _, exists = entry.owners[owner]; exists {
-				// Remove the contribution of this selector from the entry
-				delete(entry.owners, owner)
+			if entry.owners.Has(owner) {
+				// remove this owner from entry's owners
+				changed := entry.owners.Remove(owner)
+				// Remove the dependency from the owner Key
 				if ownerKey, ok := owner.(Key); ok {
 					ms.RemoveDependent(ownerKey, key, changes)
 				}
 				// key is not deleted if other owners still need it
-				if len(entry.owners) > 0 {
+				if entry.owners.Len() > 0 {
+					if changed {
+						// re-insert entry due to owner change
+						ms.updateExisting(key, entry)
+					}
 					return
 				}
 			} else {
 				// 'owner' was not found, do not change anything
 				if oldAdded {
-					delete(changes.Old, key)
+					delete(changes.old, key)
 				}
 				return
 			}
@@ -892,12 +969,8 @@ func (ms *mapState) deleteKeyWithChanges(key Key, owner MapStateOwner, changes C
 		// Owner is nil when deleting more specific entries (e.g., L3/L4) when
 		// adding deny entries that cover them (e.g., L3-deny).
 		if owner == nil {
-			for owner := range entry.owners {
-				if owner != nil {
-					if ownerKey, ok := owner.(Key); ok {
-						ms.RemoveDependent(ownerKey, key, changes)
-					}
-				}
+			for ownerKey := range set.MembersOfType[Key](entry.owners) {
+				ms.RemoveDependent(ownerKey, key, changes)
 			}
 		}
 
@@ -913,8 +986,8 @@ func (ms *mapState) deleteKeyWithChanges(key Key, owner MapStateOwner, changes C
 			}
 		}
 
-		ms.allows.delete(key)
-		ms.denies.delete(key)
+		// delete entry from the map it exists in
+		ms.deleteExisting(key, entry)
 	}
 }
 
@@ -926,321 +999,161 @@ func (ms *mapState) revertChanges(changes ChangeState) {
 		ms.denies.delete(k)
 	}
 	// 'old' contains all the original values of both modified and deleted entries
-	for k, v := range changes.Old {
+	for k, v := range changes.old {
 		ms.insert(k, v)
 	}
 }
 
-// denyPreferredInsertWithChanges contains the most important business logic for policy insertions. It inserts
-// a key and entry into the map by giving preference to deny entries, and L3-only deny entries over L3-L4 allows.
-// Incremental changes performed are recorded in 'adds' and 'deletes', if not nil.
-// See https://docs.google.com/spreadsheets/d/1WANIoZGB48nryylQjjOw6lKjI80eVgPShrdMTMalLEw#gid=2109052536 for details
-func (ms *mapState) denyPreferredInsertWithChanges(newKey Key, newEntry MapStateEntry, features policyFeatures, changes ChangeState) {
-	// Sanity check on the newKey
-	if newKey.TrafficDirection() >= trafficdirection.Invalid {
-		log.WithFields(logrus.Fields{
-			logfields.Stacktrace:       hclog.Stacktrace(),
-			logfields.TrafficDirection: newKey.TrafficDirection,
-		}).Errorf("mapState.denyPreferredInsertWithChanges: invalid traffic direction in key")
-		return
+// insertDependentOfKey adds a dependent entry to 'k' with the more specific port/proto of 'newKey'
+// to ensure 'v' takes precedence.
+// Called only for 'k' with specific identity and with broader protocol/port than l4-only 'newKey'.
+func (ms *mapState) insertDependentOfKey(k Key, v mapStateEntry, newKey Key, changes ChangeState) {
+	// Compute narrower 'key' with identity of 'k'
+	key := newKey.WithIdentity(k.Identity)
+	if ms.addKeyWithChanges(key, v.dependentOf(k), changes) {
+		ms.addDependentOnEntry(k, v, key, changes)
 	}
-	// Skip deny rules processing if the policy in this direction has no deny rules
-	if !features.contains(denyRules) {
-		ms.authPreferredInsert(newKey, newEntry, features, changes)
-		return
+}
+
+// insertDependentOfNewKey adds a dependent entry to 'newKey' with the more specific port/proto of
+// 'k' to ensure 'newEntry' takes precedence.
+// Called only for L4-only 'k' with narrower protocol/port than 'newKey' with a specific identity.
+func (ms *mapState) insertDependentOfNewKey(newKey Key, newEntry *mapStateEntry, k Key, changes ChangeState) {
+	// Compute narrower 'key' with identity of 'newKey'
+	key := k.WithIdentity(newKey.Identity)
+	if ms.addKeyWithChanges(key, newEntry.dependentOf(newKey), changes) {
+		newEntry.AddDependent(key)
 	}
+}
 
-	// If we have a deny "all" we don't accept any kind of map entry.
-	if _, ok := ms.denies.Lookup(allKey[newKey.TrafficDirection()]); ok {
-		return
+// insertAuthOverrideFromKey adds a dependent entry to 'k' with the more specific port/proto of
+// 'newKey' and with override auth type from 'v' to ensure auth type of 'v' is used for identity of
+// 'k' also when the traffic matches the L4-only 'newKey'.
+// Called only for 'k' with specific identity and with broader protocol/port than L4-only 'newKey'.
+func (ms *mapState) insertAuthOverrideFromKey(k Key, v mapStateEntry, newKey Key, newEntry mapStateEntry, changes ChangeState) {
+	// Compute narrower 'key' with identity of 'k'
+	key := newKey.WithIdentity(k.Identity)
+	if ms.addKeyWithChanges(key, newEntry.authOverrideFrom(k, &v), changes) {
+		ms.addDependentOnEntry(k, v, key, changes)
 	}
+}
 
-	// Since bpf datapath denies by default, we only need to add deny entries to carve out more
-	// specific holes to less specific allow rules. But since we don't if allow entries will be
-	// added later (e.g., incrementally due to FQDN rules), we must generally add deny entries
-	// even if there are no allow entries yet.
-
-	// Datapath matches security IDs exactly, or completely wildcards them (ID == 0). Datapath
-	// has no LPM/CIDR logic for security IDs. We use LPM/CIDR logic here to find out if allow
-	// entries are "covered" by deny entries and change them to deny entries if so. We can not
-	// rely on the default deny as a broad allow could be added later.
-
-	// We cannot update the map while we are
-	// iterating through it, so we record the
-	// changes to be made and then apply them.
-	// Additionally, we need to perform deletes
-	// first so that deny entries do not get
-	// merged with allows that are set to be
-	// deleted.
-	var (
-		updates []MapChange
-		deletes []Key
-	)
-	if newEntry.IsDeny {
-		// Test for bailed case first so that we avoid unnecessary computation if entry is
-		// not going to be added.
-		bailed := false
-		// If there is an ANY or equal deny key, then do not add a more specific one.
-		// A narrower of two deny keys is redundant in the datapath only if the broader ID
-		// is 0, or the IDs are the same. This is because the ID will be assigned from the
-		// ipcache and datapath has no notion of one ID being related to another.
-		ms.denies.ForEachBroaderOrEqualDatapathKey(newKey, func(k Key, v MapStateEntry) bool {
-			// Identical key needs to be added if the entries are different (to merge
-			// them).
-			if k != newKey || v.DeepEqual(&newEntry) {
-				// If the ID of this iterated-deny-entry is ANY or equal of
-				// the new-entry and the iterated-deny-entry has a broader (or
-				// equal) port-protocol then we need not insert the new entry.
-				bailed = true
-				return false
+// insertAuthOverrideKey adds a dependent entry to 'newKey' with the more specific port/proto of 'k'
+// and with override auth type from 'newEntry' to ensure auth type of 'newEntry' is used for
+// identity of 'newKey' also when the traffic matches the L4-only 'k'.
+// Called only for L4-only 'k' with narrower protocol/port than 'newKey' with a specific identity.
+func (ms *mapState) insertAuthOverrideFromNewKey(newKey Key, newEntry *mapStateEntry, k Key, v mapStateEntry, changes ChangeState) {
+	// Compute narrower 'key' with identity of 'newKey'
+	key := k.WithIdentity(newKey.Identity)
+	if ms.addKeyWithChanges(key, v.authOverrideFrom(newKey, newEntry), changes) {
+		newEntry.AddDependent(key)
+	}
+}
+
+func (ms *mapState) insertWithChanges(key Key, entry mapStateEntry, features policyFeatures, changes ChangeState) {
+	ms.denyPreferredInsertWithChanges(key, entry, features, changes)
+}
+
+// denyPreferredInsertWithChanges contains the most important business logic for policy
+// insertions. It inserts a key and entry into the map by giving preference to deny entries, and
+// L3-only deny entries over L3-L4 allows.
+//
+// Since bpf datapath denies by default, we only need to add deny entries to carve out more specific
+// holes to less specific allow rules. But since we don't if allow entries will be added later
+// (e.g., incrementally due to FQDN rules), we must generally add deny entries even if there are no
+// allow entries yet.
+//
+// Note on bailed or deleted entries: In general, if we bail out due to being covered by an existing
+// entry, or delete an entry due to being covered by the new one, we would want this action reversed
+// if the existing entry or this new one is incremantally removed, respectively.
+// Generally, whenever a deny entry covers an allow entry (i.e., covering key has broader or equal
+// protocol/port, and the keys have the same identity, or the covering key has wildcard identity (ID
+// == 0)).
+// Secondly, only keys with a specific identity (ID != 0) can be incrementally added or deleted.
+// Finally, due to the selector cache being transactional, when an identity is removed, all keys
+// with that identity are incrementally deleted.
+// Hence, if a covering key is incrementally deleted, it is a key with a specific identity, and all
+// keys covered by it will be deleted as well, so there is no situation where this bailed-out or
+// deleted key should be reinstated due to the covering key being incrementally deleted.
+//
+// Note on added dependent L3/4 entries: Since the datapath always gives precedence to the matching
+// entry with the most specific L4 (narrower protocol/port), we need to add L3/4 entries e.g., when
+// precedence would be given to a narrower allow entry with the wildcard identity (L4-only key),
+// while precedence should be given to the deny entry with a specific identity and broader L4 when
+// the given packet matches both of them. To force the datapath to give precedence to the deny entry
+// we add a new dependent deny entry with the identity of the (broader) deny entry and the L4
+// protocol and port of the (narrower) L4-only key. The added key is marked as a dependent entry of
+// the key with a specific identity (rather than the l4-only key), so that the dependent added entry
+// is also deleted when the identity of its owner key is (incrementally) removed.
+//
+// Incremental changes performed are recorded in 'changes'.
+func (ms *mapState) denyPreferredInsertWithChanges(newKey Key, newEntry mapStateEntry, features policyFeatures, changes ChangeState) {
+	// Bail if covered by a deny key
+	if !ms.denies.Empty() {
+		for k := range ms.denies.BroaderOrEqualKeys(newKey) {
+			// Identical deny key needs to be added to merge their entries.
+			if k != newKey || !newEntry.IsDeny {
+				return
 			}
-			return true
-		})
-		if bailed {
-			return
 		}
+	}
 
-		// Deny takes precedence for the port/proto of the newKey
-		// for each allow with broader port/proto and narrower ID.
-		ms.allows.ForEachBroaderKeyWithNarrowerID(newKey, func(k Key, v MapStateEntry) bool {
-			// If newKey is a superset of the iterated allow key and newKey has
-			// a less specific port-protocol than the iterated allow key then an
-			// additional deny entry with port/proto of newKey and with the
-			// identity of the iterated allow key must be added.
-			denyKeyCpy := newKey
-			denyKeyCpy.Identity = k.Identity
-			l3l4DenyEntry := NewMapStateEntry(newKey, newEntry.DerivedFromRules, 0, "", 0, true, DefaultAuthType, AuthTypeDisabled)
-			updates = append(updates, MapChange{
-				Add:   true,
-				Key:   denyKeyCpy,
-				Value: l3l4DenyEntry,
-			})
-			return true
-		})
-
-		// Only a non-wildcard key can have a wildcard superset key
-		if newKey.Identity != 0 {
-			ms.allows.ForEachNarrowerKeyWithBroaderID(newKey, func(k Key, v MapStateEntry) bool {
-				// If this iterated-allow-entry is a wildcard superset of the new-entry
-				// and it has a more specific port-protocol than the new-entry
-				// then an additional copy of the new deny entry with the more
-				// specific port-protocol of the iterated-allow-entry must be inserted.
-				if k.Identity != 0 {
-					return true // skip non-wildcard
-				}
-				newKeyCpy := k
-				newKeyCpy.Identity = newKey.Identity
-				l3l4DenyEntry := NewMapStateEntry(newKey, newEntry.DerivedFromRules, 0, "", 0, true, DefaultAuthType, AuthTypeDisabled)
-				updates = append(updates, MapChange{
-					Add:   true,
-					Key:   newKeyCpy,
-					Value: l3l4DenyEntry,
-				})
-				return true
-			})
+	if newEntry.IsDeny {
+		// Delete covered allow entries.
+		for k := range ms.allows.NarrowerOrEqualKeys(newKey) {
+			ms.deleteKeyWithChanges(k, nil, changes)
+		}
+		// Delete covered deny entries, except for identical keys that need to be merged.
+		for k := range ms.denies.NarrowerKeys(newKey) {
+			ms.deleteKeyWithChanges(k, nil, changes)
 		}
 
-		ms.allows.ForEachNarrowerOrEqualKey(newKey, func(k Key, v MapStateEntry) bool {
-			// If newKey has a broader (or equal) port-protocol and the newKey's
-			// identity is a superset (or same) of the iterated identity, then we should
-			// either delete the iterated-allow-entry (if the identity is the same or
-			// the newKey is L3 wildcard), or change it to a deny entry otherwise
-			if newKey.Identity == 0 || newKey.Identity == k.Identity {
-				deletes = append(deletes, k)
-			} else {
-				// When newKey.Identity is not ANY and is different from the subset
-				// key, we must keep the subset key and make it a deny instead.
-				// Note that these security identities have no numerical relation to
-				// each other (e.g, they could be any numbers X and Y) and the
-				// datapath does an exact match on them.
-				l3l4DenyEntry := NewMapStateEntry(newKey, newEntry.DerivedFromRules, 0, "", 0, true, DefaultAuthType, AuthTypeDisabled)
-				updates = append(updates, MapChange{
-					Add:   true,
-					Key:   k,
-					Value: l3l4DenyEntry,
-				})
-			}
-			return true
-		})
-		// Not adding the new L3/L4 deny entries yet so that we do not need to worry about
-		// them below.
-
-		ms.denies.ForEachNarrowerOrEqualDatapathKey(newKey, func(k Key, v MapStateEntry) bool {
-			// Identical key needs to remain if owners are different to merge them
-			if k != newKey || v.DeepEqual(&newEntry) {
-				// If this iterated-deny-entry is a subset (or equal) of the
-				// new-entry and the new-entry has a broader (or equal)
-				// port-protocol the newKey will match all the packets the iterated
-				// key would, given that there are no more specific or L4-only allow
-				// entries, and then we can delete the iterated-deny-entry.
-				deletes = append(deletes, k)
+		// Add L3/4 deny entry for each more specific allow key with the wildcard identity
+		// as the more specific allow would otherwise take precedence in the datapath over
+		// the less specific 'newKey' with a specific identity.
+		//
+		// Skip when 'newKey' has no port wildcarding, as then there can't be any narrower
+		// keys.
+		if newKey.Identity != 0 && newKey.HasPortWildcard() {
+			for k := range ms.allows.NarrowerKeysWithWildcardID(newKey) {
+				ms.insertDependentOfNewKey(newKey, &newEntry, k, changes)
 			}
-			return true
-		})
-
-		for _, key := range deletes {
-			ms.deleteKeyWithChanges(key, nil, changes)
-		}
-		for _, update := range updates {
-			ms.addKeyWithChanges(update.Key, update.Value, changes)
-			// L3-only entries can be deleted incrementally so we need to track their
-			// effects on other entries so that those effects can be reverted when the
-			// identity is removed.
-			newEntry.AddDependent(update.Key)
 		}
-		ms.addKeyWithChanges(newKey, newEntry, changes)
 	} else {
+		// newEntry is an allow entry.
 		// NOTE: We do not delete redundant allow entries.
-		var dependents []MapChange
-
-		// Test for bailed case first so that we avoid unnecessary computation if entry is
-		// not going to be added, or is going to be changed to a deny entry.
-		bailed := false
-		insertAsDeny := false
-		var denyEntry MapStateEntry
-		ms.denies.ForEachBroaderOrEqualKey(newKey, func(k Key, v MapStateEntry) bool {
-			// If the iterated-deny-entry is a wildcard or has the same identity then it
-			// can be bailed out.
-			if k.Identity == 0 || k.Identity == newKey.Identity {
-				bailed = true
-				return false
-			}
-			// if any deny key covers this new allow key, then it needs to be inserted
-			// as deny, if not bailed out.
-			if !insertAsDeny {
-				insertAsDeny = true
-				denyEntry = NewMapStateEntry(k, v.DerivedFromRules, 0, "", 0, true, DefaultAuthType, AuthTypeDisabled)
-			} else {
-				// Collect the owners and labels of all the contributing deny rules
-				denyEntry.Merge(&v)
-			}
-			return true
-		})
-		if bailed {
-			return
-		}
-		if insertAsDeny {
-			ms.authPreferredInsert(newKey, denyEntry, features, changes)
-			return
-		}
 
-		// Deny takes precedence for the identity of the newKey and the port/proto of the
-		// iterated narrower port/proto due to broader ID (CIDR or ANY)
-		ms.denies.ForEachNarrowerKeyWithBroaderID(newKey, func(k Key, v MapStateEntry) bool {
-			// If the new-entry is a subset of the iterated-deny-entry
-			// and the new-entry has a less specific port-protocol than the
-			// iterated-deny-entry then an additional copy of the iterated-deny-entry
-			// with the identity of the new-entry must be added.
-			denyKeyCpy := k
-			denyKeyCpy.Identity = newKey.Identity
-			l3l4DenyEntry := NewMapStateEntry(k, v.DerivedFromRules, 0, "", 0, true, DefaultAuthType, AuthTypeDisabled)
-			updates = append(updates, MapChange{
-				Add:   true,
-				Key:   denyKeyCpy,
-				Value: l3l4DenyEntry,
-			})
-			// L3-only entries can be deleted incrementally so we need to track their
-			// effects on other entries so that those effects can be reverted when the
-			// identity is removed.
-			dependents = append(dependents, MapChange{
-				Key:   k,
-				Value: v,
-			})
-			return true
-		})
-
-		if newKey.Identity == 0 {
-			ms.denies.ForEachBroaderKeyWithNarrowerID(newKey, func(k Key, v MapStateEntry) bool {
-				// If the new-entry is a wildcard superset of the iterated-deny-entry
-				// and the new-entry has a more specific port-protocol than the
-				// iterated-deny-entry then an additional copy of the iterated-deny-entry
-				// with the more specific port-porotocol of the new-entry must
-				// be added.
-				denyKeyCpy := newKey
-				denyKeyCpy.Identity = k.Identity
-				l3l4DenyEntry := NewMapStateEntry(k, v.DerivedFromRules, 0, "", 0, true, DefaultAuthType, AuthTypeDisabled)
-				updates = append(updates, MapChange{
-					Add:   true,
-					Key:   denyKeyCpy,
-					Value: l3l4DenyEntry,
-				})
-				// L3-only entries can be deleted incrementally so we need to track their
-				// effects on other entries so that those effects can be reverted when the
-				// identity is removed.
-				dependents = append(dependents, MapChange{
-					Key:   k,
-					Value: v,
-				})
-				return true
-			})
+		// Avoid allocs in this block if there are no deny enties
+		if !ms.denies.Empty() {
+			// Add L3/4 deny entries for broader deny keys with a specific identity as
+			// the narrower L4-only allow would otherwise take precedence in the
+			// datapath.
+			if newKey.Identity == 0 && newKey.Nexthdr != 0 { // L4-only newKey
+				for k, v := range ms.denies.BroaderKeysWithSpecificID(newKey) {
+					ms.insertDependentOfKey(k, v, newKey, changes)
+				}
+			}
 		}
 
-		for i, update := range updates {
-			if update.Add {
-				ms.addKeyWithChanges(update.Key, update.Value, changes)
-				dep := dependents[i]
-				ms.addDependentOnEntry(dep.Key, dep.Value, update.Key, changes)
-			}
+		// Checking for auth feature here is faster than calling 'authPreferredInsert' and
+		// checking for it there.
+		if features.contains(authRules) {
+			ms.authPreferredInsert(newKey, newEntry, changes)
+			return
 		}
-		ms.authPreferredInsert(newKey, newEntry, features, changes)
 	}
+
+	ms.addKeyWithChanges(newKey, newEntry, changes)
 }
 
-// IsSuperSetOf checks if the receiver Key is a superset of the argument Key, and returns a
-// specificity score of the receiver key (higher score is more specific), if so. Being a superset
-// means that the receiver key would match all the traffic of the argument key without being the
-// same key. Hence, a L3-only key is not a superset of a L4-only key, as the L3-only key would match
-// the traffic for the given L3 only, while the L4-only key matches traffic on the given port for
-// all the L3's.
-// Returns 0 if the receiver key is not a superset of the argument key.
-//
-// Specificity score for all possible superset wildcard patterns. Datapath requires proto to be specified if port is specified.
-// x. L3/proto/port
-//  1. */*/*
-//  2. */proto/*
-//  3. */proto/port
-//  4. ID/*/*
-//  5. ID/proto/*
-//     ( ID/proto/port can not be superset of anything )
-func IsSuperSetOf(k, other Key) int {
-	if k.TrafficDirection() != other.TrafficDirection() {
-		return 0 // TrafficDirection must match for 'k' to be a superset of 'other'
-	}
-	if k.Identity == 0 {
-		if other.Identity == 0 {
-			if k.Nexthdr == 0 { // k.DestPort == 0 is implied
-				if other.Nexthdr != 0 {
-					return 1 // */*/* is a superset of */proto/x
-				} // else both are */*/*
-			} else if k.Nexthdr == other.Nexthdr {
-				if k.PortIsBroader(other) {
-					return 2 // */proto/* is a superset of */proto/port
-				} // else more specific or different ports
-			} // else more specific or different protocol
-		} else {
-			// Wildcard L3 is a superset of a specific L3 only if wildcard L3 is also wildcard L4, or the L4's match between the keys
-			if k.Nexthdr == 0 { // k.DestPort == 0 is implied
-				return 1 // */*/* is a superset of ID/x/x
-			} else if k.Nexthdr == other.Nexthdr {
-				if k.PortIsBroader(other) {
-					return 2 // */proto/* is a superset of ID/proto/x
-				} else if k.PortIsEqual(other) {
-					return 3 // */proto/port is a superset of ID/proto/port
-				} // else more specific or different ports
-			} // else more specific or different protocol
-		}
-	} else if k.Identity == other.Identity {
-		if k.Nexthdr == 0 {
-			if other.Nexthdr != 0 {
-				return 4 // ID/*/* is a superset of ID/proto/x
-			} // else both are ID/*/*
-		} else if k.Nexthdr == other.Nexthdr {
-			if k.PortIsBroader(other) {
-				return 5 // ID/proto/* is a superset of ID/proto/port
-			} // else more specific or different ports
-		} // else more specific or different protocol
-	} // else more specific or different identity
-	return 0
+// overrideAuthType sets the AuthType of 'v' to that of 'newKey', saving the old entry in 'changes'.
+func (ms *mapState) overrideAuthType(newEntry mapStateEntry, k Key, v mapStateEntry, changes ChangeState) {
+	// Save the old value first
+	changes.insertOldIfNotExists(k, v)
+
+	// Auth type can be changed in-place, trie is not affected
+	v.AuthType = newEntry.AuthType
+	ms.allows.entries[k] = v
 }
 
 // authPreferredInsert applies AuthType of a more generic entry to more specific entries, if not
@@ -1249,344 +1162,128 @@ func IsSuperSetOf(k, other Key) int {
 // This function is expected to be called for a map insertion after deny
 // entry evaluation. If there is a map entry that is a superset of 'newKey'
 // which denies traffic matching 'newKey', then this function should not be called.
-func (ms *mapState) authPreferredInsert(newKey Key, newEntry MapStateEntry, features policyFeatures, changes ChangeState) {
-	if features.contains(authRules) {
-		if newEntry.hasAuthType == DefaultAuthType {
-			// New entry has a default auth type.
-			// Fill in the AuthType from more generic entries with an explicit auth type
-			maxSpecificity := 0
-			var l3l4State MapStateMap
-
-			ms.allows.ForEachKeyWithBroaderOrEqualPortProto(newKey, func(k Key, v MapStateEntry) bool {
-				// Nothing to be done if entry has default AuthType
-				if v.hasAuthType == DefaultAuthType {
-					return true
-				}
+func (ms *mapState) authPreferredInsert(newKey Key, newEntry mapStateEntry, changes ChangeState) {
+	if newEntry.hasAuthType == DefaultAuthType {
+		// New entry has a default auth type.
+
+		// Fill in the AuthType from the most specific covering key with an explicit
+		// auth type
+		for _, v := range ms.allows.CoveringKeys(newKey) {
+			if v.hasAuthType == ExplicitAuthType {
+				// AuthType from the most specific covering key is applied to
+				// 'newEntry'
+				newEntry.AuthType = v.AuthType
+				break
+			}
+		}
 
-				// Find out if 'k' is an identity-port-proto superset of 'newKey'
-				if specificity := IsSuperSetOf(k, newKey); specificity > 0 {
-					if specificity > maxSpecificity {
-						// AuthType from the most specific superset is
-						// applied to 'newEntry'
-						newEntry.AuthType = v.AuthType
-						maxSpecificity = specificity
-					}
-				} else {
-					// Check if a new L3L4 entry must be created due to L3-only
-					// 'k' specifying an explicit AuthType and an L4-only 'newKey' not
-					// having an explicit AuthType. In this case AuthType should
-					// only override the AuthType for the L3 & L4 combination,
-					// not L4 in general.
-					//
-					// These need to be collected and only added if there is a
-					// superset key of newKey with an explicit auth type. In
-					// this case AuthType of the new L4-only entry was
-					// overridden by a more generic entry and 'max_specificity >
-					// 0' after the loop.
-					if newKey.Identity == 0 && newKey.Nexthdr != 0 && newKey.DestPort != 0 &&
-						k.Identity != 0 && (k.Nexthdr == 0 || k.Nexthdr == newKey.Nexthdr && k.DestPort == 0) {
-						newKeyCpy := newKey
-						newKeyCpy.Identity = k.Identity
-						l3l4AuthEntry := NewMapStateEntry(k, v.DerivedFromRules, newEntry.ProxyPort, newEntry.Listener, newEntry.priority, false, DefaultAuthType, v.AuthType)
-						l3l4AuthEntry.DerivedFromRules.MergeSorted(newEntry.DerivedFromRules)
-
-						if l3l4State == nil {
-							l3l4State = make(MapStateMap)
-						}
-						l3l4State[newKeyCpy] = l3l4AuthEntry
-					}
+		// Override the AuthType for specific L3/4 keys, if the newKey is L4-only,
+		// and there is a key with broader port/proto for a specific identity that
+		// has an explicit auth type.
+		if newKey.Identity == 0 && newKey.Nexthdr != 0 { // L4-only newKey
+			for k, v := range ms.allows.BroaderKeysWithSpecificID(newKey) {
+				if v.hasAuthType == ExplicitAuthType {
+					ms.insertAuthOverrideFromKey(k, v, newKey, newEntry, changes)
 				}
-				return true
-			})
-			// Add collected L3/L4 entries if the auth type of the new entry was not
-			// overridden by a more generic entry. If it was overridden, the new L3L4
-			// entries are not needed as the L4-only entry with an overridden AuthType
-			// will be matched before the L3-only entries in the datapath.
-			if maxSpecificity == 0 {
-				for k, v := range l3l4State {
-					ms.addKeyWithChanges(k, v, changes)
-					// L3-only entries can be deleted incrementally so we need to track their
-					// effects on other entries so that those effects can be reverted when the
-					// identity is removed.
-					newEntry.AddDependent(k)
+			}
+		}
+	} else { // New entry has an explicit auth type
+		// Check if the new key is the most specific covering key of any other key
+		// with the default auth type, and propagate the auth type from the new
+		// entry to such entries.
+		if newKey.Identity == 0 {
+			// A key with a wildcard ID can be the most specific covering key
+			// for keys with any ID. Hence we need to iterate narrower keys with
+			// all IDs and:
+			// - change all iterated keys with a default auth type
+			//   to the auth type of the newKey.
+			// - stop iteration for any given ID at first key with that ID that
+			//   has an explicit auth type, as that is the most specific covering
+			//   key for the remaining subset keys with that specific ID.
+			seenIDs := make(IDSet)
+			for k, v := range ms.allows.SubsetKeys(newKey) {
+				// Skip if a subset entry has an explicit auth type
+				if v.hasAuthType == ExplicitAuthType {
+					// Keep track of IDs for which an explicit auth type
+					// has been encountered.
+					seenIDs[k.Identity] = struct{}{}
+					continue
+				}
+				// Override entries for which an explicit auth type has not been
+				// seen yet.
+				if _, exists := seenIDs[k.Identity]; !exists {
+					ms.overrideAuthType(newEntry, k, v, changes)
 				}
 			}
 		} else {
-			// New entry has an explicit auth type.
-			// Check if the new entry is the most specific superset of any other entry
-			// with the default auth type, and propagate the auth type from the new
-			// entry to such entries.
-			explicitSubsetKeys := make(Keys)
-			defaultSubsetKeys := make(map[Key]int)
-
-			ms.allows.ForEachKeyWithNarrowerOrEqualPortProto(newKey, func(k Key, v MapStateEntry) bool {
-				// Find out if 'newKey' is a superset of 'k'
-				if specificity := IsSuperSetOf(newKey, k); specificity > 0 {
-					if v.hasAuthType == ExplicitAuthType {
-						// store for later comparison
-						explicitSubsetKeys[k] = struct{}{}
-					} else {
-						defaultSubsetKeys[k] = specificity
-					}
-				} else if v.hasAuthType == DefaultAuthType {
-					// Check if a new L3L4 entry must be created due to L3-only
-					// 'newKey' with an explicit AuthType and an L4-only 'k' not
-					// having an explicit AuthType. In this case AuthType should
-					// only override the AuthType for the L3 & L4 combination,
-					// not L4 in general.
-					if newKey.Identity != 0 && (newKey.Nexthdr == 0 || newKey.Nexthdr == k.Nexthdr && newKey.DestPort == 0) &&
-						k.Identity == 0 && k.Nexthdr != 0 && k.DestPort != 0 {
-						newKeyCpy := k
-						newKeyCpy.Identity = newKey.Identity
-						l3l4AuthEntry := NewMapStateEntry(newKey, newEntry.DerivedFromRules, v.ProxyPort, v.Listener, v.priority, false, DefaultAuthType, newEntry.AuthType)
-						l3l4AuthEntry.DerivedFromRules.MergeSorted(v.DerivedFromRules)
-						ms.addKeyWithChanges(newKeyCpy, l3l4AuthEntry, changes)
-						// L3-only entries can be deleted incrementally so we need to track their
-						// effects on other entries so that those effects can be reverted when the
-						// identity is removed.
-						newEntry.AddDependent(newKeyCpy)
-					}
+			// A key with a specific ID can be the most specific covering key
+			// only for keys with the same ID. However, a wildcard ID key can also be
+			// the most specific covering key for those keys, if it has a more
+			// specific proto/port than the newKey. Hence we need to iterate
+			// narrower keys with the same or ANY ID and:
+			// - change all iterated keys with the same ID and a default auth
+			//   type to the auth type of the newKey
+			// - stop iteration at first key with an explicit auth, as that is
+			//   the most specific covering key for the remaining subset keys with
+			//   the same ID.
+			for k, v := range ms.allows.SubsetKeys(newKey) {
+				// Stop if a subset entry has an explicit auth type, as that is more
+				// specific for all remaining subset keys
+				if v.hasAuthType == ExplicitAuthType {
+					break
+				}
+				// auth only propagates from a key with specific ID
+				// to keys with the same ID.
+				if k.Identity != 0 {
+					ms.overrideAuthType(newEntry, k, v, changes)
 				}
+			}
 
-				return true
-			})
-			// Find out if this newKey is the most specific superset for all the subset keys with default auth type
-		Next:
-			for k, specificity := range defaultSubsetKeys {
-				for l := range explicitSubsetKeys {
-					if s := IsSuperSetOf(l, k); s > specificity {
-						// k has a more specific superset key than the newKey, skip
-						continue Next
+			// Override authtype for specific L3L4 keys if 'newKey' with a
+			// specific ID has an explicit AuthType and an L4-only 'k' has a
+			// default AuthType. In this case AuthType of 'newEntry' should only
+			// override the AuthType for the L3 & L4 combination, not L4 in
+			// general.
+			//
+			// Only (partially) wildcarded port can have narrower keys.
+			if newKey.HasPortWildcard() {
+				for k, v := range ms.allows.NarrowerKeysWithWildcardID(newKey) {
+					if v.hasAuthType == DefaultAuthType {
+						ms.insertAuthOverrideFromNewKey(newKey, &newEntry, k, v, changes)
 					}
 				}
-				// newKey is the most specific superset with an explicit auth type,
-				// propagate auth type from newEntry to the entry of k
-				v, _ := ms.Get(k)
-				v.AuthType = newEntry.AuthType
-				ms.addKeyWithChanges(k, v, changes) // Update the map value
 			}
 		}
 	}
-	ms.addKeyWithChanges(newKey, newEntry, changes)
-}
 
-var visibilityDerivedFromLabels = labels.LabelArray{
-	labels.NewLabel(LabelKeyPolicyDerivedFrom, LabelVisibilityAnnotation, labels.LabelSourceReserved),
+	ms.addKeyWithChanges(newKey, newEntry, changes)
 }
 
-var visibilityDerivedFrom = labels.LabelArrayList{visibilityDerivedFromLabels}
-
-// insertIfNotExists only inserts `key=value` if `key` does not exist in keys already
-// returns 'true' if 'key=entry' was added to 'keys'
-func (changes *ChangeState) insertOldIfNotExists(key Key, entry MapStateEntry) bool {
-	if changes == nil || changes.Old == nil {
+// insertIfNotExists only inserts an entry in 'changes.Old' if 'key' does not exist in there already
+// and 'key' does not already exist in 'changes.Adds'. This prevents recording "old" values for
+// newly added keys. When an entry is updated, we are called before the key is added to
+// 'changes.Adds' so we'll record the old value as expected.
+// Returns 'true' if an old entry was added.
+func (changes *ChangeState) insertOldIfNotExists(key Key, entry mapStateEntry) bool {
+	if changes == nil || changes.old == nil {
 		return false
 	}
-	if _, exists := changes.Old[key]; !exists {
+	if _, exists := changes.old[key]; !exists {
 		// Only insert the old entry if the entry was not first added on this round of
 		// changes.
 		if _, added := changes.Adds[key]; !added {
-			// new containers to keep this entry separate from the one that may remain in 'keys'
-			entry.DerivedFromRules = slices.Clone(entry.DerivedFromRules)
-			entry.owners = maps.Clone(entry.owners)
+			// Clone to keep this entry separate from the one that may remain in 'keys'
+			entry.derivedFromRules = slices.Clone(entry.derivedFromRules)
+			entry.owners = entry.owners.Clone()
 			entry.dependents = maps.Clone(entry.dependents)
 
-			changes.Old[key] = entry
+			changes.old[key] = entry
 			return true
 		}
 	}
 	return false
 }
 
-// ForEachKeyWithPortProto calls 'f' for each Key and MapStateEntry, where the Key has the same traffic direction and and L4 fields (protocol, destination port and mask).
-func (msm *mapStateMap) ForEachKeyWithPortProto(key Key, f func(Key, MapStateEntry) bool) {
-	// 'Identity' field in 'key' is ignored on by ExactLookup
-	idSet, ok := msm.trie.ExactLookup(key.PrefixLength(), key)
-	if ok {
-		for id := range idSet {
-			k := key
-			k.Identity = id
-			if !msm.forKey(k, f) {
-				return
-			}
-		}
-	}
-}
-
-// addVisibilityKeys adjusts and expands PolicyMapState keys
-// and values to redirect for visibility on the port of the visibility
-// annotation while still denying traffic on this port for identities
-// for which the traffic is denied.
-//
-// Datapath lookup order is, from highest to lowest precedence:
-// 1. L3/L4
-// 2. L4-only (wildcard L3)
-// 3. L3-only (wildcard L4)
-// 4. Allow-all
-//
-// This means that the L4-only allow visibility key can only be added if there is an
-// allow-all key, and all L3-only deny keys are expanded to L3/L4 keys. If no
-// L4-only key is added then also the L3-only allow keys need to be expanded to
-// L3/L4 keys for visibility redirection. In addition the existing L3/L4 and L4-only
-// allow keys need to be redirected to the proxy port, if not already redirected.
-//
-// The above can be accomplished by:
-//
-//  1. Change existing L4-only ALLOW key on matching port that does not already
-//     redirect to redirect.
-//     - e.g., 0:80=allow,0 -> 0:80=allow,<proxyport>
-//  2. If allow-all policy exists, add L4-only visibility redirect key if the L4-only
-//     key does not already exist.
-//     - e.g., 0:0=allow,0 -> add 0:80=allow,<proxyport> if 0:80 does not exist
-//     - this allows all traffic on port 80, but see step 5 below.
-//  3. Change all L3/L4 ALLOW keys on matching port that do not already redirect to
-//     redirect.
-//     - e.g, <ID1>:80=allow,0 -> <ID1>:80=allow,<proxyport>
-//  4. For each L3-only ALLOW key add the corresponding L3/L4 ALLOW redirect if no
-//     L3/L4 key already exists and no L4-only key already exists and one is not added.
-//     - e.g., <ID2>:0=allow,0 -> add <ID2>:80=allow,<proxyport> if <ID2>:80
-//     and 0:80 do not exist
-//  5. If a new L4-only key was added: For each L3-only DENY key add the
-//     corresponding L3/L4 DENY key if no L3/L4 key already exists.
-//     - e.g., <ID3>:0=deny,0 -> add <ID3>:80=deny,0 if <ID3>:80 does not exist
-//
-// With the above we only change/expand existing allow keys to redirect, and
-// expand existing drop keys to also drop on the port of interest, if a new
-// L4-only key allowing the port is added.
-//
-// 'adds' and 'oldValues' are updated with the changes made. 'adds' contains both the added and
-// changed keys. 'oldValues' contains the old values for changed keys. This function does not
-// delete any keys.
-func (ms *mapState) addVisibilityKeys(e PolicyOwner, redirectPort uint16, visMeta *VisibilityMetadata, changes ChangeState) {
-	direction := trafficdirection.Egress
-	if visMeta.Ingress {
-		direction = trafficdirection.Ingress
-	}
-
-	key := KeyForDirection(direction).WithPortProto(visMeta.Proto, visMeta.Port)
-	entry := NewMapStateEntry(nil, visibilityDerivedFrom, redirectPort, "", 0, false, DefaultAuthType, AuthTypeDisabled)
-
-	_, haveAllowAllKey := ms.Get(allKey[direction])
-	l4Only, haveL4OnlyKey := ms.Get(key)
-	addL4OnlyKey := false
-	if haveL4OnlyKey && !l4Only.IsDeny && l4Only.ProxyPort == 0 {
-		// 1. Change existing L4-only ALLOW key on matching port that does not already
-		//    redirect to redirect.
-		e.PolicyDebug(logrus.Fields{
-			logfields.BPFMapKey:   key,
-			logfields.BPFMapValue: entry,
-		}, "addVisibilityKeys: Changing L4-only ALLOW key for visibility redirect")
-		ms.addKeyWithChanges(key, entry, changes)
-	}
-	if haveAllowAllKey && !haveL4OnlyKey {
-		// 2. If allow-all policy exists, add L4-only visibility redirect key if the L4-only
-		//    key does not already exist.
-		e.PolicyDebug(logrus.Fields{
-			logfields.BPFMapKey:   key,
-			logfields.BPFMapValue: entry,
-		}, "addVisibilityKeys: Adding L4-only ALLOW key for visibility redirect")
-		addL4OnlyKey = true
-		ms.addKeyWithChanges(key, entry, changes)
-	}
-	// We need to make changes to the map
-	// outside of iteration.
-	var updates []MapChange
-	//
-	// Loop through all L3 keys in the traffic direction of the new key
-	//
-
-	// Find entries with the same L4
-	ms.allows.ForEachKeyWithPortProto(key, func(k Key, v MapStateEntry) bool {
-		if k.Identity != 0 {
-			if v.ProxyPort == 0 {
-				// 3. Change all L3/L4 ALLOW keys on matching port that do not
-				//    already redirect to redirect.
-				v.ProxyPort = redirectPort
-				// redirect port is used as the default priority for tie-breaking
-				// purposes when two different selectors have conflicting
-				// redirects. Explicit listener references in the policy can specify
-				// a priority, but only the default is used for visibility policy,
-				// as visibility will be achieved by any of the redirects.
-				v.priority = redirectPort
-				v.Listener = ""
-				v.DerivedFromRules = visibilityDerivedFrom
-				e.PolicyDebug(logrus.Fields{
-					logfields.BPFMapKey:   k,
-					logfields.BPFMapValue: v,
-				}, "addVisibilityKeys: Changing L3/L4 ALLOW key for visibility redirect")
-				updates = append(updates, MapChange{
-					Add:   true,
-					Key:   k,
-					Value: v,
-				})
-			}
-		}
-		return true
-	})
-
-	// Find Wildcarded L4 allows, i.e., L3-only entries
-	if !haveL4OnlyKey && !addL4OnlyKey {
-		ms.allows.ForEachKeyWithPortProto(allKey[key.TrafficDirection()], func(k Key, v MapStateEntry) bool {
-			if k.Identity != 0 {
-				k2 := key
-				k2.Identity = k.Identity
-				// 4. For each L3-only ALLOW key add the corresponding L3/L4
-				//    ALLOW redirect if no L3/L4 key already exists and no
-				//    L4-only key already exists and one is not added.
-				if _, ok := ms.Get(k2); !ok {
-					d2 := labels.LabelArrayList{visibilityDerivedFromLabels}
-					d2.MergeSorted(v.DerivedFromRules)
-					v2 := NewMapStateEntry(k, d2, redirectPort, "", 0, false, v.hasAuthType, v.AuthType)
-					e.PolicyDebug(logrus.Fields{
-						logfields.BPFMapKey:   k2,
-						logfields.BPFMapValue: v2,
-					}, "addVisibilityKeys: Extending L3-only ALLOW key to L3/L4 key for visibility redirect")
-					updates = append(updates, MapChange{
-						Add:   true,
-						Key:   k2,
-						Value: v2,
-					})
-					// Mark the new entry as a dependent of 'v'
-					ms.addDependentOnEntry(k, v, k2, changes)
-				}
-			}
-			return true
-		})
-	}
-
-	// Find Wildcarded L4 denies, i.e., L3-only entries
-	if addL4OnlyKey {
-		ms.denies.ForEachKeyWithPortProto(allKey[key.TrafficDirection()], func(k Key, v MapStateEntry) bool {
-			if k.Identity != 0 {
-				k2 := key
-				k2.Identity = k.Identity
-				// 5. If a new L4-only key was added: For each L3-only DENY
-				//    key add the corresponding L3/L4 DENY key if no L3/L4
-				//    key already exists.
-				if _, ok := ms.Get(k2); !ok {
-					v2 := NewMapStateEntry(k, v.DerivedFromRules, 0, "", 0, true, DefaultAuthType, AuthTypeDisabled)
-					e.PolicyDebug(logrus.Fields{
-						logfields.BPFMapKey:   k2,
-						logfields.BPFMapValue: v2,
-					}, "addVisibilityKeys: Extending L3-only DENY key to L3/L4 key to deny a port with visibility annotation")
-					updates = append(updates, MapChange{
-						Add:   true,
-						Key:   k2,
-						Value: v2,
-					})
-					// Mark the new entry as a dependent of 'v'
-					ms.addDependentOnEntry(k, v, k2, changes)
-				}
-			}
-			return true
-		})
-	}
-
-	for _, update := range updates {
-		ms.addKeyWithChanges(update.Key, update.Value, changes)
-	}
-}
-
 // determineAllowLocalhostIngress determines whether communication should be allowed
 // from the localhost. It inserts the Key corresponding to the localhost in
 // the desiredPolicyKeys if the localhost is allowed to communicate with the
@@ -1598,8 +1295,8 @@ func (ms *mapState) determineAllowLocalhostIngress() {
 				labels.NewLabel(LabelKeyPolicyDerivedFrom, LabelAllowLocalHostIngress, labels.LabelSourceReserved),
 			},
 		}
-		es := NewMapStateEntry(nil, derivedFrom, 0, "", 0, false, ExplicitAuthType, AuthTypeDisabled) // Authentication never required for local host ingress
-		ms.denyPreferredInsert(localHostKey, es, allFeatures)
+		entry := newMapStateEntry(nil, derivedFrom, 0, 0, false, ExplicitAuthType, AuthTypeDisabled) // Authentication never required for local host ingress
+		ms.insertWithChanges(localHostKey, entry, allFeatures, ChangeState{})
 	}
 }
 
@@ -1609,98 +1306,11 @@ func (ms *mapState) determineAllowLocalhostIngress() {
 // Note that this is used when policy is not enforced, so authentication is explicitly not required.
 func (ms *mapState) allowAllIdentities(ingress, egress bool) {
 	if ingress {
-		derivedFrom := labels.LabelArrayList{
-			labels.LabelArray{
-				labels.NewLabel(LabelKeyPolicyDerivedFrom, LabelAllowAnyIngress, labels.LabelSourceReserved),
-			},
-		}
-		ms.allows.upsert(allKey[trafficdirection.Ingress], NewMapStateEntry(nil, derivedFrom, 0, "", 0, false, ExplicitAuthType, AuthTypeDisabled))
+		ms.allows.upsert(allKey[trafficdirection.Ingress], newMapStateEntry(nil, LabelsAllowAnyIngress, 0, 0, false, ExplicitAuthType, AuthTypeDisabled))
 	}
 	if egress {
-		derivedFrom := labels.LabelArrayList{
-			labels.LabelArray{
-				labels.NewLabel(LabelKeyPolicyDerivedFrom, LabelAllowAnyEgress, labels.LabelSourceReserved),
-			},
-		}
-		ms.allows.upsert(allKey[trafficdirection.Egress], NewMapStateEntry(nil, derivedFrom, 0, "", 0, false, ExplicitAuthType, AuthTypeDisabled))
-	}
-}
-
-func (ms *mapState) deniesL4(policyOwner PolicyOwner, l4 *L4Filter) bool {
-	port := uint16(l4.Port)
-	proto := l4.U8Proto
-
-	// resolve named port
-	if port == 0 && l4.PortName != "" {
-		port = policyOwner.GetNamedPort(l4.Ingress, l4.PortName, proto)
-		if port == 0 {
-			return true
-		}
-	}
-
-	var key Key
-	if l4.Ingress {
-		key = allKey[trafficdirection.Ingress]
-	} else {
-		key = allKey[trafficdirection.Egress]
+		ms.allows.upsert(allKey[trafficdirection.Egress], newMapStateEntry(nil, LabelsAllowAnyEgress, 0, 0, false, ExplicitAuthType, AuthTypeDisabled))
 	}
-
-	// Are we explicitly denying all traffic?
-	v, ok := ms.Get(key)
-	if ok && v.IsDeny {
-		return true
-	}
-
-	// Are we explicitly denying this L4-only traffic?
-	key.DestPort = port
-	key.Nexthdr = proto
-	v, ok = ms.Get(key)
-	if ok && v.IsDeny {
-		return true
-	}
-
-	// The given L4 is not categorically denied.
-	// Traffic to/from a specific L3 on any of the selectors can still be denied.
-	return false
-}
-
-func (ms *mapState) GetIdentities(log *logrus.Logger) (ingIdentities, egIdentities []int64) {
-	return ms.getIdentities(log, false)
-}
-
-func (ms *mapState) GetDenyIdentities(log *logrus.Logger) (ingIdentities, egIdentities []int64) {
-	return ms.getIdentities(log, true)
-}
-
-// GetIdentities returns the ingress and egress identities stored in the
-// MapState.
-// Used only for API requests.
-func (ms *mapState) getIdentities(log *logrus.Logger, denied bool) (ingIdentities, egIdentities []int64) {
-	ms.ForEach(func(key Key, entry MapStateEntry) bool {
-		if denied != entry.IsDeny {
-			return true
-		}
-		if key.DestPort != 0 {
-			// If the port is non-zero, then the Key no longer only applies
-			// at L3. AllowedIngressIdentities and AllowedEgressIdentities
-			// contain sets of which identities (i.e., label-based L3 only)
-			// are allowed, so anything which contains L4-related policy should
-			// not be added to these sets.
-			return true
-		}
-		switch key.TrafficDirection() {
-		case trafficdirection.Ingress:
-			ingIdentities = append(ingIdentities, int64(key.Identity))
-		case trafficdirection.Egress:
-			egIdentities = append(egIdentities, int64(key.Identity))
-		default:
-			td := key.TrafficDirection()
-			log.WithField(logfields.TrafficDirection, td).
-				Errorf("Unexpected traffic direction present in policy map state for endpoint")
-		}
-		return true
-	})
-	return ingIdentities, egIdentities
 }
 
 // MapChanges collects updates to the endpoint policy on the
@@ -1709,11 +1319,17 @@ func (ms *mapState) getIdentities(log *logrus.Logger, denied bool) (ingIdentitie
 type MapChanges struct {
 	firstVersion versioned.KeepVersion
 	mutex        lock.Mutex
-	changes      []MapChange
-	synced       []MapChange
+	changes      []mapChange
+	synced       []mapChange
 	version      *versioned.VersionHandle
 }
 
+type mapChange struct {
+	Add   bool // false deletes
+	Key   Key
+	Value mapStateEntry
+}
+
 type MapChange struct {
 	Add   bool // false deletes
 	Key   Key
@@ -1725,19 +1341,27 @@ type MapChange struct {
 //
 // The caller is responsible for making sure the same identity is not
 // present in both 'adds' and 'deletes'.
-func (mc *MapChanges) AccumulateMapChanges(cs CachedSelector, adds, deletes []identity.NumericIdentity, keys []Key, value MapStateEntry) {
+func (mc *MapChanges) AccumulateMapChanges(adds, deletes []identity.NumericIdentity, keys []Key, value mapStateEntry) {
 	mc.mutex.Lock()
 	defer mc.mutex.Unlock()
 	for _, id := range adds {
 		for _, k := range keys {
 			k.Identity = id
-			mc.changes = append(mc.changes, MapChange{Add: true, Key: k, Value: value})
+			mc.changes = append(mc.changes, mapChange{
+				Add:   true,
+				Key:   k,
+				Value: value,
+			})
 		}
 	}
 	for _, id := range deletes {
 		for _, k := range keys {
 			k.Identity = id
-			mc.changes = append(mc.changes, MapChange{Add: false, Key: k, Value: value})
+			mc.changes = append(mc.changes, mapChange{
+				Add:   false,
+				Key:   k,
+				Value: value,
+			})
 		}
 	}
 }
@@ -1780,42 +1404,22 @@ func (mc *MapChanges) consumeMapChanges(p *EndpointPolicy, features policyFeatur
 	changes := ChangeState{
 		Adds:    make(Keys, len(mc.synced)),
 		Deletes: make(Keys, len(mc.synced)),
-		Old:     make(map[Key]MapStateEntry, len(mc.synced)),
-	}
-
-	var redirects map[string]uint16
-	if p.PolicyOwner != nil {
-		redirects = p.PolicyOwner.GetRealizedRedirects()
+		old:     make(map[Key]mapStateEntry, len(mc.synced)),
 	}
 
 	for i := range mc.synced {
-		if mc.synced[i].Add {
-			// Redirect entries for unrealized redirects come in with an invalid
-			// redirect port (65535), replace it with the actual proxy port number.
-			key := mc.synced[i].Key
-			entry := mc.synced[i].Value
-			if entry.ProxyPort == unrealizedRedirectPort {
-				var exists bool
-				proxyID := ProxyIDFromKey(uint16(p.PolicyOwner.GetID()), key, entry.Listener)
-				entry.ProxyPort, exists = redirects[proxyID]
-				if !exists {
-					log.WithFields(logrus.Fields{
-						logfields.PolicyKey:   key,
-						logfields.PolicyEntry: entry,
-					}).Warn("consumeMapChanges: Skipping entry for unrealized redirect")
-					continue
-				}
-			}
+		key := mc.synced[i].Key
+		entry := mc.synced[i].Value
 
-			// insert but do not allow non-redirect entries to overwrite a redirect entry,
-			// nor allow non-deny entries to overwrite deny entries.
-			// Collect the incremental changes to the overall state in 'mc.adds' and 'mc.deletes'.
-			p.policyMapState.denyPreferredInsertWithChanges(key, entry, features, changes)
+		if mc.synced[i].Add {
+			// Insert the key to and collect the incremental changes to the overall
+			// state in 'changes'
+			p.policyMapState.insertWithChanges(key, entry, features, changes)
 		} else {
-			// Delete the contribution of this cs to the key and collect incremental changes
-			for cs := range mc.synced[i].Value.owners { // get the sole selector
-				p.policyMapState.deleteKeyWithChanges(mc.synced[i].Key, cs, changes)
-			}
+			// Delete the contribution of this cs to the key and collect incremental
+			// changes
+			cs, _ := entry.owners.Get() // get the sole selector
+			p.policyMapState.deleteKeyWithChanges(key, cs, changes)
 		}
 	}
 
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/repository.go b/vendor/github.com/cilium/cilium/pkg/policy/repository.go
index a1e3aac373..11018fd7cb 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/repository.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/repository.go
@@ -13,6 +13,7 @@ import (
 	"sync/atomic"
 
 	cilium "github.com/cilium/proxy/go/cilium/api"
+	"k8s.io/apimachinery/pkg/util/sets"
 
 	"github.com/cilium/cilium/api/v1/models"
 	"github.com/cilium/cilium/pkg/crypto/certificatemanager"
@@ -106,14 +107,46 @@ func (p *policyContext) SetDeny(deny bool) bool {
 	return oldDeny
 }
 
+// RepositoryLock exposes methods to protect the whole policy tree.
+type RepositoryLock interface {
+	Lock()
+	Unlock()
+	RLock()
+	RUnlock()
+}
+
+type PolicyRepository interface {
+	RepositoryLock
+
+	AddListLocked(rules api.Rules) (ruleSlice, uint64)
+	BumpRevision() uint64
+	DeleteByLabelsLocked(lbls labels.LabelArray) (ruleSlice, uint64, int)
+	DeleteByResourceLocked(rid ipcachetypes.ResourceID) (ruleSlice, uint64)
+	GetAuthTypes(localID identity.NumericIdentity, remoteID identity.NumericIdentity) AuthTypes
+	GetEnvoyHTTPRules(l7Rules *api.L7Rules, ns string) (*cilium.HttpNetworkPolicyRules, bool)
+	GetPolicyCache() *PolicyCache
+	GetRevision() uint64
+	GetRulesList() *models.Policy
+	GetSelectorCache() *SelectorCache
+	GetRepositoryChangeQueue() *eventqueue.EventQueue
+	GetRuleReactionQueue() *eventqueue.EventQueue
+	Iterate(f func(rule *api.Rule))
+	Release(rs ruleSlice)
+	ReplaceByResourceLocked(rules api.Rules, resource ipcachetypes.ResourceID) (newRules ruleSlice, oldRules ruleSlice, revision uint64)
+	SearchRLocked(lbls labels.LabelArray) api.Rules
+	SetEnvoyRulesFunc(f func(certificatemanager.SecretManager, *api.L7Rules, string) (*cilium.HttpNetworkPolicyRules, bool))
+	Start()
+}
+
 // Repository is a list of policy rules which in combination form the security
 // policy. A policy repository can be
 type Repository struct {
-	// Mutex protects the whole policy tree
-	Mutex lock.RWMutex
+	// mutex protects the whole policy tree
+	mutex lock.RWMutex
 
-	rules           map[ruleKey]*rule
-	rulesByResource map[ipcachetypes.ResourceID]map[ruleKey]*rule
+	rules            map[ruleKey]*rule
+	rulesByNamespace map[string]sets.Set[ruleKey]
+	rulesByResource  map[ipcachetypes.ResourceID]map[ruleKey]*rule
 
 	// We will need a way to synthesize a rule key for rules without a resource;
 	// these are - in practice - very rare, as they only come from the local API,
@@ -125,15 +158,15 @@ type Repository struct {
 	// Always positive (>0).
 	revision atomic.Uint64
 
-	// RepositoryChangeQueue is a queue which serializes changes to the policy
+	// repositoryChangeQueue is a queue which serializes changes to the policy
 	// repository.
-	RepositoryChangeQueue *eventqueue.EventQueue
+	repositoryChangeQueue *eventqueue.EventQueue
 
-	// RuleReactionQueue is a queue which serializes the resultant events that
+	// ruleReactionQueue is a queue which serializes the resultant events that
 	// need to occur after updating the state of the policy repository. This
 	// can include queueing endpoint regenerations, policy revision increments
 	// for endpoints, etc.
-	RuleReactionQueue *eventqueue.EventQueue
+	ruleReactionQueue *eventqueue.EventQueue
 
 	// SelectorCache tracks the selectors used in the policies
 	// resolved from the repository.
@@ -148,11 +181,39 @@ type Repository struct {
 	getEnvoyHTTPRules func(certificatemanager.SecretManager, *api.L7Rules, string) (*cilium.HttpNetworkPolicyRules, bool)
 }
 
+// Lock acquiers the lock of the whole policy tree.
+func (p *Repository) Lock() {
+	p.mutex.Lock()
+}
+
+// Unlock releases the lock of the whole policy tree.
+func (p *Repository) Unlock() {
+	p.mutex.Unlock()
+}
+
+// RLock acquiers the read lock of the whole policy tree.
+func (p *Repository) RLock() {
+	p.mutex.RLock()
+}
+
+// RUnlock releases the read lock of the whole policy tree.
+func (p *Repository) RUnlock() {
+	p.mutex.RUnlock()
+}
+
 // GetSelectorCache() returns the selector cache used by the Repository
 func (p *Repository) GetSelectorCache() *SelectorCache {
 	return p.selectorCache
 }
 
+func (p *Repository) GetRepositoryChangeQueue() *eventqueue.EventQueue {
+	return p.repositoryChangeQueue
+}
+
+func (p *Repository) GetRuleReactionQueue() *eventqueue.EventQueue {
+	return p.ruleReactionQueue
+}
+
 // GetAuthTypes returns the AuthTypes required by the policy between the localID and remoteID
 func (p *Repository) GetAuthTypes(localID, remoteID identity.NumericIdentity) AuthTypes {
 	return p.policyCache.GetAuthTypes(localID, remoteID)
@@ -180,7 +241,7 @@ func NewPolicyRepository(
 	initialIDs identity.IdentityMap,
 	certManager certificatemanager.CertificateManager,
 	secretManager certificatemanager.SecretManager,
-	idmgr *identitymanager.IdentityManager,
+	idmgr identitymanager.IDManager,
 ) *Repository {
 	repo := NewStoppedPolicyRepository(initialIDs, certManager, secretManager, idmgr)
 	repo.Start()
@@ -196,15 +257,16 @@ func NewStoppedPolicyRepository(
 	initialIDs identity.IdentityMap,
 	certManager certificatemanager.CertificateManager,
 	secretManager certificatemanager.SecretManager,
-	idmgr *identitymanager.IdentityManager,
+	idmgr identitymanager.IDManager,
 ) *Repository {
 	selectorCache := NewSelectorCache(initialIDs)
 	repo := &Repository{
-		rules:           make(map[ruleKey]*rule),
-		rulesByResource: make(map[ipcachetypes.ResourceID]map[ruleKey]*rule),
-		selectorCache:   selectorCache,
-		certManager:     certManager,
-		secretManager:   secretManager,
+		rules:            make(map[ruleKey]*rule),
+		rulesByNamespace: make(map[string]sets.Set[ruleKey]),
+		rulesByResource:  make(map[ipcachetypes.ResourceID]map[ruleKey]*rule),
+		selectorCache:    selectorCache,
+		certManager:      certManager,
+		secretManager:    secretManager,
 	}
 	repo.revision.Store(1)
 	repo.policyCache = NewPolicyCache(repo, idmgr)
@@ -253,10 +315,10 @@ func (state *traceState) trace(rules int, ctx *SearchContext) {
 //
 // Must only be called if using [NewStoppedPolicyRepository]
 func (p *Repository) Start() {
-	p.RepositoryChangeQueue = eventqueue.NewEventQueueBuffered("repository-change-queue", option.Config.PolicyQueueSize)
-	p.RuleReactionQueue = eventqueue.NewEventQueueBuffered("repository-reaction-queue", option.Config.PolicyQueueSize)
-	p.RepositoryChangeQueue.Run()
-	p.RuleReactionQueue.Run()
+	p.repositoryChangeQueue = eventqueue.NewEventQueueBuffered("repository-change-queue", option.Config.PolicyQueueSize)
+	p.ruleReactionQueue = eventqueue.NewEventQueueBuffered("repository-reaction-queue", option.Config.PolicyQueueSize)
+	p.repositoryChangeQueue.Run()
+	p.ruleReactionQueue.Run()
 }
 
 // ResolveL4IngressPolicy resolves the L4 ingress policy for a set of endpoints
@@ -451,6 +513,10 @@ func (p *Repository) ReplaceByResourceLocked(rules api.Rules, resource ipcachety
 
 func (p *Repository) insert(r *rule) {
 	p.rules[r.key] = r
+	if _, ok := p.rulesByNamespace[r.key.resource.Namespace()]; !ok {
+		p.rulesByNamespace[r.key.resource.Namespace()] = sets.New[ruleKey]()
+	}
+	p.rulesByNamespace[r.key.resource.Namespace()].Insert(r.key)
 	rid := r.key.resource
 	if len(rid) > 0 {
 		if p.rulesByResource[rid] == nil {
@@ -467,6 +533,10 @@ func (p *Repository) del(key ruleKey) {
 		return
 	}
 	delete(p.rules, key)
+	p.rulesByNamespace[key.resource.Namespace()].Delete(key)
+	if len(p.rulesByNamespace[key.resource.Namespace()]) == 0 {
+		delete(p.rulesByNamespace, key.resource.Namespace())
+	}
 
 	rid := key.resource
 	if len(rid) > 0 && p.rulesByResource[rid] != nil {
@@ -509,16 +579,16 @@ func (p *Repository) MustAddList(rules api.Rules) (ruleSlice, uint64) {
 			panic(err)
 		}
 	}
-	p.Mutex.Lock()
-	defer p.Mutex.Unlock()
+	p.mutex.Lock()
+	defer p.mutex.Unlock()
 	return p.AddListLocked(rules)
 }
 
 // Iterate iterates the policy repository, calling f for each rule. It is safe
 // to execute Iterate concurrently.
 func (p *Repository) Iterate(f func(rule *api.Rule)) {
-	p.Mutex.RWMutex.Lock()
-	defer p.Mutex.RWMutex.Unlock()
+	p.mutex.RWMutex.Lock()
+	defer p.mutex.RWMutex.Unlock()
 	for _, r := range p.rules {
 		f(&r.Rule)
 	}
@@ -584,8 +654,8 @@ func (p *Repository) DeleteByResourceLocked(rid ipcachetypes.ResourceID) (ruleSl
 // DeleteByLabels deletes all rules in the policy repository which contain the
 // specified labels
 func (p *Repository) DeleteByLabels(lbls labels.LabelArray) (uint64, int) {
-	p.Mutex.Lock()
-	defer p.Mutex.Unlock()
+	p.mutex.Lock()
+	defer p.mutex.Unlock()
 	_, rev, numDeleted := p.DeleteByLabelsLocked(lbls)
 	return rev, numDeleted
 }
@@ -600,24 +670,10 @@ func JSONMarshalRules(rules api.Rules) string {
 	return string(b)
 }
 
-// GetJSON returns all rules of the policy repository as string in JSON
-// representation
-func (p *Repository) GetJSON() string {
-	p.Mutex.RLock()
-	defer p.Mutex.RUnlock()
-
-	result := api.Rules{}
-	for _, r := range p.rules {
-		result = append(result, &r.Rule)
-	}
-
-	return JSONMarshalRules(result)
-}
-
 // GetRulesMatching returns whether any of the rules in a repository contain a
 // rule with labels matching the labels in the provided LabelArray.
 //
-// Must be called with p.Mutex held
+// Must be called with p.mutex held
 func (p *Repository) GetRulesMatching(lbls labels.LabelArray) (ingressMatch bool, egressMatch bool) {
 	ingressMatch = false
 	egressMatch = false
@@ -645,27 +701,11 @@ func (p *Repository) GetRulesMatching(lbls labels.LabelArray) (ingressMatch bool
 	return
 }
 
-// NumRules returns the amount of rules in the policy repository.
-//
-// Must be called with p.Mutex held
-func (p *Repository) NumRules() int {
-	return len(p.rules)
-}
-
 // GetRevision returns the revision of the policy repository
 func (p *Repository) GetRevision() uint64 {
 	return p.revision.Load()
 }
 
-// Empty returns 'true' if repository has no rules, 'false' otherwise.
-//
-// Must be called without p.Mutex held
-func (p *Repository) Empty() bool {
-	p.Mutex.Lock()
-	defer p.Mutex.Unlock()
-	return p.NumRules() == 0
-}
-
 // BumpRevision allows forcing policy regeneration
 func (p *Repository) BumpRevision() uint64 {
 	metrics.PolicyRevision.Inc()
@@ -674,8 +714,8 @@ func (p *Repository) BumpRevision() uint64 {
 
 // GetRulesList returns the current policy
 func (p *Repository) GetRulesList() *models.Policy {
-	p.Mutex.RLock()
-	defer p.Mutex.RUnlock()
+	p.mutex.RLock()
+	defer p.mutex.RUnlock()
 
 	lbls := labels.ParseSelectLabelArrayFromArray([]string{})
 	ruleList := p.SearchRLocked(lbls)
@@ -777,11 +817,23 @@ func (p *Repository) computePolicyEnforcementAndRules(securityIdentity *identity
 	}
 
 	matchingRules = []*rule{}
-	for _, r := range p.rules {
+	// Match cluster-wide rules
+	for rKey := range p.rulesByNamespace[""] {
+		r := p.rules[rKey]
 		if r.matchesSubject(securityIdentity) {
 			matchingRules = append(matchingRules, r)
 		}
 	}
+	// Match namespace-specific rules
+	namespace := lbls.Get(labels.LabelSourceK8sKeyPrefix + k8sConst.PodNamespaceLabel)
+	if namespace != "" {
+		for rKey := range p.rulesByNamespace[namespace] {
+			r := p.rules[rKey]
+			if r.matchesSubject(securityIdentity) {
+				matchingRules = append(matchingRules, r)
+			}
+		}
+	}
 
 	// If policy enforcement is enabled for the daemon, then it has to be
 	// enabled for the endpoint.
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/resolve.go b/vendor/github.com/cilium/cilium/pkg/policy/resolve.go
index 5a357534f8..75b15ec6cc 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/resolve.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/resolve.go
@@ -4,9 +4,14 @@
 package policy
 
 import (
+	"errors"
+	"fmt"
+	"iter"
+
 	"github.com/sirupsen/logrus"
 
 	"github.com/cilium/cilium/pkg/container/versioned"
+	"github.com/cilium/cilium/pkg/labels"
 	"github.com/cilium/cilium/pkg/logging/logfields"
 	"github.com/cilium/cilium/pkg/u8proto"
 )
@@ -59,21 +64,35 @@ type EndpointPolicy struct {
 	// Proxy port 0 indicates no proxy redirection.
 	// All fields within the Key and the proxy port must be in host byte-order.
 	// Must only be accessed with PolicyOwner (aka Endpoint) lock taken.
-	policyMapState MapState
+	policyMapState *mapState
 
 	// policyMapChanges collects pending changes to the PolicyMapState
 	policyMapChanges MapChanges
 
 	// PolicyOwner describes any type which consumes this EndpointPolicy object.
 	PolicyOwner PolicyOwner
+
+	// Redirects contains the proxy ports needed for this EndpointPolicy.
+	// If any redirects are missing a new policy will be computed to rectify it, so this is
+	// constant for the lifetime of this EndpointPolicy.
+	Redirects map[string]uint16
+}
+
+// LookupRedirectPort returns the redirect L4 proxy port for the given input parameters.
+// Returns 0 if not found or the filter doesn't require a redirect.
+// Returns an error if the redirect port can not be found.
+// This is called when accumulating incremental map changes, endpoint lock must not be taken.
+func (p *EndpointPolicy) LookupRedirectPort(ingress bool, protocol string, port uint16, listener string) (uint16, error) {
+	proxyID := ProxyID(uint16(p.PolicyOwner.GetID()), ingress, protocol, port, listener)
+	if proxyPort, exists := p.Redirects[proxyID]; exists {
+		return proxyPort, nil
+	}
+	return 0, fmt.Errorf("Proxy port for redirect %q not found", proxyID)
 }
 
 // PolicyOwner is anything which consumes a EndpointPolicy.
 type PolicyOwner interface {
 	GetID() uint64
-	LookupRedirectPort(ingress bool, protocol string, port uint16, listener string) (uint16, error)
-	GetRealizedRedirects() map[string]uint16
-	HasBPFPolicyMap() bool
 	GetNamedPort(ingress bool, name string, proto u8proto.U8proto) uint16
 	PolicyDebug(fields logrus.Fields, msg string)
 }
@@ -113,7 +132,7 @@ func (p *selectorPolicy) Detach() {
 // Called without holding the Selector cache or Repository locks.
 // PolicyOwner (aka Endpoint) is also unlocked during this call,
 // but the Endpoint's build mutex is held.
-func (p *selectorPolicy) DistillPolicy(policyOwner PolicyOwner, isHost bool) *EndpointPolicy {
+func (p *selectorPolicy) DistillPolicy(policyOwner PolicyOwner, redirects map[string]uint16, isHost bool) *EndpointPolicy {
 	var calculatedPolicy *EndpointPolicy
 
 	// EndpointPolicy is initialized while 'GetCurrentVersionHandleFunc' keeps the selector
@@ -132,14 +151,15 @@ func (p *selectorPolicy) DistillPolicy(policyOwner PolicyOwner, isHost bool) *En
 		calculatedPolicy = &EndpointPolicy{
 			selectorPolicy: p,
 			VersionHandle:  version,
-			policyMapState: NewMapState(),
+			policyMapState: newMapState(),
 			policyMapChanges: MapChanges{
 				firstVersion: version.Version(),
 			},
 			PolicyOwner: policyOwner,
+			Redirects:   redirects,
 		}
 		// Register the new EndpointPolicy as a receiver of incremental
-		// updates before selector cache lock is released by 'GetHandle'.
+		// updates before selector cache lock is released by 'GetCurrentVersionHandleFunc'.
 		p.insertUser(calculatedPolicy)
 	})
 
@@ -168,23 +188,6 @@ func (p *EndpointPolicy) Ready() (err error) {
 	return err
 }
 
-// GetPolicyMap gets the policy map state as the interface
-// MapState
-func (p *EndpointPolicy) GetPolicyMap() MapState {
-	return p.policyMapState
-}
-
-// SetPolicyMap sets the policy map state as the interface
-// MapState. If the main argument is nil, then this method
-// will initialize a new MapState object for the caller.
-func (p *EndpointPolicy) SetPolicyMap(ms MapState) {
-	if ms == nil {
-		p.policyMapState = NewMapState()
-		return
-	}
-	p.policyMapState = ms
-}
-
 // Detach removes EndpointPolicy references from selectorPolicy
 // to allow the EndpointPolicy to be GC'd.
 // PolicyOwner (aka Endpoint) is also locked during this call.
@@ -201,35 +204,115 @@ func (p *EndpointPolicy) Detach() {
 	p.policyMapChanges.detach()
 }
 
-// NewMapStateWithInsert returns a new MapState and an insert function that can be used to populate
-// it. We keep general insert functions private so that the caller can only insert to this specific
-// map.
-func NewMapStateWithInsert() (MapState, func(k Key, e MapStateEntry)) {
-	currentMap := NewMapState()
+func (p *EndpointPolicy) Len() int {
+	return p.policyMapState.Len()
+}
 
-	return currentMap, func(k Key, e MapStateEntry) {
-		currentMap.insert(k, e)
+func (p *EndpointPolicy) Get(key Key) (MapStateEntry, bool) {
+	return p.policyMapState.Get(key)
+}
+
+var errMissingKey = errors.New("Key not found")
+
+// GetRuleLabels returns the list of labels of the rules that contributed
+// to the entry at this key.
+// The returned LabelArrayList is shallow-copied and therefore must not be mutated.
+func (p *EndpointPolicy) GetRuleLabels(k Key) (labels.LabelArrayList, error) {
+	entry, ok := p.policyMapState.get(k)
+	if !ok {
+		return nil, errMissingKey
 	}
+	return entry.GetRuleLabels(), nil
 }
 
-func (p *EndpointPolicy) InsertMapState(key Key, entry MapStateEntry) {
-	// SelectorCache used as Identities interface which only has GetPrefix() that needs no lock
-	p.policyMapState.insert(key, entry)
+func (p *EndpointPolicy) Entries() iter.Seq2[Key, MapStateEntry] {
+	return func(yield func(Key, MapStateEntry) bool) {
+		p.policyMapState.ForEach(yield)
+	}
 }
 
-func (p *EndpointPolicy) DeleteMapState(key Key) {
-	// SelectorCache used as Identities interface which only has GetPrefix() that needs no lock
-	p.policyMapState.delete(key)
+func (p *EndpointPolicy) Equals(other MapStateMap) bool {
+	return p.policyMapState.Equals(other)
 }
 
-func (p *EndpointPolicy) RevertChanges(changes ChangeState) {
-	// SelectorCache used as Identities interface which only has GetPrefix() that needs no lock
-	p.policyMapState.revertChanges(changes)
+func (p *EndpointPolicy) Diff(expected MapStateMap) string {
+	return p.policyMapState.Diff(expected)
+}
+
+func (p *EndpointPolicy) Empty() bool {
+	return p.policyMapState.Empty()
+}
+
+// Updated returns an iterator for all key/entry pairs in 'p' that are either new or updated
+// compared to the entries in 'realized'.
+// Here 'realized' is another EndpointPolicy.
+// This can be used to figure out which entries need to be added to or updated in 'realised'.
+func (p *EndpointPolicy) Updated(realized *EndpointPolicy) iter.Seq2[Key, MapStateEntry] {
+	return func(yield func(Key, MapStateEntry) bool) {
+		p.policyMapState.ForEach(func(key Key, entry MapStateEntry) bool {
+			if oldEntry, ok := realized.policyMapState.Get(key); !ok || oldEntry != entry {
+				if !yield(key, entry) {
+					return false
+				}
+			}
+			return true
+		})
+	}
+}
+
+// Missing returns an iterator for all key/entry pairs in 'realized' that missing from 'p'.
+// Here 'realized' is another EndpointPolicy.
+// This can be used to figure out which entries in 'realised' need to be deleted.
+func (p *EndpointPolicy) Missing(realized *EndpointPolicy) iter.Seq2[Key, MapStateEntry] {
+	return func(yield func(Key, MapStateEntry) bool) {
+		realized.policyMapState.ForEach(func(key Key, entry MapStateEntry) bool {
+			// If key that is in realized state is not in desired state, just remove it.
+			if _, ok := p.policyMapState.Get(key); !ok {
+				if !yield(key, entry) {
+					return false
+				}
+			}
+			return true
+		})
+	}
+}
+
+// UpdatedMap returns an iterator for all key/entry pairs in 'p' that are either new or updated
+// compared to the entries in 'realized'.
+// Here 'realized' is MapStateMap.
+// This can be used to figure out which entries need to be added to or updated in 'realised'.
+func (p *EndpointPolicy) UpdatedMap(realized MapStateMap) iter.Seq2[Key, MapStateEntry] {
+	return func(yield func(Key, MapStateEntry) bool) {
+		p.policyMapState.ForEach(func(key Key, entry MapStateEntry) bool {
+			if oldEntry, ok := realized[key]; !ok || oldEntry != entry {
+				if !yield(key, entry) {
+					return false
+				}
+			}
+			return true
+		})
+	}
 }
 
-func (p *EndpointPolicy) AddVisibilityKeys(e PolicyOwner, redirectPort uint16, visMeta *VisibilityMetadata, changes ChangeState) {
+// Missing returns an iterator for all key/entry pairs in 'realized' that missing from 'p'.
+// Here 'realized' is MapStateMap.
+// This can be used to figure out which entries in 'realised' need to be deleted.
+func (p *EndpointPolicy) MissingMap(realized MapStateMap) iter.Seq2[Key, MapStateEntry] {
+	return func(yield func(Key, MapStateEntry) bool) {
+		for k, v := range realized {
+			// If key that is in realized state is not in desired state, just remove it.
+			if _, ok := p.policyMapState.Get(k); !ok {
+				if !yield(k, v) {
+					break
+				}
+			}
+		}
+	}
+}
+
+func (p *EndpointPolicy) RevertChanges(changes ChangeState) {
 	// SelectorCache used as Identities interface which only has GetPrefix() that needs no lock
-	p.policyMapState.addVisibilityKeys(e, redirectPort, visMeta, changes)
+	p.policyMapState.revertChanges(changes)
 }
 
 // toMapState transforms the EndpointPolicy.L4Policy into
@@ -251,43 +334,33 @@ func (p *EndpointPolicy) toMapState() {
 // but the Endpoint's build mutex is held.
 func (l4policy L4DirectionPolicy) toMapState(p *EndpointPolicy) {
 	l4policy.PortRules.ForEach(func(l4 *L4Filter) bool {
-		l4.toMapState(p, l4policy.features, p.PolicyOwner.GetRealizedRedirects(), ChangeState{})
+		l4.toMapState(p, l4policy.features, ChangeState{})
 		return true
 	})
 }
 
-// createRedirectsFunc returns 'nil' if map changes should not be applied immemdiately,
-// otherwise the returned map is to be used to find redirect ports for map updates.
-type createRedirectsFunc func(*L4Filter) map[string]uint16
-
-// UpdateRedirects updates redirects in the EndpointPolicy's PolicyMapState by using the provided
-// function to create redirects. Changes to 'p.PolicyMapState' are collected in
-// 'adds' and 'updated' so that they can be reverted when needed.
-func (p *EndpointPolicy) UpdateRedirects(ingress bool, createRedirects createRedirectsFunc, changes ChangeState) {
-	l4policy := &p.L4Policy.Ingress
-	if ingress {
-		l4policy = &p.L4Policy.Egress
+// RedirectFilters returns an iterator for each L4Filter with a redirect in the policy.
+func (p *selectorPolicy) RedirectFilters() iter.Seq2[*L4Filter, *PerSelectorPolicy] {
+	return func(yield func(*L4Filter, *PerSelectorPolicy) bool) {
+		if p.L4Policy.Ingress.forEachRedirectFilter(yield) {
+			p.L4Policy.Egress.forEachRedirectFilter(yield)
+		}
 	}
-
-	l4policy.updateRedirects(p, createRedirects, changes)
 }
 
-func (l4policy L4DirectionPolicy) updateRedirects(p *EndpointPolicy, createRedirects createRedirectsFunc, changes ChangeState) {
+func (l4policy L4DirectionPolicy) forEachRedirectFilter(yield func(*L4Filter, *PerSelectorPolicy) bool) bool {
+	ok := true
 	l4policy.PortRules.ForEach(func(l4 *L4Filter) bool {
 		if l4.IsRedirect() {
-			// Check if we are denying this specific L4 first regardless the L3, if there are any deny policies
-			if l4policy.features.contains(denyRules) && p.policyMapState.deniesL4(p.PolicyOwner, l4) {
-				return true
-			}
-
-			redirects := createRedirects(l4)
-			if redirects != nil {
-				// Set the proxy port in the policy map.
-				l4.toMapState(p, l4policy.features, redirects, changes)
+			for _, ps := range l4.PerSelectorPolicies {
+				if ps != nil && ps.IsRedirect() {
+					ok = yield(l4, ps)
+				}
 			}
 		}
-		return true
+		return ok
 	})
+	return ok
 }
 
 // ConsumeMapChanges transfers the changes from MapChanges to the caller.
@@ -305,8 +378,8 @@ func (p *EndpointPolicy) ConsumeMapChanges() (closer func(), changes ChangeState
 	closer = func() {}
 	if version.IsValid() {
 		var msg string
-		// update the version handle in p.VersionHandle so that any follow-on processing acts on the
-		// basis of the new version
+		// update the version handle in p.VersionHandle so that any follow-on processing
+		// acts on the basis of the new version
 		if p.VersionHandle.IsValid() {
 			p.VersionHandle.Close()
 			msg = "ConsumeMapChanges: updated valid version"
@@ -329,9 +402,9 @@ func (p *EndpointPolicy) ConsumeMapChanges() (closer func(), changes ChangeState
 }
 
 // NewEndpointPolicy returns an empty EndpointPolicy stub.
-func NewEndpointPolicy(repo *Repository) *EndpointPolicy {
+func NewEndpointPolicy(repo PolicyRepository) *EndpointPolicy {
 	return &EndpointPolicy{
 		selectorPolicy: newSelectorPolicy(repo.GetSelectorCache()),
-		policyMapState: NewMapState(),
+		policyMapState: newMapState(),
 	}
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/rule.go b/vendor/github.com/cilium/cilium/pkg/policy/rule.go
index 94b79cfe8e..cb83005882 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/rule.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/rule.go
@@ -335,7 +335,7 @@ func mergeIngressPortProto(policyCtx PolicyContext, ctx *SearchContext, endpoint
 		return 0, err
 	}
 
-	err = addL4Filter(policyCtx, ctx, resMap, p, proto, filterToMerge, ruleLabels)
+	err = addL4Filter(policyCtx, ctx, resMap, p, proto, filterToMerge)
 	if err != nil {
 		return 0, err
 	}
@@ -762,7 +762,7 @@ func mergeEgressPortProto(policyCtx PolicyContext, ctx *SearchContext, endpoints
 		return 0, err
 	}
 
-	err = addL4Filter(policyCtx, ctx, resMap, p, proto, filterToMerge, ruleLabels)
+	err = addL4Filter(policyCtx, ctx, resMap, p, proto, filterToMerge)
 	if err != nil {
 		return 0, err
 	}
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/selectorcache.go b/vendor/github.com/cilium/cilium/pkg/policy/selectorcache.go
index 758196f5e2..946edafa60 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/selectorcache.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/selectorcache.go
@@ -536,6 +536,8 @@ func (sc *SelectorCache) UpdateIdentities(added, deleted identity.IdentityMap, w
 
 	if updated {
 		// Launch a waiter that holds the new version as long as needed for users to have grabbed it
+		sc.queueNotifiedUsersCommit(txn, wg)
+
 		go func(version *versioned.VersionHandle) {
 			wg.Wait()
 			log.WithFields(logrus.Fields{
@@ -544,7 +546,6 @@ func (sc *SelectorCache) UpdateIdentities(added, deleted identity.IdentityMap, w
 			version.Close()
 		}(txn.GetVersionHandle())
 
-		sc.queueNotifiedUsersCommit(txn, wg)
 		txn.Commit()
 	}
 }
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/trigger.go b/vendor/github.com/cilium/cilium/pkg/policy/trigger.go
index 21615c1c6c..0b84674193 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/trigger.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/trigger.go
@@ -28,7 +28,7 @@ func (u *Updater) TriggerPolicyUpdates(force bool, reason string) {
 
 // NewUpdater returns a new Updater instance to handle triggering policy
 // updates ready for use.
-func NewUpdater(r *Repository, regen regenerator) *Updater {
+func NewUpdater(r PolicyRepository, regen regenerator) *Updater {
 	t, err := trigger.NewTrigger(trigger.Parameters{
 		Name:            "policy_update",
 		MetricsObserver: &TriggerMetrics{},
@@ -62,7 +62,7 @@ func NewUpdater(r *Repository, regen regenerator) *Updater {
 type Updater struct {
 	*trigger.Trigger
 
-	repo *Repository
+	repo PolicyRepository
 }
 
 type regenerator interface {
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/types/types.go b/vendor/github.com/cilium/cilium/pkg/policy/types/types.go
index c033761666..eae47b9420 100644
--- a/vendor/github.com/cilium/cilium/pkg/policy/types/types.go
+++ b/vendor/github.com/cilium/cilium/pkg/policy/types/types.go
@@ -132,6 +132,8 @@ func (k Key) WithIdentity(nid identity.NumericIdentity) Key {
 
 // TrafficDirection() returns the direction of the Key, 0 == ingress, 1 == egress
 func (k LPMKey) TrafficDirection() trafficdirection.TrafficDirection {
+	// Note that 0 and 1 are the only possible return values, the shift below reduces the byte
+	// to a single bit.
 	return trafficdirection.TrafficDirection(k.bits >> directionBitShift)
 }
 
@@ -140,6 +142,10 @@ func (k LPMKey) PortPrefixLen() uint8 {
 	return k.bits & ^directionBitMask
 }
 
+func (k LPMKey) HasPortWildcard() bool {
+	return k.bits & ^directionBitMask < 16
+}
+
 // String returns a string representation of the Key
 func (k Key) String() string {
 	dPort := strconv.FormatUint(uint64(k.DestPort), 10)
diff --git a/vendor/github.com/cilium/cilium/pkg/policy/visibility.go b/vendor/github.com/cilium/cilium/pkg/policy/visibility.go
deleted file mode 100644
index 8a8a72c911..0000000000
--- a/vendor/github.com/cilium/cilium/pkg/policy/visibility.go
+++ /dev/null
@@ -1,235 +0,0 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright Authors of Cilium
-
-package policy
-
-import (
-	"fmt"
-	"regexp"
-	"strconv"
-	"strings"
-
-	ciliumio "github.com/cilium/cilium/pkg/k8s/apis/cilium.io"
-	"github.com/cilium/cilium/pkg/labels"
-	"github.com/cilium/cilium/pkg/policy/api"
-	"github.com/cilium/cilium/pkg/u8proto"
-)
-
-var (
-	singleAnnotationRegex = "<(Ingress|Egress)/([1-9][0-9]{1,5})/(TCP|UDP|SCTP|ANY)/([A-Za-z]{3,32})>"
-	annotationRegex       = regexp.MustCompile(fmt.Sprintf(`^((%s)(,(%s))*)$`, singleAnnotationRegex, singleAnnotationRegex))
-)
-
-func validateL7ProtocolWithDirection(dir string, proto L7ParserType) error {
-	switch proto {
-	case ParserTypeHTTP:
-		return nil
-	case ParserTypeDNS:
-		if dir == "Egress" {
-			return nil
-		}
-	case ParserTypeKafka:
-		return nil
-	default:
-		return fmt.Errorf("unsupported parser type %s", proto)
-
-	}
-	return fmt.Errorf("%s not allowed with direction %s", proto, dir)
-}
-
-// NewVisibilityPolicy generates the VisibilityPolicy that is encoded in the
-// annotation parameter.
-// Returns an error:
-//   - if the annotation does not correspond to the expected
-//     format for a visibility annotation.
-//   - if there is a conflict between the state encoded in the annotation (e.g.,
-//     different L7 protocols for the same L4 port / protocol / traffic direction.
-func NewVisibilityPolicy(anno, namespace, pod string) (*VisibilityPolicy, error) {
-	if !annotationRegex.MatchString(anno) {
-		return nil, fmt.Errorf("annotation for proxy visibility did not match expected format %s", annotationRegex.String())
-	}
-
-	nvp := &VisibilityPolicy{
-		Ingress: make(DirectionalVisibilityPolicy),
-		Egress:  make(DirectionalVisibilityPolicy),
-	}
-
-	// TODO: look into using regex groups.
-	anSplit := strings.Split(anno, ",")
-	for i := range anSplit {
-		proxyAnnoSplit := strings.Split(anSplit[i], "/")
-		if len(proxyAnnoSplit) != 4 {
-			err := fmt.Errorf("invalid number of fields (%d) in annotation", len(proxyAnnoSplit))
-			return nil, err
-		}
-		// <Ingress|Egress --> Ingress|Egress
-		// Don't need to validate the content itself, regex already did that.
-		direction := proxyAnnoSplit[0][1:]
-		port := proxyAnnoSplit[1]
-
-		portInt, err := strconv.ParseUint(port, 10, 16)
-		if err != nil {
-			return nil, fmt.Errorf("unable to parse port: %w", err)
-		}
-
-		// Don't need to validate, regex already did that.
-		l4Proto := proxyAnnoSplit[2]
-		u8Prot, err := u8proto.ParseProtocol(l4Proto)
-		if err != nil {
-			return nil, fmt.Errorf("invalid L4 protocol %s", l4Proto)
-		}
-
-		// ANY equates to TCP and UDP in the datapath; the datapath itself does
-		// not support 'Any' protocol paired with a port at L4.
-		var protos []u8proto.U8proto
-		if u8Prot == u8proto.ANY {
-			protos = append(protos, u8proto.TCP)
-			protos = append(protos, u8proto.UDP)
-			protos = append(protos, u8proto.SCTP)
-		} else {
-			protos = append(protos, u8Prot)
-		}
-		// Remove trailing '>'.
-		l7Protocol := L7ParserType(strings.ToLower(proxyAnnoSplit[3][:len(proxyAnnoSplit[3])-1]))
-
-		if err := validateL7ProtocolWithDirection(direction, l7Protocol); err != nil {
-			return nil, err
-		}
-
-		var dvp DirectionalVisibilityPolicy
-		var ingress bool
-		if direction == "Ingress" {
-			dvp = nvp.Ingress
-			ingress = true
-		} else {
-			dvp = nvp.Egress
-			ingress = false
-		}
-
-		for _, prot := range protos {
-			pp := strconv.FormatUint(portInt, 10) + "/" + prot.String()
-			if res, ok := dvp[pp]; ok {
-				if res.Parser != l7Protocol {
-					return nil, fmt.Errorf("duplicate annotations with different L7 protocols %s and %s for %s", res.Parser, l7Protocol, pp)
-				}
-			}
-
-			l7Meta := generateL7AllowAllRules(l7Protocol, namespace, pod)
-
-			dvp[pp] = &VisibilityMetadata{
-				Parser:     l7Protocol,
-				Port:       uint16(portInt),
-				Proto:      prot,
-				Ingress:    ingress,
-				L7Metadata: l7Meta,
-			}
-		}
-	}
-
-	return nvp, nil
-}
-
-func generateL7AllowAllRules(parser L7ParserType, namespace, pod string) L7DataMap {
-	var m L7DataMap
-	switch parser {
-	case ParserTypeDNS:
-		m = L7DataMap{}
-		// Create an entry to explicitly allow all at L7 for DNS.
-		emptyL3Selector := &identitySelector{source: &labelIdentitySelector{selector: api.WildcardEndpointSelector}, key: wildcardSelectorKey}
-		emptyL3Selector.metadataLbls = labels.LabelArray{
-			labels.NewLabel(ciliumio.PolicyLabelDerivedFrom, "PodVisibilityAnnotation", labels.LabelSourceK8s),
-		}
-		if namespace != "" {
-			emptyL3Selector.metadataLbls = append(emptyL3Selector.metadataLbls, labels.NewLabel(ciliumio.PodNamespaceLabel, namespace, labels.LabelSourceK8s))
-		}
-		if pod != "" {
-			emptyL3Selector.metadataLbls = append(emptyL3Selector.metadataLbls, labels.NewLabel(ciliumio.PodNameLabel, pod, labels.LabelSourceK8s))
-		}
-
-		m[emptyL3Selector] = &PerSelectorPolicy{
-			L7Rules: api.L7Rules{
-				DNS: []api.PortRuleDNS{
-					{
-						MatchPattern: "*",
-					},
-				},
-			},
-		}
-	}
-	return m
-}
-
-// VisibilityMetadata encodes state about what type of traffic should be
-// redirected to an L7Proxy. Implements the ProxyPolicy interface.
-// TODO: an L4Filter could be composed of this type.
-type VisibilityMetadata struct {
-	// Parser represents the proxy to which traffic should be redirected.
-	Parser L7ParserType
-
-	// Port, in tandem with Proto, signifies which L4 port for which traffic
-	// should be redirected.
-	Port uint16
-
-	// Proto, in tandem with port, signifies which L4 protocol for which traffic
-	// should be redirected.
-	Proto u8proto.U8proto
-
-	// Ingress specifies whether ingress traffic at the given L4 port / protocol
-	// should be redirected to the proxy.
-	Ingress bool
-
-	// L7Metadata encodes optional information what is allowed at L7 for
-	// visibility. Some specific protocol parsers do not need this set for
-	// allowing of traffic (e.g., HTTP), but some do (e.g., DNS).
-	L7Metadata L7DataMap
-}
-
-// DirectionalVisibilityPolicy is a mapping of VisibilityMetadata keyed by
-// L4 Port / L4 Protocol (e.g., 80/TCP) for a given traffic direction (e.g.,
-// ingress or egress). This encodes at which L4 Port / L4 Protocol traffic
-// should be redirected to a given L7 proxy. An empty instance of this type
-// indicates that no traffic should be redirected.
-type DirectionalVisibilityPolicy map[string]*VisibilityMetadata
-
-// VisibilityPolicy represents for both ingress and egress which types of
-// traffic should be redirected to a given L7 proxy.
-type VisibilityPolicy struct {
-	Ingress DirectionalVisibilityPolicy
-	Egress  DirectionalVisibilityPolicy
-	Error   error
-}
-
-// CopyL7RulesPerEndpoint returns a shallow copy of the L7Metadata of the
-// L4Filter.
-func (v *VisibilityMetadata) CopyL7RulesPerEndpoint() L7DataMap {
-	if v.L7Metadata != nil {
-		return v.L7Metadata.ShallowCopy()
-	}
-	return nil
-}
-
-// GetL7Parser returns the L7ParserType for this VisibilityMetadata.
-func (v *VisibilityMetadata) GetL7Parser() L7ParserType {
-	return v.Parser
-}
-
-// GetIngress returns whether the VisibilityMetadata applies at ingress or
-// egress.
-func (v *VisibilityMetadata) GetIngress() bool {
-	return v.Ingress
-}
-
-// GetPort returns at which port the VisibilityMetadata applies.
-func (v *VisibilityMetadata) GetPort() uint16 {
-	return v.Port
-}
-
-// GetProtocol returns the protocol where the VisibilityMetadata applies.
-func (v *VisibilityMetadata) GetProtocol() u8proto.U8proto {
-	return v.Proto
-}
-
-// GetListener returns the optional listener name.
-func (l4 *VisibilityMetadata) GetListener() string {
-	return ""
-}
diff --git a/vendor/github.com/cilium/cilium/pkg/resiliency/error.go b/vendor/github.com/cilium/cilium/pkg/resiliency/error.go
new file mode 100644
index 0000000000..cd348fc00e
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/resiliency/error.go
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package resiliency
+
+// retryableErr tracks errors that could be retried.
+type retryableErr struct {
+	error
+}
+
+// Retryable returns a new instance.
+func Retryable(e error) retryableErr {
+	return retryableErr{error: e}
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/resiliency/errorset.go b/vendor/github.com/cilium/cilium/pkg/resiliency/errorset.go
new file mode 100644
index 0000000000..9ac59e72d2
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/resiliency/errorset.go
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package resiliency
+
+import (
+	"errors"
+	"fmt"
+)
+
+type tuple struct {
+	index int
+	err   error
+}
+
+// ErrorSet tracks a collection of unique errors.
+type ErrorSet struct {
+	total, failed int
+	msg           string
+	errs          map[string]tuple
+}
+
+// NewErrorSet returns a new instance.
+func NewErrorSet(msg string, c int) *ErrorSet {
+	return &ErrorSet{
+		msg:   msg,
+		total: c,
+		errs:  make(map[string]tuple),
+	}
+}
+
+// Add adds one or more errors to the set.
+func (e *ErrorSet) Add(errs ...error) {
+	for _, err := range errs {
+		if err == nil {
+			continue
+		}
+		if _, ok := e.errs[err.Error()]; ok {
+			continue
+		}
+		e.errs[err.Error()] = tuple{index: e.failed, err: err}
+		e.failed++
+	}
+}
+
+// Error returns a list of unique errors or nil.
+func (e *ErrorSet) Errors() []error {
+	if len(e.errs) == 0 {
+		return nil
+	}
+	errs := make([]error, len(e.errs)+1)
+	errs[0] = fmt.Errorf("%s (%d/%d) failed", e.msg, e.failed, e.total)
+	for _, t := range e.errs {
+		errs[t.index+1] = t.err
+	}
+
+	return errs
+}
+
+// Error returns a new composite error or nil.
+func (e *ErrorSet) Error() error {
+	return errors.Join(e.Errors()...)
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/resiliency/helpers.go b/vendor/github.com/cilium/cilium/pkg/resiliency/helpers.go
new file mode 100644
index 0000000000..0cd5d9cb8a
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/resiliency/helpers.go
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package resiliency
+
+import (
+	"context"
+	"time"
+
+	"k8s.io/apimachinery/pkg/util/wait"
+)
+
+// RetryFunc tracks resiliency retry calls.
+type RetryFunc func(ctx context.Context, retries int) (bool, error)
+
+// Retry retries the provided call using exponential retries given an initial duration for up to max retries count.
+func Retry(ctx context.Context, duration time.Duration, maxRetries int, fn RetryFunc) error {
+	bo := wait.Backoff{
+		Duration: duration,
+		Factor:   1,
+		Jitter:   0.1,
+		Steps:    maxRetries,
+	}
+
+	var retries int
+	f := func(ctx context.Context) (bool, error) {
+		retries++
+		return fn(ctx, retries)
+	}
+
+	return wait.ExponentialBackoffWithContext(ctx, bo, f)
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/resiliency/retry.go b/vendor/github.com/cilium/cilium/pkg/resiliency/retry.go
new file mode 100644
index 0000000000..a6f1bc6344
--- /dev/null
+++ b/vendor/github.com/cilium/cilium/pkg/resiliency/retry.go
@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package resiliency
+
+import (
+	"errors"
+)
+
+// IsRetryable checks if an error can be retried.
+func IsRetryable(e error) bool {
+	return errors.As(e, new(retryableErr))
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/slices/slices.go b/vendor/github.com/cilium/cilium/pkg/slices/slices.go
index 7cd2e860e4..9e81fb9551 100644
--- a/vendor/github.com/cilium/cilium/pkg/slices/slices.go
+++ b/vendor/github.com/cilium/cilium/pkg/slices/slices.go
@@ -84,24 +84,6 @@ func SortedUnique[S ~[]T, T cmp.Ordered](s S) S {
 	return slices.Compact(s)
 }
 
-// SortedUniqueFunc is like SortedUnique but allows the user to specify custom functions
-// for ordering (less function) and comparing (eq function) the elements in the slice.
-// This is useful in all the cases where SortedUnique cannot be used:
-// - for types that do not satisfy constraints.Ordered (e.g: composite types)
-// - when the user wants to customize how elements are compared (e.g: user wants to enforce reverse ordering)
-func SortedUniqueFunc[S ~[]T, T any](
-	s S,
-	less func(a, b T) int,
-	eq func(a, b T) bool,
-) S {
-	if len(s) < 2 {
-		return s
-	}
-
-	slices.SortFunc(s, less)
-	return slices.CompactFunc(s, eq)
-}
-
 // Diff returns a slice of elements which is the difference of a and b.
 // The returned slice keeps the elements in the same order found in the "a" slice.
 // Both input slices are considered as sets, that is, all elements are considered as
@@ -149,3 +131,15 @@ func XorNil[T any](s1, s2 []T) bool {
 	return s1 == nil && s2 != nil ||
 		s1 != nil && s2 == nil
 }
+
+// AllMatch returns true if pred is true for each element in s, false otherwise.
+// May not evaluate on all elements if not necessary for determining the result.
+// If the slice is empty then true is returned and predicate is not evaluated.
+func AllMatch[T any](s []T, pred func(v T) bool) bool {
+	for _, v := range s {
+		if !pred(v) {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/github.com/cilium/cilium/pkg/trigger/trigger.go b/vendor/github.com/cilium/cilium/pkg/trigger/trigger.go
index 7afae25872..48c89e9ad0 100644
--- a/vendor/github.com/cilium/cilium/pkg/trigger/trigger.go
+++ b/vendor/github.com/cilium/cilium/pkg/trigger/trigger.go
@@ -6,7 +6,6 @@ package trigger
 import (
 	"fmt"
 
-	"github.com/cilium/cilium/pkg/inctimer"
 	"github.com/cilium/cilium/pkg/lock"
 	"github.com/cilium/cilium/pkg/time"
 )
@@ -173,8 +172,9 @@ func (t *Trigger) Shutdown() {
 }
 
 func (t *Trigger) waiter() {
-	sleepTimer, sleepTimerDone := inctimer.New()
-	defer sleepTimerDone()
+	tk := time.NewTicker(t.params.sleepInterval)
+	defer tk.Stop()
+
 	for {
 		// keep critical section as small as possible
 		t.mutex.Lock()
@@ -208,8 +208,7 @@ func (t *Trigger) waiter() {
 
 		select {
 		case <-t.wakeupChan:
-		case <-sleepTimer.After(t.params.sleepInterval):
-
+		case <-tk.C:
 		case <-t.closeChan:
 			shutdownFunc := t.params.ShutdownFunc
 			if shutdownFunc != nil {
diff --git a/vendor/github.com/cilium/hive/cell/lifecycle.go b/vendor/github.com/cilium/hive/cell/lifecycle.go
index cbe41eebd9..a41f75ee2c 100644
--- a/vendor/github.com/cilium/hive/cell/lifecycle.go
+++ b/vendor/github.com/cilium/hive/cell/lifecycle.go
@@ -75,6 +75,19 @@ type augmentedHook struct {
 	moduleID FullModuleID
 }
 
+func NewDefaultLifecycle(hooks []HookInterface, numStarted int, logThreshold time.Duration) *DefaultLifecycle {
+	h := make([]augmentedHook, 0, len(hooks))
+	for _, hook := range hooks {
+		h = append(h, augmentedHook{hook, nil})
+	}
+	return &DefaultLifecycle{
+		mu:           sync.Mutex{},
+		hooks:        h,
+		numStarted:   numStarted,
+		LogThreshold: logThreshold,
+	}
+}
+
 func (lc *DefaultLifecycle) Append(hook HookInterface) {
 	lc.mu.Lock()
 	defer lc.mu.Unlock()
@@ -92,7 +105,7 @@ func (lc *DefaultLifecycle) Start(log *slog.Logger, ctx context.Context) error {
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
 
-	for _, hook := range lc.hooks {
+	for i, hook := range lc.hooks {
 		fnName, exists := getHookFuncName(hook, true)
 
 		if !exists {
@@ -102,6 +115,13 @@ func (lc *DefaultLifecycle) Start(log *slog.Logger, ctx context.Context) error {
 		}
 
 		l := log.With("function", fnName)
+
+		// Do not attempt to start already started hooks.
+		if i < lc.numStarted {
+			l.Error("Hook appears to be running. Skipping")
+			continue
+		}
+
 		l.Debug("Executing start hook")
 		t0 := time.Now()
 		if err := hook.Start(ctx); err != nil {
diff --git a/vendor/github.com/cilium/hive/cell/simple_health.go b/vendor/github.com/cilium/hive/cell/simple_health.go
index 49806c1540..60da0ef46d 100644
--- a/vendor/github.com/cilium/hive/cell/simple_health.go
+++ b/vendor/github.com/cilium/hive/cell/simple_health.go
@@ -1,7 +1,15 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
 package cell
 
 import (
+	"fmt"
+	"regexp"
 	"sync"
+	"time"
+
+	"github.com/cilium/hive/script"
 )
 
 type simpleHealthRoot struct {
@@ -87,6 +95,57 @@ func NewSimpleHealth() (Health, *SimpleHealth) {
 	return h, h
 }
 
+// SimpleHealthCmd for showing or checking the simple module health state.
+// Not provided as hive.ScriptCmdOut due to cyclic import issues. To include
+// provide with: hive.ScriptCmdOut("health", SimpleHealthCmd(simpleHealth)))
+//
+// Example:
+//
+//	# show health
+//	health
+//
+//	# grep health
+//	health 'my-module: level=OK'
+func SimpleHealthCmd(h *SimpleHealth) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "Show or grep simple health",
+			Args:    "(pattern)",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			var re *regexp.Regexp
+			if len(args) == 1 {
+				re = regexp.MustCompile(args[0])
+			}
+			for s.Context().Err() == nil {
+				h.Lock()
+				for name, h := range h.all {
+					var errStr string
+					if h.Error != nil {
+						errStr = h.Error.Error()
+					}
+					line := fmt.Sprintf("%s: level=%s message=%s error=%s", name, h.Level, h.Status, errStr)
+					if re != nil {
+						if re.Match([]byte(line)) {
+							h.Unlock()
+							s.Logf("matched: %s\n", line)
+							return nil, nil
+						}
+					} else {
+						fmt.Fprintln(s.LogWriter(), line)
+					}
+				}
+				h.Unlock()
+				if re == nil {
+					return nil, nil
+				}
+				time.Sleep(10 * time.Millisecond)
+			}
+			return nil, fmt.Errorf("no match for %s", re)
+		},
+	)
+}
+
 var _ Health = &SimpleHealth{}
 
 var SimpleHealthCell = Provide(NewSimpleHealth)
diff --git a/vendor/github.com/cilium/hive/hive.go b/vendor/github.com/cilium/hive/hive.go
index 34e17b600b..4dd80d6afa 100644
--- a/vendor/github.com/cilium/hive/hive.go
+++ b/vendor/github.com/cilium/hive/hive.go
@@ -20,6 +20,7 @@ import (
 	"go.uber.org/dig"
 
 	"github.com/cilium/hive/cell"
+	"github.com/cilium/hive/script"
 )
 
 type Options struct {
@@ -421,3 +422,19 @@ func (h *Hive) getEnvName(option string) string {
 	upper := strings.ToUpper(under)
 	return h.opts.EnvPrefix + upper
 }
+
+func (h *Hive) ScriptCommands(log *slog.Logger) (map[string]script.Cmd, error) {
+	if err := h.Populate(log); err != nil {
+		return nil, fmt.Errorf("failed to populate object graph: %s", err)
+	}
+	m := map[string]script.Cmd{}
+	m["hive"] = hiveScriptCmd(h, log)
+
+	// Gather the commands from the hive.
+	h.container.Invoke(func(sc ScriptCmds) {
+		for name, cmd := range sc.Map() {
+			m[name] = cmd
+		}
+	})
+	return m, nil
+}
diff --git a/vendor/github.com/cilium/hive/script.go b/vendor/github.com/cilium/hive/script.go
new file mode 100644
index 0000000000..72d1e782a5
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script.go
@@ -0,0 +1,164 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package hive
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"log/slog"
+	"os"
+	"os/signal"
+	"time"
+
+	"github.com/cilium/hive/cell"
+	"github.com/cilium/hive/script"
+	"golang.org/x/term"
+)
+
+func NewScriptCmd(name string, cmd script.Cmd) ScriptCmdOut {
+	return ScriptCmdOut{ScriptCmd: ScriptCmd{name, cmd}}
+}
+
+func NewScriptCmds(cmds map[string]script.Cmd) (out ScriptCmdsOut) {
+	out.ScriptCmds = make([]ScriptCmd, 0, len(cmds))
+	for name, cmd := range cmds {
+		out.ScriptCmds = append(out.ScriptCmds, ScriptCmd{name, cmd})
+	}
+	return out
+}
+
+type ScriptCmd struct {
+	Name string
+	Cmd  script.Cmd
+}
+
+type ScriptCmds struct {
+	cell.In
+
+	ScriptCmds []ScriptCmd `group:"script-commands"`
+}
+
+func (sc ScriptCmds) Map() map[string]script.Cmd {
+	m := make(map[string]script.Cmd, len(sc.ScriptCmds))
+	for _, c := range sc.ScriptCmds {
+		m[c.Name] = c.Cmd
+	}
+	return m
+}
+
+type ScriptCmdOut struct {
+	cell.Out
+
+	ScriptCmd ScriptCmd `group:"script-commands"`
+}
+
+type ScriptCmdsOut struct {
+	cell.Out
+
+	ScriptCmds []ScriptCmd `group:"script-commands,flatten"`
+}
+
+func hiveScriptCmd(h *Hive, log *slog.Logger) script.Cmd {
+	const defaultTimeout = time.Minute
+	return script.Command(
+		script.CmdUsage{
+			Summary: "manipulate the hive",
+			Args:    "cmd args...",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			if len(args) < 1 {
+				return nil, fmt.Errorf("hive cmd args...\n'cmd' is one of: start, stop, jobs")
+			}
+			switch args[0] {
+			case "start":
+				ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
+				defer cancel()
+				return nil, h.Start(log, ctx)
+			case "stop":
+				ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
+				defer cancel()
+				return nil, h.Stop(log, ctx)
+			}
+			return nil, fmt.Errorf("unknown hive command %q, expected one of: start, stop, jobs", args[0])
+		},
+	)
+}
+
+func RunRepl(h *Hive, in *os.File, out *os.File, prompt string) {
+	// Try to set the input into raw mode.
+	restore, err := script.MakeRaw(int(in.Fd()))
+	defer restore()
+
+	inout := struct {
+		io.Reader
+		io.Writer
+	}{in, out}
+	term := term.NewTerminal(inout, prompt)
+	log := slog.New(slog.NewTextHandler(term, nil))
+
+	cmds, err := h.ScriptCommands(log)
+	if err != nil {
+		log.Error("ScriptCommands()", "error", err)
+		return
+	}
+	for name, cmd := range script.DefaultCmds() {
+		cmds[name] = cmd
+	}
+
+	e := script.Engine{
+		Cmds:  cmds,
+		Conds: nil,
+	}
+
+	stop := make(chan struct{})
+	defer close(stop)
+
+	sigs := make(chan os.Signal, 1)
+	defer signal.Stop(sigs)
+	signal.Notify(sigs, os.Interrupt)
+
+	newState := func() *script.State {
+		ctx, cancel := context.WithCancel(context.Background())
+		s, err := script.NewState(ctx, "/tmp", nil)
+		if err != nil {
+			panic(err)
+		}
+		go func() {
+			select {
+			case <-stop:
+				cancel()
+			case <-sigs:
+				cancel()
+			}
+		}()
+		return s
+	}
+
+	s := newState()
+
+	for {
+		line, err := term.ReadLine()
+		if err != nil {
+			if errors.Is(err, io.EOF) {
+				return
+			} else {
+				panic(err)
+			}
+		}
+
+		err = e.ExecuteLine(s, line, term)
+		if err != nil {
+			fmt.Fprintln(term, err.Error())
+		}
+
+		if s.Context().Err() != nil {
+			// Context was cancelled due to interrupt. Re-create the state
+			// to run more commands.
+			s = newState()
+			fmt.Fprintln(term, "^C (interrupted)")
+		}
+	}
+}
diff --git a/vendor/github.com/cilium/hive/script/LICENSE b/vendor/github.com/cilium/hive/script/LICENSE
new file mode 100644
index 0000000000..6a66aea5ea
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/cilium/hive/script/README.md b/vendor/github.com/cilium/hive/script/README.md
new file mode 100644
index 0000000000..6b6da3a3fa
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/README.md
@@ -0,0 +1,4 @@
+This is a fork of rsc.io/script (v0.0.2). It mostly adds support for interactive use to it.
+
+The makeraw* files are adapted from term_unix.go etc. files from x/term to enable interrupts.
+
diff --git a/vendor/github.com/cilium/hive/script/README.md.original b/vendor/github.com/cilium/hive/script/README.md.original
new file mode 100644
index 0000000000..0716f680e3
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/README.md.original
@@ -0,0 +1,11 @@
+This is a copy of cmd/go/internal/script.
+
+See <https://pkg.go.dev/rsc.io/script> and <https://pkg.go.dev/rsc.io/script/scripttest>.
+Posting it here makes it available for others to try
+without us committing to officially supporting it.
+We have been using it in the go command for many years now;
+the code is quite stable.
+Ironically, it has very few tests.
+
+<https://github.com/rogpeppe/go-internal/testscript> is a port
+of an earlier version of the go command script language.
diff --git a/vendor/github.com/cilium/hive/script/cmds.go b/vendor/github.com/cilium/hive/script/cmds.go
new file mode 100644
index 0000000000..acea4128bf
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/cmds.go
@@ -0,0 +1,1167 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package script
+
+import (
+	"errors"
+	"fmt"
+	"io/fs"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/cilium/hive/script/internal/diff"
+	"golang.org/x/term"
+)
+
+// DefaultCmds returns a set of broadly useful script commands.
+//
+// Run the 'help' command within a script engine to view a list of the available
+// commands.
+func DefaultCmds() map[string]Cmd {
+	return map[string]Cmd{
+		"cat":     Cat(),
+		"cd":      Cd(),
+		"chmod":   Chmod(),
+		"cmp":     Cmp(),
+		"cmpenv":  Cmpenv(),
+		"cp":      Cp(),
+		"echo":    Echo(),
+		"env":     Env(),
+		"exec":    Exec(func(cmd *exec.Cmd) error { return cmd.Process.Signal(os.Interrupt) }, 100*time.Millisecond), // arbitrary grace period
+		"exists":  Exists(),
+		"grep":    Grep(),
+		"help":    Help(),
+		"mkdir":   Mkdir(),
+		"mv":      Mv(),
+		"rm":      Rm(),
+		"replace": Replace(),
+		"sleep":   Sleep(),
+		"stderr":  Stderr(),
+		"stdout":  Stdout(),
+		"stop":    Stop(),
+		"symlink": Symlink(),
+		"wait":    Wait(),
+		"break":   Break(),
+	}
+}
+
+// Command returns a new Cmd with a Usage method that returns a copy of the
+// given CmdUsage and a Run method calls the given function.
+func Command(usage CmdUsage, run func(*State, ...string) (WaitFunc, error)) Cmd {
+	return &funcCmd{
+		usage: usage,
+		run:   run,
+	}
+}
+
+// A funcCmd implements Cmd using a function value.
+type funcCmd struct {
+	usage CmdUsage
+	run   func(*State, ...string) (WaitFunc, error)
+}
+
+func (c *funcCmd) Run(s *State, args ...string) (WaitFunc, error) {
+	return c.run(s, args...)
+}
+
+func (c *funcCmd) Usage() *CmdUsage { return &c.usage }
+
+// firstNonFlag returns a slice containing the index of the first argument in
+// rawArgs that is not a flag, or nil if all arguments are flags.
+func firstNonFlag(rawArgs ...string) []int {
+	for i, arg := range rawArgs {
+		if !strings.HasPrefix(arg, "-") {
+			return []int{i}
+		}
+		if arg == "--" {
+			return []int{i + 1}
+		}
+	}
+	return nil
+}
+
+// Cat writes the concatenated contents of the named file(s) to the script's
+// stdout buffer.
+func Cat() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "concatenate files and print to the script's stdout buffer",
+			Args:    "files...",
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) == 0 {
+				return nil, ErrUsage
+			}
+
+			paths := make([]string, 0, len(args))
+			for _, arg := range args {
+				paths = append(paths, s.Path(arg))
+			}
+
+			var buf strings.Builder
+			errc := make(chan error, 1)
+			go func() {
+				for _, p := range paths {
+					b, err := os.ReadFile(p)
+					buf.Write(b)
+					if err != nil {
+						errc <- err
+						return
+					}
+				}
+				errc <- nil
+			}()
+
+			wait := func(*State) (stdout, stderr string, err error) {
+				err = <-errc
+				return buf.String(), "", err
+			}
+			return wait, nil
+		})
+}
+
+// Cd changes the current working directory.
+func Cd() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "change the working directory",
+			Args:    "dir",
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) != 1 {
+				return nil, ErrUsage
+			}
+			return nil, s.Chdir(args[0])
+		})
+}
+
+// Chmod changes the permissions of a file or a directory..
+func Chmod() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "change file mode bits",
+			Args:    "perm paths...",
+			Detail: []string{
+				"Changes the permissions of the named files or directories to be equal to perm.",
+				"Only numerical permissions are supported.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) < 2 {
+				return nil, ErrUsage
+			}
+
+			perm, err := strconv.ParseUint(args[0], 0, 32)
+			if err != nil || perm&uint64(fs.ModePerm) != perm {
+				return nil, fmt.Errorf("invalid mode: %s", args[0])
+			}
+
+			for _, arg := range args[1:] {
+				err := os.Chmod(s.Path(arg), fs.FileMode(perm))
+				if err != nil {
+					return nil, err
+				}
+			}
+			return nil, nil
+		})
+}
+
+// Cmp compares the contents of two files, or the contents of either the
+// "stdout" or "stderr" buffer and a file, returning a non-nil error if the
+// contents differ.
+func Cmp() Cmd {
+	return Command(
+		CmdUsage{
+			Args:    "[-q] file1 file2",
+			Summary: "compare files for differences",
+			Detail: []string{
+				"By convention, file1 is the actual data and file2 is the expected data.",
+				"The command succeeds if the file contents are identical.",
+				"File1 can be 'stdout' or 'stderr' to compare the stdout or stderr buffer from the most recent command.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			return nil, doCompare(s, false, args...)
+		})
+}
+
+// Cmpenv is like Compare, but also performs environment substitutions
+// on the contents of both arguments.
+func Cmpenv() Cmd {
+	return Command(
+		CmdUsage{
+			Args:    "[-q] file1 file2",
+			Summary: "compare files for differences, with environment expansion",
+			Detail: []string{
+				"By convention, file1 is the actual data and file2 is the expected data.",
+				"The command succeeds if the file contents are identical after substituting variables from the script environment.",
+				"File1 can be 'stdout' or 'stderr' to compare the script's stdout or stderr buffer.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			return nil, doCompare(s, true, args...)
+		})
+}
+
+func doCompare(s *State, env bool, args ...string) error {
+	quiet := false
+	if len(args) > 0 && args[0] == "-q" {
+		quiet = true
+		args = args[1:]
+	}
+	if len(args) != 2 {
+		return ErrUsage
+	}
+
+	name1, name2 := args[0], args[1]
+	var text1, text2 string
+	switch name1 {
+	case "stdout":
+		text1 = s.Stdout()
+	case "stderr":
+		text1 = s.Stderr()
+	default:
+		data, err := os.ReadFile(s.Path(name1))
+		if err != nil {
+			return err
+		}
+		text1 = string(data)
+	}
+
+	data, err := os.ReadFile(s.Path(name2))
+	if err != nil {
+		return err
+	}
+	text2 = string(data)
+
+	if env {
+		text1 = s.ExpandEnv(text1, false)
+		text2 = s.ExpandEnv(text2, false)
+	}
+
+	if text1 != text2 {
+		if !quiet {
+			diffText := diff.Diff(name1, []byte(text1), name2, []byte(text2))
+			s.Logf("%s\n", diffText)
+		}
+		return fmt.Errorf("%s and %s differ", name1, name2)
+	}
+	return nil
+}
+
+// Cp copies one or more files to a new location.
+func Cp() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "copy files to a target file or directory",
+			Args:    "src... dst",
+			Detail: []string{
+				"src can include 'stdout' or 'stderr' to copy from the script's stdout or stderr buffer.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) < 2 {
+				return nil, ErrUsage
+			}
+
+			dst := s.Path(args[len(args)-1])
+			info, err := os.Stat(dst)
+			dstDir := err == nil && info.IsDir()
+			if len(args) > 2 && !dstDir {
+				return nil, &fs.PathError{Op: "cp", Path: dst, Err: errors.New("destination is not a directory")}
+			}
+
+			for _, arg := range args[:len(args)-1] {
+				var (
+					src  string
+					data []byte
+					mode fs.FileMode
+				)
+				switch arg {
+				case "stdout":
+					src = arg
+					data = []byte(s.Stdout())
+					mode = 0666
+				case "stderr":
+					src = arg
+					data = []byte(s.Stderr())
+					mode = 0666
+				default:
+					src = s.Path(arg)
+					info, err := os.Stat(src)
+					if err != nil {
+						return nil, err
+					}
+					mode = info.Mode() & 0777
+					data, err = os.ReadFile(src)
+					if err != nil {
+						return nil, err
+					}
+				}
+				targ := dst
+				if dstDir {
+					targ = filepath.Join(dst, filepath.Base(src))
+				}
+				err := os.WriteFile(targ, data, mode)
+				if err != nil {
+					return nil, err
+				}
+			}
+
+			return nil, nil
+		})
+}
+
+// Echo writes its arguments to stdout, followed by a newline.
+func Echo() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "display a line of text",
+			Args:    "string...",
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			var buf strings.Builder
+			for i, arg := range args {
+				if i > 0 {
+					buf.WriteString(" ")
+				}
+				buf.WriteString(arg)
+			}
+			buf.WriteString("\n")
+			out := buf.String()
+
+			// Stuff the result into a callback to satisfy the OutputCommandFunc
+			// interface, even though it isn't really asynchronous even if run in the
+			// background.
+			//
+			// Nobody should be running 'echo' as a background command, but it's not worth
+			// defining yet another interface, and also doesn't seem worth shoehorning
+			// into a SimpleCommand the way we did with Wait.
+			return func(*State) (stdout, stderr string, err error) {
+				return out, "", nil
+			}, nil
+		})
+}
+
+// Env sets or logs the values of environment variables.
+//
+// With no arguments, Env reports all variables in the environment.
+// "key=value" arguments set variables, and arguments without "="
+// cause the corresponding value to be printed to the stdout buffer.
+func Env() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "set or log the values of environment variables",
+			Args:    "[key[=value]...]",
+			Detail: []string{
+				"With no arguments, print the script environment to the log.",
+				"Otherwise, add the listed key=value pairs to the environment or print the listed keys.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			out := new(strings.Builder)
+			if len(args) == 0 {
+				for _, kv := range s.env {
+					fmt.Fprintf(out, "%s\n", kv)
+				}
+			} else {
+				for _, env := range args {
+					i := strings.Index(env, "=")
+					if i < 0 {
+						// Display value instead of setting it.
+						fmt.Fprintf(out, "%s=%s\n", env, s.envMap[env])
+						continue
+					}
+					if err := s.Setenv(env[:i], env[i+1:]); err != nil {
+						return nil, err
+					}
+				}
+			}
+			var wait WaitFunc
+			if out.Len() > 0 || len(args) == 0 {
+				wait = func(*State) (stdout, stderr string, err error) {
+					return out.String(), "", nil
+				}
+			}
+			return wait, nil
+		})
+}
+
+// Exec runs an arbitrary executable as a subprocess.
+//
+// When the Script's context is canceled, Exec sends the interrupt signal, then
+// waits for up to the given delay for the subprocess to flush output before
+// terminating it with os.Kill.
+func Exec(cancel func(*exec.Cmd) error, waitDelay time.Duration) Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "run an executable program with arguments",
+			Args:    "program [args...]",
+			Detail: []string{
+				"Note that 'exec' does not terminate the script (unlike Unix shells).",
+			},
+			Async: true,
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) < 1 {
+				return nil, ErrUsage
+			}
+
+			// Use the script's PATH to look up the command (if it does not contain a separator)
+			// instead of the test process's PATH (see lookPath).
+			// Don't use filepath.Clean, since that changes "./foo" to "foo".
+			name := filepath.FromSlash(args[0])
+			path := name
+			if !strings.Contains(name, string(filepath.Separator)) {
+				var err error
+				path, err = lookPath(s, name)
+				if err != nil {
+					return nil, err
+				}
+			}
+
+			return startCommand(s, name, path, args[1:], cancel, waitDelay)
+		})
+}
+
+func startCommand(s *State, name, path string, args []string, cancel func(*exec.Cmd) error, waitDelay time.Duration) (WaitFunc, error) {
+	var (
+		cmd                  *exec.Cmd
+		stdoutBuf, stderrBuf strings.Builder
+	)
+	for {
+		cmd = exec.CommandContext(s.Context(), path, args...)
+		if cancel == nil {
+			cmd.Cancel = nil
+		} else {
+			cmd.Cancel = func() error { return cancel(cmd) }
+		}
+		cmd.WaitDelay = waitDelay
+		cmd.Args[0] = name
+		cmd.Dir = s.Getwd()
+		cmd.Env = s.env
+		cmd.Stdout = &stdoutBuf
+		cmd.Stderr = &stderrBuf
+		err := cmd.Start()
+		if err == nil {
+			break
+		}
+		if isETXTBSY(err) {
+			// If the script (or its host process) just wrote the executable we're
+			// trying to run, a fork+exec in another thread may be holding open the FD
+			// that we used to write the executable (see https://go.dev/issue/22315).
+			// Since the descriptor should have CLOEXEC set, the problem should
+			// resolve as soon as the forked child reaches its exec call.
+			// Keep retrying until that happens.
+		} else {
+			return nil, err
+		}
+	}
+
+	wait := func(s *State) (stdout, stderr string, err error) {
+		err = cmd.Wait()
+		return stdoutBuf.String(), stderrBuf.String(), err
+	}
+	return wait, nil
+}
+
+// lookPath is (roughly) like exec.LookPath, but it uses the script's current
+// PATH to find the executable.
+func lookPath(s *State, command string) (string, error) {
+	var strEqual func(string, string) bool
+	if runtime.GOOS == "windows" || runtime.GOOS == "darwin" {
+		// Using GOOS as a proxy for case-insensitive file system.
+		// TODO(bcmills): Remove this assumption.
+		strEqual = strings.EqualFold
+	} else {
+		strEqual = func(a, b string) bool { return a == b }
+	}
+
+	var pathExt []string
+	var searchExt bool
+	var isExecutable func(os.FileInfo) bool
+	if runtime.GOOS == "windows" {
+		// Use the test process's PathExt instead of the script's.
+		// If PathExt is set in the command's environment, cmd.Start fails with
+		// "parameter is invalid". Not sure why.
+		// If the command already has an extension in PathExt (like "cmd.exe")
+		// don't search for other extensions (not "cmd.bat.exe").
+		pathExt = strings.Split(os.Getenv("PathExt"), string(filepath.ListSeparator))
+		searchExt = true
+		cmdExt := filepath.Ext(command)
+		for _, ext := range pathExt {
+			if strEqual(cmdExt, ext) {
+				searchExt = false
+				break
+			}
+		}
+		isExecutable = func(fi os.FileInfo) bool {
+			return fi.Mode().IsRegular()
+		}
+	} else {
+		isExecutable = func(fi os.FileInfo) bool {
+			return fi.Mode().IsRegular() && fi.Mode().Perm()&0111 != 0
+		}
+	}
+
+	pathEnv, _ := s.LookupEnv(pathEnvName())
+	for _, dir := range strings.Split(pathEnv, string(filepath.ListSeparator)) {
+		if dir == "" {
+			continue
+		}
+
+		// Determine whether dir needs a trailing path separator.
+		// Note: we avoid filepath.Join in this function because it cleans the
+		// result: we want to preserve the exact dir prefix from the environment.
+		sep := string(filepath.Separator)
+		if os.IsPathSeparator(dir[len(dir)-1]) {
+			sep = ""
+		}
+
+		if searchExt {
+			ents, err := os.ReadDir(dir)
+			if err != nil {
+				continue
+			}
+			for _, ent := range ents {
+				for _, ext := range pathExt {
+					if !ent.IsDir() && strEqual(ent.Name(), command+ext) {
+						return dir + sep + ent.Name(), nil
+					}
+				}
+			}
+		} else {
+			path := dir + sep + command
+			if fi, err := os.Stat(path); err == nil && isExecutable(fi) {
+				return path, nil
+			}
+		}
+	}
+	return "", &exec.Error{Name: command, Err: exec.ErrNotFound}
+}
+
+// pathEnvName returns the platform-specific variable used by os/exec.LookPath
+// to look up executable names (either "PATH" or "path").
+//
+// TODO(bcmills): Investigate whether we can instead use PATH uniformly and
+// rewrite it to $path when executing subprocesses.
+func pathEnvName() string {
+	switch runtime.GOOS {
+	case "plan9":
+		return "path"
+	default:
+		return "PATH"
+	}
+}
+
+// Exists checks that the named file(s) exist.
+func Exists() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "check that files exist",
+			Args:    "[-readonly] [-exec] file...",
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			var readonly, exec bool
+		loop:
+			for len(args) > 0 {
+				switch args[0] {
+				case "-readonly":
+					readonly = true
+					args = args[1:]
+				case "-exec":
+					exec = true
+					args = args[1:]
+				default:
+					break loop
+				}
+			}
+			if len(args) == 0 {
+				return nil, ErrUsage
+			}
+
+			for _, file := range args {
+				file = s.Path(file)
+				info, err := os.Stat(file)
+				if err != nil {
+					return nil, err
+				}
+				if readonly && info.Mode()&0222 != 0 {
+					return nil, fmt.Errorf("%s exists but is writable", file)
+				}
+				if exec && runtime.GOOS != "windows" && info.Mode()&0111 == 0 {
+					return nil, fmt.Errorf("%s exists but is not executable", file)
+				}
+			}
+
+			return nil, nil
+		})
+}
+
+// Grep checks that file content matches a regexp.
+// Like stdout/stderr and unlike Unix grep, it accepts Go regexp syntax.
+//
+// Grep does not modify the State's stdout or stderr buffers.
+// (Its output goes to the script log, not stdout.)
+func Grep() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "find lines in a file that match a pattern",
+			Args:    matchUsage + " file",
+			Detail: []string{
+				"The command succeeds if at least one match (or the exact count, if given) is found.",
+				"The -q flag suppresses printing of matches.",
+			},
+			RegexpArgs: firstNonFlag,
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			return nil, match(s, args, "", "grep")
+		})
+}
+
+const matchUsage = "[-count=N] [-q] 'pattern'"
+
+// match implements the Grep, Stdout, and Stderr commands.
+func match(s *State, args []string, text, name string) error {
+	n := 0
+	if len(args) >= 1 && strings.HasPrefix(args[0], "-count=") {
+		var err error
+		n, err = strconv.Atoi(args[0][len("-count="):])
+		if err != nil {
+			return fmt.Errorf("bad -count=: %v", err)
+		}
+		if n < 1 {
+			return fmt.Errorf("bad -count=: must be at least 1")
+		}
+		args = args[1:]
+	}
+	quiet := false
+	if len(args) >= 1 && args[0] == "-q" {
+		quiet = true
+		args = args[1:]
+	}
+
+	isGrep := name == "grep"
+
+	wantArgs := 1
+	if len(args) != wantArgs {
+		return ErrUsage
+	}
+
+	pattern := `(?m)` + args[0]
+	re, err := regexp.Compile(pattern)
+	if err != nil {
+		return err
+	}
+
+	if isGrep {
+		if len(args) == 1 || args[1] == "-" {
+			text = s.stdout
+		} else {
+			name = args[1] // for error messages
+			data, err := os.ReadFile(s.Path(args[1]))
+			if err != nil {
+				return err
+			}
+			text = string(data)
+		}
+	}
+
+	if n > 0 {
+		count := len(re.FindAllString(text, -1))
+		if count != n {
+			return fmt.Errorf("found %d matches for %#q in %s", count, pattern, name)
+		}
+		return nil
+	}
+
+	if !re.MatchString(text) {
+		return fmt.Errorf("no match for %#q in %s", pattern, name)
+	}
+
+	if !quiet {
+		// Print the lines containing the match.
+		loc := re.FindStringIndex(text)
+		for loc[0] > 0 && text[loc[0]-1] != '\n' {
+			loc[0]--
+		}
+		for loc[1] < len(text) && text[loc[1]] != '\n' {
+			loc[1]++
+		}
+		lines := strings.TrimSuffix(text[loc[0]:loc[1]], "\n")
+		s.Logf("matched: %s\n", lines)
+	}
+	return nil
+}
+
+// Help writes command documentation to the script log.
+func Help() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "log help text for commands and conditions",
+			Args:    "[-v] name...",
+			Detail: []string{
+				"To display help for a specific condition, enclose it in brackets: 'help [amd64]'.",
+				"To display complete documentation when listing all commands, pass the -v flag.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if s.engine == nil {
+				return nil, errors.New("no engine configured")
+			}
+
+			verbose := false
+			if len(args) > 0 {
+				verbose = true
+				if args[0] == "-v" {
+					args = args[1:]
+				}
+			}
+
+			var cmds, conds []string
+			for _, arg := range args {
+				if strings.HasPrefix(arg, "[") && strings.HasSuffix(arg, "]") {
+					conds = append(conds, arg[1:len(arg)-1])
+				} else {
+					cmds = append(cmds, arg)
+				}
+			}
+
+			out := new(strings.Builder)
+
+			if len(conds) > 0 || (len(args) == 0 && len(s.engine.Conds) > 0) {
+				if conds == nil {
+					out.WriteString("conditions:\n\n")
+				}
+				s.engine.ListConds(out, s, conds...)
+			}
+
+			if len(cmds) > 0 || len(args) == 0 {
+				if len(args) == 0 {
+					out.WriteString("\ncommands:\n\n")
+				}
+				s.engine.ListCmds(out, verbose, cmds...)
+			}
+
+			wait := func(*State) (stdout, stderr string, err error) {
+				return out.String(), "", nil
+			}
+			return wait, nil
+		})
+}
+
+// Mkdir creates a directory and any needed parent directories.
+func Mkdir() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "create directories, if they do not already exist",
+			Args:    "path...",
+			Detail: []string{
+				"Unlike Unix mkdir, parent directories are always created if needed.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) < 1 {
+				return nil, ErrUsage
+			}
+			for _, arg := range args {
+				if err := os.MkdirAll(s.Path(arg), 0777); err != nil {
+					return nil, err
+				}
+			}
+			return nil, nil
+		})
+}
+
+// Mv renames an existing file or directory to a new path.
+func Mv() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "rename a file or directory to a new path",
+			Args:    "old new",
+			Detail: []string{
+				"OS-specific restrictions may apply when old and new are in different directories.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) != 2 {
+				return nil, ErrUsage
+			}
+			return nil, os.Rename(s.Path(args[0]), s.Path(args[1]))
+		})
+}
+
+// Program returns a new command that runs the named program, found from the
+// host process's PATH (not looked up in the script's PATH).
+func Program(name string, cancel func(*exec.Cmd) error, waitDelay time.Duration) Cmd {
+	var (
+		shortName    string
+		summary      string
+		lookPathOnce sync.Once
+		path         string
+		pathErr      error
+	)
+	if filepath.IsAbs(name) {
+		lookPathOnce.Do(func() { path = filepath.Clean(name) })
+		shortName = strings.TrimSuffix(filepath.Base(path), ".exe")
+		summary = "run the '" + shortName + "' program provided by the script host"
+	} else {
+		shortName = name
+		summary = "run the '" + shortName + "' program from the script host's PATH"
+	}
+
+	return Command(
+		CmdUsage{
+			Summary: summary,
+			Args:    "[args...]",
+			Async:   true,
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			lookPathOnce.Do(func() {
+				path, pathErr = exec.LookPath(name)
+			})
+			if pathErr != nil {
+				return nil, pathErr
+			}
+			return startCommand(s, shortName, path, args, cancel, waitDelay)
+		})
+}
+
+// Replace replaces all occurrences of a string in a file with another string.
+func Replace() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "replace strings in a file",
+			Args:    "[old new]... file",
+			Detail: []string{
+				"The 'old' and 'new' arguments are unquoted as if in quoted Go strings.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args)%2 != 1 {
+				return nil, ErrUsage
+			}
+
+			oldNew := make([]string, 0, len(args)-1)
+			for _, arg := range args[:len(args)-1] {
+				s, err := strconv.Unquote(`"` + arg + `"`)
+				if err != nil {
+					return nil, err
+				}
+				oldNew = append(oldNew, s)
+			}
+
+			r := strings.NewReplacer(oldNew...)
+			file := s.Path(args[len(args)-1])
+
+			data, err := os.ReadFile(file)
+			if err != nil {
+				return nil, err
+			}
+			replaced := r.Replace(string(data))
+
+			return nil, os.WriteFile(file, []byte(replaced), 0666)
+		})
+}
+
+// Rm removes a file or directory.
+//
+// If a directory, Rm also recursively removes that directory's
+// contents.
+func Rm() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "remove a file or directory",
+			Args:    "path...",
+			Detail: []string{
+				"If the path is a directory, its contents are removed recursively.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) < 1 {
+				return nil, ErrUsage
+			}
+			for _, arg := range args {
+				if err := removeAll(s.Path(arg)); err != nil {
+					return nil, err
+				}
+			}
+			return nil, nil
+		})
+}
+
+// removeAll removes dir and all files and directories it contains.
+//
+// Unlike os.RemoveAll, removeAll attempts to make the directories writable if
+// needed in order to remove their contents.
+func removeAll(dir string) error {
+	// module cache has 0444 directories;
+	// make them writable in order to remove content.
+	filepath.WalkDir(dir, func(path string, info fs.DirEntry, err error) error {
+		// chmod not only directories, but also things that we couldn't even stat
+		// due to permission errors: they may also be unreadable directories.
+		if err != nil || info.IsDir() {
+			os.Chmod(path, 0777)
+		}
+		return nil
+	})
+	return os.RemoveAll(dir)
+}
+
+// Sleep sleeps for the given Go duration or until the script's context is
+// cancelled, whichever happens first.
+func Sleep() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "sleep for a specified duration",
+			Args:    "duration",
+			Detail: []string{
+				"The duration must be given as a Go time.Duration string.",
+			},
+			Async: true,
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) != 1 {
+				return nil, ErrUsage
+			}
+
+			d, err := time.ParseDuration(args[0])
+			if err != nil {
+				return nil, err
+			}
+
+			timer := time.NewTimer(d)
+			wait := func(s *State) (stdout, stderr string, err error) {
+				ctx := s.Context()
+				select {
+				case <-ctx.Done():
+					timer.Stop()
+					return "", "", ctx.Err()
+				case <-timer.C:
+					return "", "", nil
+				}
+			}
+			return wait, nil
+		})
+}
+
+// Stderr searches for a regular expression in the stderr buffer.
+func Stderr() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "find lines in the stderr buffer that match a pattern",
+			Args:    matchUsage + " file",
+			Detail: []string{
+				"The command succeeds if at least one match (or the exact count, if given) is found.",
+				"The -q flag suppresses printing of matches.",
+			},
+			RegexpArgs: firstNonFlag,
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			return nil, match(s, args, s.Stderr(), "stderr")
+		})
+}
+
+// Stdout searches for a regular expression in the stdout buffer.
+func Stdout() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "find lines in the stdout buffer that match a pattern",
+			Args:    matchUsage + " file",
+			Detail: []string{
+				"The command succeeds if at least one match (or the exact count, if given) is found.",
+				"The -q flag suppresses printing of matches.",
+			},
+			RegexpArgs: firstNonFlag,
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			return nil, match(s, args, s.Stdout(), "stdout")
+		})
+}
+
+// Stop returns a sentinel error that causes script execution to halt
+// and s.Execute to return with a nil error.
+func Stop() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "stop execution of the script",
+			Args:    "[msg]",
+			Detail: []string{
+				"The message is written to the script log, but no error is reported from the script engine.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) > 1 {
+				return nil, ErrUsage
+			}
+			// TODO(bcmills): The argument passed to stop seems redundant with comments.
+			// Either use it systematically or remove it.
+			if len(args) == 1 {
+				return nil, stopError{msg: args[0]}
+			}
+			return nil, stopError{}
+		})
+}
+
+// stopError is the sentinel error type returned by the Stop command.
+type stopError struct {
+	msg string
+}
+
+func (s stopError) Error() string {
+	if s.msg == "" {
+		return "stop"
+	}
+	return "stop: " + s.msg
+}
+
+// Symlink creates a symbolic link.
+func Symlink() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "create a symlink",
+			Args:    "path -> target",
+			Detail: []string{
+				"Creates path as a symlink to target.",
+				"The '->' token (like in 'ls -l' output on Unix) is required.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) != 3 || args[1] != "->" {
+				return nil, ErrUsage
+			}
+
+			// Note that the link target args[2] is not interpreted with s.Path:
+			// it will be interpreted relative to the directory file is in.
+			return nil, os.Symlink(filepath.FromSlash(args[2]), s.Path(args[0]))
+		})
+}
+
+// Wait waits for the completion of background commands.
+//
+// When Wait returns, the stdout and stderr buffers contain the concatenation of
+// the background commands' respective outputs in the order in which those
+// commands were started.
+func Wait() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "wait for completion of background commands",
+			Args:    "",
+			Detail: []string{
+				"Waits for all background commands to complete.",
+				"The output (and any error) from each command is printed to the log in the order in which the commands were started.",
+				"After the call to 'wait', the script's stdout and stderr buffers contain the concatenation of the background commands' outputs.",
+			},
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			if len(args) > 0 {
+				return nil, ErrUsage
+			}
+
+			var stdouts, stderrs []string
+			var errs []*CommandError
+			for _, bg := range s.background {
+				stdout, stderr, err := bg.wait(s)
+
+				beforeArgs := ""
+				if len(bg.args) > 0 {
+					beforeArgs = " "
+				}
+				s.Logf("[background] %s%s%s\n", bg.name, beforeArgs, quoteArgs(bg.args))
+
+				if stdout != "" {
+					s.Logf("[stdout]\n%s", stdout)
+					stdouts = append(stdouts, stdout)
+				}
+				if stderr != "" {
+					s.Logf("[stderr]\n%s", stderr)
+					stderrs = append(stderrs, stderr)
+				}
+				if err != nil {
+					s.Logf("[%v]\n", err)
+				}
+				if cmdErr := checkStatus(bg.command, err); cmdErr != nil {
+					errs = append(errs, cmdErr.(*CommandError))
+				}
+			}
+
+			s.stdout = strings.Join(stdouts, "")
+			s.stderr = strings.Join(stderrs, "")
+			s.background = nil
+			if len(errs) > 0 {
+				return nil, waitError{errs: errs}
+			}
+			return nil, nil
+		})
+}
+
+// A waitError wraps one or more errors returned by background commands.
+type waitError struct {
+	errs []*CommandError
+}
+
+func (w waitError) Error() string {
+	b := new(strings.Builder)
+	for i, err := range w.errs {
+		if i != 0 {
+			b.WriteString("\n")
+		}
+		b.WriteString(err.Error())
+	}
+	return b.String()
+}
+
+func (w waitError) Unwrap() error {
+	if len(w.errs) == 1 {
+		return w.errs[0]
+	}
+	return nil
+}
+
+func Break() Cmd {
+	return Command(
+		CmdUsage{
+			Summary: "break into interactive prompt",
+		},
+		func(s *State, args ...string) (WaitFunc, error) {
+			tty, err := os.OpenFile("/dev/tty", os.O_RDWR, 0)
+			if err != nil {
+				return nil, fmt.Errorf("open /dev/tty: %w", err)
+			}
+			defer tty.Close()
+
+			prev, err := term.MakeRaw(int(tty.Fd()))
+			if err != nil {
+				return nil, fmt.Errorf("cannot set /dev/tty to raw mode")
+			}
+			defer term.Restore(int(tty.Fd()), prev)
+
+			// Flush any pending logs
+			engine := s.engine
+
+			term := term.NewTerminal(tty, "debug> ")
+			s.FlushLog()
+			fmt.Fprintf(term, "\nBreak! Control-d to continue.\n")
+
+			for {
+				line, err := term.ReadLine()
+				if err != nil {
+					return nil, nil
+				}
+				err = engine.ExecuteLine(s, line, term)
+				if err != nil {
+					fmt.Fprintln(term, err.Error())
+				}
+			}
+		},
+	)
+}
diff --git a/vendor/github.com/cilium/hive/script/cmds_other.go b/vendor/github.com/cilium/hive/script/cmds_other.go
new file mode 100644
index 0000000000..847b225ae6
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/cmds_other.go
@@ -0,0 +1,11 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !(unix || windows)
+
+package script
+
+func isETXTBSY(err error) bool {
+	return false
+}
diff --git a/vendor/github.com/cilium/hive/script/cmds_posix.go b/vendor/github.com/cilium/hive/script/cmds_posix.go
new file mode 100644
index 0000000000..2525f6e752
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/cmds_posix.go
@@ -0,0 +1,16 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build unix || windows
+
+package script
+
+import (
+	"errors"
+	"syscall"
+)
+
+func isETXTBSY(err error) bool {
+	return errors.Is(err, syscall.ETXTBSY)
+}
diff --git a/vendor/github.com/cilium/hive/script/conds.go b/vendor/github.com/cilium/hive/script/conds.go
new file mode 100644
index 0000000000..ffe5e3f0db
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/conds.go
@@ -0,0 +1,198 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package script
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+	"sync"
+)
+
+// DefaultConds returns a set of broadly useful script conditions.
+//
+// Run the 'help' command within a script engine to view a list of the available
+// conditions.
+func DefaultConds() map[string]Cond {
+	conds := make(map[string]Cond)
+
+	conds["GOOS"] = PrefixCondition(
+		"runtime.GOOS == <suffix>",
+		func(_ *State, suffix string) (bool, error) {
+			if suffix == runtime.GOOS {
+				return true, nil
+			}
+			return false, nil
+		})
+
+	conds["GOARCH"] = PrefixCondition(
+		"runtime.GOARCH == <suffix>",
+		func(_ *State, suffix string) (bool, error) {
+			if suffix == runtime.GOARCH {
+				return true, nil
+			}
+			return false, nil
+		})
+
+	conds["compiler"] = PrefixCondition(
+		"runtime.Compiler == <suffix>",
+		func(_ *State, suffix string) (bool, error) {
+			if suffix == runtime.Compiler {
+				return true, nil
+			}
+			switch suffix {
+			case "gc", "gccgo":
+				return false, nil
+			default:
+				return false, fmt.Errorf("unrecognized compiler %q", suffix)
+			}
+		})
+
+	conds["root"] = BoolCondition("os.Geteuid() == 0", os.Geteuid() == 0)
+
+	return conds
+}
+
+// Condition returns a Cond with the given summary and evaluation function.
+func Condition(summary string, eval func(*State) (bool, error)) Cond {
+	return &funcCond{eval: eval, usage: CondUsage{Summary: summary}}
+}
+
+type funcCond struct {
+	eval  func(*State) (bool, error)
+	usage CondUsage
+}
+
+func (c *funcCond) Usage() *CondUsage { return &c.usage }
+
+func (c *funcCond) Eval(s *State, suffix string) (bool, error) {
+	if suffix != "" {
+		return false, ErrUsage
+	}
+	return c.eval(s)
+}
+
+// PrefixCondition returns a Cond with the given summary and evaluation function.
+func PrefixCondition(summary string, eval func(*State, string) (bool, error)) Cond {
+	return &prefixCond{eval: eval, usage: CondUsage{Summary: summary, Prefix: true}}
+}
+
+type prefixCond struct {
+	eval  func(*State, string) (bool, error)
+	usage CondUsage
+}
+
+func (c *prefixCond) Usage() *CondUsage { return &c.usage }
+
+func (c *prefixCond) Eval(s *State, suffix string) (bool, error) {
+	return c.eval(s, suffix)
+}
+
+// BoolCondition returns a Cond with the given truth value and summary.
+// The Cond rejects the use of condition suffixes.
+func BoolCondition(summary string, v bool) Cond {
+	return &boolCond{v: v, usage: CondUsage{Summary: summary}}
+}
+
+type boolCond struct {
+	v     bool
+	usage CondUsage
+}
+
+func (b *boolCond) Usage() *CondUsage { return &b.usage }
+
+func (b *boolCond) Eval(s *State, suffix string) (bool, error) {
+	if suffix != "" {
+		return false, ErrUsage
+	}
+	return b.v, nil
+}
+
+// OnceCondition returns a Cond that calls eval the first time the condition is
+// evaluated. Future calls reuse the same result.
+//
+// The eval function is not passed a *State because the condition is cached
+// across all execution states and must not vary by state.
+func OnceCondition(summary string, eval func() (bool, error)) Cond {
+	return &onceCond{eval: eval, usage: CondUsage{Summary: summary}}
+}
+
+type onceCond struct {
+	once  sync.Once
+	v     bool
+	err   error
+	eval  func() (bool, error)
+	usage CondUsage
+}
+
+func (l *onceCond) Usage() *CondUsage { return &l.usage }
+
+func (l *onceCond) Eval(s *State, suffix string) (bool, error) {
+	if suffix != "" {
+		return false, ErrUsage
+	}
+	l.once.Do(func() { l.v, l.err = l.eval() })
+	return l.v, l.err
+}
+
+// CachedCondition is like Condition but only calls eval the first time the
+// condition is evaluated for a given suffix.
+// Future calls with the same suffix reuse the earlier result.
+//
+// The eval function is not passed a *State because the condition is cached
+// across all execution states and must not vary by state.
+func CachedCondition(summary string, eval func(string) (bool, error)) Cond {
+	return &cachedCond{eval: eval, usage: CondUsage{Summary: summary, Prefix: true}}
+}
+
+type cachedCond struct {
+	m     sync.Map
+	eval  func(string) (bool, error)
+	usage CondUsage
+}
+
+func (c *cachedCond) Usage() *CondUsage { return &c.usage }
+
+func (c *cachedCond) Eval(_ *State, suffix string) (bool, error) {
+	for {
+		var ready chan struct{}
+
+		v, loaded := c.m.Load(suffix)
+		if !loaded {
+			ready = make(chan struct{})
+			v, loaded = c.m.LoadOrStore(suffix, (<-chan struct{})(ready))
+
+			if !loaded {
+				inPanic := true
+				defer func() {
+					if inPanic {
+						c.m.Delete(suffix)
+					}
+					close(ready)
+				}()
+
+				b, err := c.eval(suffix)
+				inPanic = false
+
+				if err == nil {
+					c.m.Store(suffix, b)
+					return b, nil
+				} else {
+					c.m.Store(suffix, err)
+					return false, err
+				}
+			}
+		}
+
+		switch v := v.(type) {
+		case bool:
+			return v, nil
+		case error:
+			return false, v
+		case <-chan struct{}:
+			<-v
+		}
+	}
+}
diff --git a/vendor/github.com/cilium/hive/script/engine.go b/vendor/github.com/cilium/hive/script/engine.go
new file mode 100644
index 0000000000..7b9b9bf3f8
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/engine.go
@@ -0,0 +1,853 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package script implements a small, customizable, platform-agnostic scripting
+// language.
+//
+// Scripts are run by an [Engine] configured with a set of available commands
+// and conditions that guard those commands. Each script has an associated
+// working directory and environment, along with a buffer containing the stdout
+// and stderr output of a prior command, tracked in a [State] that commands can
+// inspect and modify.
+//
+// The default commands configured by [NewEngine] resemble a simplified Unix
+// shell.
+//
+// # Script Language
+//
+// Each line of a script is parsed into a sequence of space-separated command
+// words, with environment variable expansion within each word and # marking an
+// end-of-line comment. Additional variables named ':' and '/' are expanded
+// within script arguments (expanding to the value of os.PathListSeparator and
+// os.PathSeparator respectively) but are not inherited in subprocess
+// environments.
+//
+// Adding single quotes around text keeps spaces in that text from being treated
+// as word separators and also disables environment variable expansion.
+// Inside a single-quoted block of text, a repeated single quote indicates
+// a literal single quote, as in:
+//
+//	'Don''t communicate by sharing memory.'
+//
+// A line beginning with # is a comment and conventionally explains what is
+// being done or tested at the start of a new section of the script.
+//
+// Commands are executed one at a time, and errors are checked for each command;
+// if any command fails unexpectedly, no subsequent commands in the script are
+// executed. The command prefix ! indicates that the command on the rest of the
+// line (typically go or a matching predicate) must fail instead of succeeding.
+// The command prefix ? indicates that the command may or may not succeed, but
+// the script should continue regardless.
+//
+// The command prefix [cond] indicates that the command on the rest of the line
+// should only run when the condition is satisfied.
+//
+// A condition can be negated: [!root] means to run the rest of the line only if
+// the user is not root. Multiple conditions may be given for a single command,
+// for example, '[linux] [amd64] skip'. The command will run if all conditions
+// are satisfied.
+//
+// Package script is particularly good for writing tests.
+// Ironically, it has no tests.
+package script
+
+import (
+	"bufio"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"sort"
+	"strings"
+	"time"
+)
+
+// An Engine stores the configuration for executing a set of scripts.
+//
+// The same Engine may execute multiple scripts concurrently.
+type Engine struct {
+	Cmds  map[string]Cmd
+	Conds map[string]Cond
+
+	// If Quiet is true, Execute deletes log prints from the previous
+	// section when starting a new section.
+	Quiet bool
+}
+
+// NewEngine returns an Engine configured with a basic set of commands and conditions.
+func NewEngine() *Engine {
+	return &Engine{
+		Cmds:  DefaultCmds(),
+		Conds: DefaultConds(),
+	}
+}
+
+// A Cmd is a command that is available to a script.
+type Cmd interface {
+	// Run begins running the command.
+	//
+	// If the command produces output or can be run in the background, run returns
+	// a WaitFunc that will be called to obtain the result of the command and
+	// update the engine's stdout and stderr buffers.
+	//
+	// Run itself and the returned WaitFunc may inspect and/or modify the State,
+	// but the State's methods must not be called concurrently after Run has
+	// returned.
+	//
+	// Run may retain and access the args slice until the WaitFunc has returned.
+	Run(s *State, args ...string) (WaitFunc, error)
+
+	// Usage returns the usage for the command, which the caller must not modify.
+	Usage() *CmdUsage
+}
+
+// A WaitFunc is a function called to retrieve the results of a Cmd.
+type WaitFunc func(*State) (stdout, stderr string, err error)
+
+// A CmdUsage describes the usage of a Cmd, independent of its name
+// (which can change based on its registration).
+type CmdUsage struct {
+	Summary string   // in the style of the Name section of a Unix 'man' page, omitting the name
+	Args    string   // a brief synopsis of the command's arguments (only)
+	Detail  []string // zero or more sentences in the style of the Description section of a Unix 'man' page
+
+	// If Async is true, the Cmd is meaningful to run in the background, and its
+	// Run method must return either a non-nil WaitFunc or a non-nil error.
+	Async bool
+
+	// RegexpArgs reports which arguments, if any, should be treated as regular
+	// expressions. It takes as input the raw, unexpanded arguments and returns
+	// the list of argument indices that will be interpreted as regular
+	// expressions.
+	//
+	// If RegexpArgs is nil, all arguments are assumed not to be regular
+	// expressions.
+	RegexpArgs func(rawArgs ...string) []int
+}
+
+// A Cond is a condition deciding whether a command should be run.
+type Cond interface {
+	// Eval reports whether the condition applies to the given State.
+	//
+	// If the condition's usage reports that it is a prefix,
+	// the condition must be used with a suffix.
+	// Otherwise, the passed-in suffix argument is always the empty string.
+	Eval(s *State, suffix string) (bool, error)
+
+	// Usage returns the usage for the condition, which the caller must not modify.
+	Usage() *CondUsage
+}
+
+// A CondUsage describes the usage of a Cond, independent of its name
+// (which can change based on its registration).
+type CondUsage struct {
+	Summary string // a single-line summary of when the condition is true
+
+	// If Prefix is true, the condition is a prefix and requires a
+	// colon-separated suffix (like "[GOOS:linux]" for the "GOOS" condition).
+	// The suffix may be the empty string (like "[prefix:]").
+	Prefix bool
+}
+
+// Execute reads and executes script, writing the output to log.
+//
+// Execute stops and returns an error at the first command that does not succeed.
+// The returned error's text begins with "file:line: ".
+//
+// If the script runs to completion or ends by a 'stop' command,
+// Execute returns nil.
+//
+// Execute does not stop background commands started by the script
+// before returning. To stop those, use [State.CloseAndWait] or the
+// [Wait] command.
+func (e *Engine) Execute(s *State, file string, script *bufio.Reader, log io.Writer) (err error) {
+	defer func(prev *Engine) { s.engine = prev }(s.engine)
+	s.engine = e
+	defer func(prev io.Writer) { s.logOut = prev }(s.logOut)
+	s.logOut = log
+
+	var sectionStart time.Time
+	// endSection flushes the logs for the current section from s.log to log.
+	// ok indicates whether all commands in the section succeeded.
+	endSection := func(ok bool) error {
+		var err error
+		if sectionStart.IsZero() {
+			// We didn't write a section header or record a timestamp, so just dump the
+			// whole log without those.
+			if s.log.Len() > 0 {
+				err = s.FlushLog()
+			}
+		} else if s.log.Len() == 0 {
+			// Adding elapsed time for doing nothing is meaningless, so don't.
+			_, err = io.WriteString(log, "\n")
+		} else {
+			// Insert elapsed time for section at the end of the section's comment.
+			_, err = fmt.Fprintf(log, " (%.3fs)\n", time.Since(sectionStart).Seconds())
+
+			if err == nil && (!ok || !e.Quiet) {
+				err = s.FlushLog()
+			} else {
+				s.log.Reset()
+			}
+		}
+
+		sectionStart = time.Time{}
+		return err
+	}
+
+	var lineno int
+	lineErr := func(err error) error {
+		if errors.As(err, new(*CommandError)) {
+			return err
+		}
+		return fmt.Errorf("%s:%d: %w", file, lineno, err)
+	}
+
+	// In case of failure or panic, flush any pending logs for the section.
+	defer func() {
+		if sErr := endSection(false); sErr != nil && err == nil {
+			err = lineErr(sErr)
+		}
+	}()
+
+	for {
+		if err := s.ctx.Err(); err != nil {
+			// This error wasn't produced by any particular command,
+			// so don't wrap it in a CommandError.
+			return lineErr(err)
+		}
+
+		line, err := script.ReadString('\n')
+		if err == io.EOF {
+			if line == "" {
+				break // Reached the end of the script.
+			}
+			// If the script doesn't end in a newline, interpret the final line.
+		} else if err != nil {
+			return lineErr(err)
+		}
+		line = strings.TrimSuffix(line, "\n")
+		lineno++
+
+		// The comment character "#" at the start of the line delimits a section of
+		// the script.
+		if strings.HasPrefix(line, "#") {
+			// If there was a previous section, the fact that we are starting a new
+			// one implies the success of the previous one.
+			//
+			// At the start of the script, the state may also contain accumulated logs
+			// from commands executed on the State outside of the engine in order to
+			// set it up; flush those logs too.
+			if err := endSection(true); err != nil {
+				return lineErr(err)
+			}
+
+			// Log the section start without a newline so that we can add
+			// a timestamp for the section when it ends.
+			_, err = fmt.Fprintf(log, "%s", line)
+			sectionStart = time.Now()
+			if err != nil {
+				return lineErr(err)
+			}
+			continue
+		}
+
+		cmd, err := parse(file, lineno, line)
+		if cmd == nil && err == nil {
+			continue // Ignore blank lines.
+		}
+		s.Logf("> %s\n", line)
+		if err != nil {
+			return lineErr(err)
+		}
+
+		// Evaluate condition guards.
+		ok, err := e.conditionsActive(s, cmd.conds)
+		if err != nil {
+			return lineErr(err)
+		}
+		if !ok {
+			s.Logf("[condition not met]\n")
+			continue
+		}
+
+		impl := e.Cmds[cmd.name]
+
+		// Expand variables in arguments.
+		var regexpArgs []int
+		if impl != nil {
+			usage := impl.Usage()
+			if usage.RegexpArgs != nil {
+				// First join rawArgs without expansion to pass to RegexpArgs.
+				rawArgs := make([]string, 0, len(cmd.rawArgs))
+				for _, frags := range cmd.rawArgs {
+					var b strings.Builder
+					for _, frag := range frags {
+						b.WriteString(frag.s)
+					}
+					rawArgs = append(rawArgs, b.String())
+				}
+				regexpArgs = usage.RegexpArgs(rawArgs...)
+			}
+		}
+		cmd.args = expandArgs(s, cmd.rawArgs, regexpArgs)
+
+		// Run the command.
+		err = e.runCommand(s, cmd, impl)
+		if err != nil {
+			if stop := (stopError{}); errors.As(err, &stop) {
+				// Since the 'stop' command halts execution of the entire script,
+				// log its message separately from the section in which it appears.
+				err = endSection(true)
+				s.Logf("%v\n", stop)
+				if err == nil {
+					return nil
+				}
+			}
+			return lineErr(err)
+		}
+	}
+
+	if err := endSection(true); err != nil {
+		return lineErr(err)
+	}
+	return nil
+}
+
+func (e *Engine) ExecuteLine(s *State, line string, log io.Writer) (err error) {
+	defer func(prev *Engine) { s.engine = prev }(s.engine)
+	s.engine = e
+	defer func(prev io.Writer) { s.logOut = prev }(s.logOut)
+	s.logOut = log
+	defer s.FlushLog()
+
+	cmd, err := parse("<stdin>", 0, line)
+	if cmd == nil && err == nil {
+		return nil
+	}
+	if err != nil {
+		return err
+	}
+
+	// Evaluate condition guards.
+	ok, err := e.conditionsActive(s, cmd.conds)
+	if err != nil {
+		return err
+	}
+	if !ok {
+		s.Logf("[condition not met]\n")
+		return
+	}
+
+	impl := e.Cmds[cmd.name]
+
+	// Expand variables in arguments.
+	var regexpArgs []int
+	if impl != nil {
+		usage := impl.Usage()
+		if usage.RegexpArgs != nil {
+			// First join rawArgs without expansion to pass to RegexpArgs.
+			rawArgs := make([]string, 0, len(cmd.rawArgs))
+			for _, frags := range cmd.rawArgs {
+				var b strings.Builder
+				for _, frag := range frags {
+					b.WriteString(frag.s)
+				}
+				rawArgs = append(rawArgs, b.String())
+			}
+			regexpArgs = usage.RegexpArgs(rawArgs...)
+		}
+	}
+	cmd.args = expandArgs(s, cmd.rawArgs, regexpArgs)
+
+	// Run the command.
+	err = e.runCommand(s, cmd, impl)
+	if err != nil {
+		if stop := (stopError{}); errors.As(err, &stop) {
+			// Since the 'stop' command halts execution of the entire script,
+			// log its message separately from the section in which it appears.
+			s.Logf("%v\n", stop)
+			if err == nil {
+				return nil
+			}
+		}
+		return err
+	}
+	return nil
+}
+
+// A command is a complete command parsed from a script.
+type command struct {
+	file       string
+	line       int
+	want       expectedStatus
+	conds      []condition // all must be satisfied
+	name       string      // the name of the command; must be non-empty
+	rawArgs    [][]argFragment
+	args       []string // shell-expanded arguments following name
+	background bool     // command should run in background (ends with a trailing &)
+}
+
+// An expectedStatus describes the expected outcome of a command.
+// Script execution halts when a command does not match its expected status.
+type expectedStatus string
+
+const (
+	success          expectedStatus = ""
+	failure          expectedStatus = "!"
+	successOrFailure expectedStatus = "?"
+)
+
+type argFragment struct {
+	s      string
+	quoted bool // if true, disable variable expansion for this fragment
+}
+
+type condition struct {
+	want bool
+	tag  string
+}
+
+const argSepChars = " \t\r\n#"
+
+// parse parses a single line as a list of space-separated arguments.
+// subject to environment variable expansion (but not resplitting).
+// Single quotes around text disable splitting and expansion.
+// To embed a single quote, double it:
+//
+//	'Don''t communicate by sharing memory.'
+func parse(filename string, lineno int, line string) (cmd *command, err error) {
+	cmd = &command{file: filename, line: lineno}
+	var (
+		rawArg []argFragment // text fragments of current arg so far (need to add line[start:i])
+		start  = -1          // if >= 0, position where current arg text chunk starts
+		quoted = false       // currently processing quoted text
+	)
+
+	flushArg := func() error {
+		if len(rawArg) == 0 {
+			return nil // Nothing to flush.
+		}
+		defer func() { rawArg = nil }()
+
+		if cmd.name == "" && len(rawArg) == 1 && !rawArg[0].quoted {
+			arg := rawArg[0].s
+
+			// Command prefix ! means negate the expectations about this command:
+			// go command should fail, match should not be found, etc.
+			// Prefix ? means allow either success or failure.
+			switch want := expectedStatus(arg); want {
+			case failure, successOrFailure:
+				if cmd.want != "" {
+					return errors.New("duplicated '!' or '?' token")
+				}
+				cmd.want = want
+				return nil
+			}
+
+			// Command prefix [cond] means only run this command if cond is satisfied.
+			if strings.HasPrefix(arg, "[") && strings.HasSuffix(arg, "]") {
+				want := true
+				arg = strings.TrimSpace(arg[1 : len(arg)-1])
+				if strings.HasPrefix(arg, "!") {
+					want = false
+					arg = strings.TrimSpace(arg[1:])
+				}
+				if arg == "" {
+					return errors.New("empty condition")
+				}
+				cmd.conds = append(cmd.conds, condition{want: want, tag: arg})
+				return nil
+			}
+
+			if arg == "" {
+				return errors.New("empty command")
+			}
+			cmd.name = arg
+			return nil
+		}
+
+		cmd.rawArgs = append(cmd.rawArgs, rawArg)
+		return nil
+	}
+
+	for i := 0; ; i++ {
+		if !quoted && (i >= len(line) || strings.ContainsRune(argSepChars, rune(line[i]))) {
+			// Found arg-separating space.
+			if start >= 0 {
+				rawArg = append(rawArg, argFragment{s: line[start:i], quoted: false})
+				start = -1
+			}
+			if err := flushArg(); err != nil {
+				return nil, err
+			}
+			if i >= len(line) || line[i] == '#' {
+				break
+			}
+			continue
+		}
+		if i >= len(line) {
+			return nil, errors.New("unterminated quoted argument")
+		}
+		if line[i] == '\'' {
+			if !quoted {
+				// starting a quoted chunk
+				if start >= 0 {
+					rawArg = append(rawArg, argFragment{s: line[start:i], quoted: false})
+				}
+				start = i + 1
+				quoted = true
+				continue
+			}
+			// 'foo''bar' means foo'bar, like in rc shell and Pascal.
+			if i+1 < len(line) && line[i+1] == '\'' {
+				rawArg = append(rawArg, argFragment{s: line[start:i], quoted: true})
+				start = i + 1
+				i++ // skip over second ' before next iteration
+				continue
+			}
+			// ending a quoted chunk
+			rawArg = append(rawArg, argFragment{s: line[start:i], quoted: true})
+			start = i + 1
+			quoted = false
+			continue
+		}
+		// found character worth saving; make sure we're saving
+		if start < 0 {
+			start = i
+		}
+	}
+
+	if cmd.name == "" {
+		if cmd.want != "" || len(cmd.conds) > 0 || len(cmd.rawArgs) > 0 || cmd.background {
+			// The line contains a command prefix or suffix, but no actual command.
+			return nil, errors.New("missing command")
+		}
+
+		// The line is blank, or contains only a comment.
+		return nil, nil
+	}
+
+	if n := len(cmd.rawArgs); n > 0 {
+		last := cmd.rawArgs[n-1]
+		if len(last) == 1 && !last[0].quoted && last[0].s == "&" {
+			cmd.background = true
+			cmd.rawArgs = cmd.rawArgs[:n-1]
+		}
+	}
+	return cmd, nil
+}
+
+// expandArgs expands the shell variables in rawArgs and joins them to form the
+// final arguments to pass to a command.
+func expandArgs(s *State, rawArgs [][]argFragment, regexpArgs []int) []string {
+	args := make([]string, 0, len(rawArgs))
+	for i, frags := range rawArgs {
+		isRegexp := false
+		for _, j := range regexpArgs {
+			if i == j {
+				isRegexp = true
+				break
+			}
+		}
+
+		var b strings.Builder
+		for _, frag := range frags {
+			if frag.quoted {
+				b.WriteString(frag.s)
+			} else {
+				b.WriteString(s.ExpandEnv(frag.s, isRegexp))
+			}
+		}
+		args = append(args, b.String())
+	}
+	return args
+}
+
+// quoteArgs returns a string that parse would parse as args when passed to a command.
+//
+// TODO(bcmills): This function should have a fuzz test.
+func quoteArgs(args []string) string {
+	var b strings.Builder
+	for i, arg := range args {
+		if i > 0 {
+			b.WriteString(" ")
+		}
+		if strings.ContainsAny(arg, "'"+argSepChars) {
+			// Quote the argument to a form that would be parsed as a single argument.
+			b.WriteString("'")
+			b.WriteString(strings.ReplaceAll(arg, "'", "''"))
+			b.WriteString("'")
+		} else {
+			b.WriteString(arg)
+		}
+	}
+	return b.String()
+}
+
+func (e *Engine) conditionsActive(s *State, conds []condition) (bool, error) {
+	for _, cond := range conds {
+		var impl Cond
+		prefix, suffix, ok := strings.Cut(cond.tag, ":")
+		if ok {
+			impl = e.Conds[prefix]
+			if impl == nil {
+				return false, fmt.Errorf("unknown condition prefix %q", prefix)
+			}
+			if !impl.Usage().Prefix {
+				return false, fmt.Errorf("condition %q cannot be used with a suffix", prefix)
+			}
+		} else {
+			impl = e.Conds[cond.tag]
+			if impl == nil {
+				return false, fmt.Errorf("unknown condition %q", cond.tag)
+			}
+			if impl.Usage().Prefix {
+				return false, fmt.Errorf("condition %q requires a suffix", cond.tag)
+			}
+		}
+		active, err := impl.Eval(s, suffix)
+
+		if err != nil {
+			return false, fmt.Errorf("evaluating condition %q: %w", cond.tag, err)
+		}
+		if active != cond.want {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
+
+func (e *Engine) runCommand(s *State, cmd *command, impl Cmd) error {
+	if impl == nil {
+		return cmdError(cmd, errors.New("unknown command"))
+	}
+
+	async := impl.Usage().Async
+	if cmd.background && !async {
+		return cmdError(cmd, errors.New("command cannot be run in background"))
+	}
+
+	wait, runErr := impl.Run(s, cmd.args...)
+	if wait == nil {
+		if async && runErr == nil {
+			return cmdError(cmd, errors.New("internal error: async command returned a nil WaitFunc"))
+		}
+		return checkStatus(cmd, runErr)
+	}
+	if runErr != nil {
+		return cmdError(cmd, errors.New("internal error: command returned both an error and a WaitFunc"))
+	}
+
+	if cmd.background {
+		s.background = append(s.background, backgroundCmd{
+			command: cmd,
+			wait:    wait,
+		})
+		// Clear stdout and stderr, since they no longer correspond to the last
+		// command executed.
+		s.stdout = ""
+		s.stderr = ""
+		return nil
+	}
+
+	stdout, stderr, waitErr := wait(s)
+	s.stdout = stdout
+	s.stderr = stderr
+	if stdout != "" {
+		s.Logf("[stdout]\n%s", stdout)
+	}
+	if stderr != "" {
+		s.Logf("[stderr]\n%s", stderr)
+	}
+	if cmdErr := checkStatus(cmd, waitErr); cmdErr != nil {
+		return cmdErr
+	}
+	if waitErr != nil {
+		// waitErr was expected (by cmd.want), so log it instead of returning it.
+		s.Logf("[%v]\n", waitErr)
+	}
+	return nil
+}
+
+func checkStatus(cmd *command, err error) error {
+	if err == nil {
+		if cmd.want == failure {
+			return cmdError(cmd, ErrUnexpectedSuccess)
+		}
+		return nil
+	}
+
+	if s := (stopError{}); errors.As(err, &s) {
+		// This error originated in the Stop command.
+		// Propagate it as-is.
+		return cmdError(cmd, err)
+	}
+
+	if w := (waitError{}); errors.As(err, &w) {
+		// This error was surfaced from a background process by a call to Wait.
+		// Add a call frame for Wait itself, but ignore its "want" field.
+		// (Wait itself cannot fail to wait on commands or else it would leak
+		// processes and/or goroutines — so a negative assertion for it would be at
+		// best ambiguous.)
+		return cmdError(cmd, err)
+	}
+
+	if cmd.want == success {
+		return cmdError(cmd, err)
+	}
+
+	if cmd.want == failure && (errors.Is(err, context.DeadlineExceeded) || errors.Is(err, context.Canceled)) {
+		// The command was terminated because the script is no longer interested in
+		// its output, so we don't know what it would have done had it run to
+		// completion — for all we know, it could have exited without error if it
+		// ran just a smidge faster.
+		return cmdError(cmd, err)
+	}
+
+	return nil
+}
+
+// ListCmds prints to w a list of the named commands,
+// annotating each with its arguments and a short usage summary.
+// If verbose is true, ListCmds prints full details for each command.
+//
+// Each of the name arguments should be a command name.
+// If no names are passed as arguments, ListCmds lists all the
+// commands registered in e.
+func (e *Engine) ListCmds(w io.Writer, verbose bool, names ...string) error {
+	if names == nil {
+		names = make([]string, 0, len(e.Cmds))
+		for name := range e.Cmds {
+			names = append(names, name)
+		}
+		sort.Strings(names)
+	}
+
+	for _, name := range names {
+		cmd := e.Cmds[name]
+		usage := cmd.Usage()
+
+		suffix := ""
+		if usage.Async {
+			suffix = " [&]"
+		}
+
+		_, err := fmt.Fprintf(w, "%s %s%s\n\t%s\n", name, usage.Args, suffix, usage.Summary)
+		if err != nil {
+			return err
+		}
+
+		if verbose {
+			if _, err := io.WriteString(w, "\n"); err != nil {
+				return err
+			}
+			for _, line := range usage.Detail {
+				if err := wrapLine(w, line, 60, "\t"); err != nil {
+					return err
+				}
+			}
+			if _, err := io.WriteString(w, "\n"); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func wrapLine(w io.Writer, line string, cols int, indent string) error {
+	line = strings.TrimLeft(line, " ")
+	for len(line) > cols {
+		bestSpace := -1
+		for i, r := range line {
+			if r == ' ' {
+				if i <= cols || bestSpace < 0 {
+					bestSpace = i
+				}
+				if i > cols {
+					break
+				}
+			}
+		}
+		if bestSpace < 0 {
+			break
+		}
+
+		if _, err := fmt.Fprintf(w, "%s%s\n", indent, line[:bestSpace]); err != nil {
+			return err
+		}
+		line = line[bestSpace+1:]
+	}
+
+	_, err := fmt.Fprintf(w, "%s%s\n", indent, line)
+	return err
+}
+
+// ListConds prints to w a list of conditions, one per line,
+// annotating each with a description and whether the condition
+// is true in the state s (if s is non-nil).
+//
+// Each of the tag arguments should be a condition string of
+// the form "name" or "name:suffix". If no tags are passed as
+// arguments, ListConds lists all conditions registered in
+// the engine e.
+func (e *Engine) ListConds(w io.Writer, s *State, tags ...string) error {
+	if tags == nil {
+		tags = make([]string, 0, len(e.Conds))
+		for name := range e.Conds {
+			tags = append(tags, name)
+		}
+		sort.Strings(tags)
+	}
+
+	for _, tag := range tags {
+		if prefix, suffix, ok := strings.Cut(tag, ":"); ok {
+			cond := e.Conds[prefix]
+			if cond == nil {
+				return fmt.Errorf("unknown condition prefix %q", prefix)
+			}
+			usage := cond.Usage()
+			if !usage.Prefix {
+				return fmt.Errorf("condition %q cannot be used with a suffix", prefix)
+			}
+
+			activeStr := ""
+			if s != nil {
+				if active, _ := cond.Eval(s, suffix); active {
+					activeStr = " (active)"
+				}
+			}
+			_, err := fmt.Fprintf(w, "[%s]%s\n\t%s\n", tag, activeStr, usage.Summary)
+			if err != nil {
+				return err
+			}
+			continue
+		}
+
+		cond := e.Conds[tag]
+		if cond == nil {
+			return fmt.Errorf("unknown condition %q", tag)
+		}
+		var err error
+		usage := cond.Usage()
+		if usage.Prefix {
+			_, err = fmt.Fprintf(w, "[%s:*]\n\t%s\n", tag, usage.Summary)
+		} else {
+			activeStr := ""
+			if s != nil {
+				if ok, _ := cond.Eval(s, ""); ok {
+					activeStr = " (active)"
+				}
+			}
+			_, err = fmt.Fprintf(w, "[%s]%s\n\t%s\n", tag, activeStr, usage.Summary)
+		}
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/cilium/hive/script/errors.go b/vendor/github.com/cilium/hive/script/errors.go
new file mode 100644
index 0000000000..7f43e72888
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/errors.go
@@ -0,0 +1,64 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package script
+
+import (
+	"errors"
+	"fmt"
+)
+
+// ErrUnexpectedSuccess indicates that a script command that was expected to
+// fail (as indicated by a "!" prefix) instead completed successfully.
+var ErrUnexpectedSuccess = errors.New("unexpected success")
+
+// A CommandError describes an error resulting from attempting to execute a
+// specific command.
+type CommandError struct {
+	File string
+	Line int
+	Op   string
+	Args []string
+	Err  error
+}
+
+func cmdError(cmd *command, err error) *CommandError {
+	return &CommandError{
+		File: cmd.file,
+		Line: cmd.line,
+		Op:   cmd.name,
+		Args: cmd.args,
+		Err:  err,
+	}
+}
+
+func (e *CommandError) Error() string {
+	if len(e.Args) == 0 {
+		return fmt.Sprintf("%s:%d: %s: %v", e.File, e.Line, e.Op, e.Err)
+	}
+	return fmt.Sprintf("%s:%d: %s %s: %v", e.File, e.Line, e.Op, quoteArgs(e.Args), e.Err)
+}
+
+func (e *CommandError) Unwrap() error { return e.Err }
+
+// A UsageError reports the valid arguments for a command.
+//
+// It may be returned in response to invalid arguments.
+type UsageError struct {
+	Name    string
+	Command Cmd
+}
+
+func (e *UsageError) Error() string {
+	usage := e.Command.Usage()
+	suffix := ""
+	if usage.Async {
+		suffix = " [&]"
+	}
+	return fmt.Sprintf("usage: %s %s%s", e.Name, usage.Args, suffix)
+}
+
+// ErrUsage may be returned by a Command to indicate that it was called with
+// invalid arguments; its Usage method may be called to obtain details.
+var ErrUsage = errors.New("invalid usage")
diff --git a/vendor/github.com/cilium/hive/script/internal/diff/diff.go b/vendor/github.com/cilium/hive/script/internal/diff/diff.go
new file mode 100644
index 0000000000..0aeeb75eb0
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/internal/diff/diff.go
@@ -0,0 +1,261 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package diff
+
+import (
+	"bytes"
+	"fmt"
+	"sort"
+	"strings"
+)
+
+// A pair is a pair of values tracked for both the x and y side of a diff.
+// It is typically a pair of line indexes.
+type pair struct{ x, y int }
+
+// Diff returns an anchored diff of the two texts old and new
+// in the “unified diff” format. If old and new are identical,
+// Diff returns a nil slice (no output).
+//
+// Unix diff implementations typically look for a diff with
+// the smallest number of lines inserted and removed,
+// which can in the worst case take time quadratic in the
+// number of lines in the texts. As a result, many implementations
+// either can be made to run for a long time or cut off the search
+// after a predetermined amount of work.
+//
+// In contrast, this implementation looks for a diff with the
+// smallest number of “unique” lines inserted and removed,
+// where unique means a line that appears just once in both old and new.
+// We call this an “anchored diff” because the unique lines anchor
+// the chosen matching regions. An anchored diff is usually clearer
+// than a standard diff, because the algorithm does not try to
+// reuse unrelated blank lines or closing braces.
+// The algorithm also guarantees to run in O(n log n) time
+// instead of the standard O(n²) time.
+//
+// Some systems call this approach a “patience diff,” named for
+// the “patience sorting” algorithm, itself named for a solitaire card game.
+// We avoid that name for two reasons. First, the name has been used
+// for a few different variants of the algorithm, so it is imprecise.
+// Second, the name is frequently interpreted as meaning that you have
+// to wait longer (to be patient) for the diff, meaning that it is a slower algorithm,
+// when in fact the algorithm is faster than the standard one.
+func Diff(oldName string, old []byte, newName string, new []byte) []byte {
+	if bytes.Equal(old, new) {
+		return nil
+	}
+	x := lines(old)
+	y := lines(new)
+
+	// Print diff header.
+	var out bytes.Buffer
+	fmt.Fprintf(&out, "diff %s %s\n", oldName, newName)
+	fmt.Fprintf(&out, "--- %s\n", oldName)
+	fmt.Fprintf(&out, "+++ %s\n", newName)
+
+	// Loop over matches to consider,
+	// expanding each match to include surrounding lines,
+	// and then printing diff chunks.
+	// To avoid setup/teardown cases outside the loop,
+	// tgs returns a leading {0,0} and trailing {len(x), len(y)} pair
+	// in the sequence of matches.
+	var (
+		done  pair     // printed up to x[:done.x] and y[:done.y]
+		chunk pair     // start lines of current chunk
+		count pair     // number of lines from each side in current chunk
+		ctext []string // lines for current chunk
+	)
+	for _, m := range tgs(x, y) {
+		if m.x < done.x {
+			// Already handled scanning forward from earlier match.
+			continue
+		}
+
+		// Expand matching lines as far possible,
+		// establishing that x[start.x:end.x] == y[start.y:end.y].
+		// Note that on the first (or last) iteration we may (or definitely do)
+		// have an empty match: start.x==end.x and start.y==end.y.
+		start := m
+		for start.x > done.x && start.y > done.y && x[start.x-1] == y[start.y-1] {
+			start.x--
+			start.y--
+		}
+		end := m
+		for end.x < len(x) && end.y < len(y) && x[end.x] == y[end.y] {
+			end.x++
+			end.y++
+		}
+
+		// Emit the mismatched lines before start into this chunk.
+		// (No effect on first sentinel iteration, when start = {0,0}.)
+		for _, s := range x[done.x:start.x] {
+			ctext = append(ctext, "-"+s)
+			count.x++
+		}
+		for _, s := range y[done.y:start.y] {
+			ctext = append(ctext, "+"+s)
+			count.y++
+		}
+
+		// If we're not at EOF and have too few common lines,
+		// the chunk includes all the common lines and continues.
+		const C = 3 // number of context lines
+		if (end.x < len(x) || end.y < len(y)) &&
+			(end.x-start.x < C || (len(ctext) > 0 && end.x-start.x < 2*C)) {
+			for _, s := range x[start.x:end.x] {
+				ctext = append(ctext, " "+s)
+				count.x++
+				count.y++
+			}
+			done = end
+			continue
+		}
+
+		// End chunk with common lines for context.
+		if len(ctext) > 0 {
+			n := end.x - start.x
+			if n > C {
+				n = C
+			}
+			for _, s := range x[start.x : start.x+n] {
+				ctext = append(ctext, " "+s)
+				count.x++
+				count.y++
+			}
+			done = pair{start.x + n, start.y + n}
+
+			// Format and emit chunk.
+			// Convert line numbers to 1-indexed.
+			// Special case: empty file shows up as 0,0 not 1,0.
+			if count.x > 0 {
+				chunk.x++
+			}
+			if count.y > 0 {
+				chunk.y++
+			}
+			fmt.Fprintf(&out, "@@ -%d,%d +%d,%d @@\n", chunk.x, count.x, chunk.y, count.y)
+			for _, s := range ctext {
+				out.WriteString(s)
+			}
+			count.x = 0
+			count.y = 0
+			ctext = ctext[:0]
+		}
+
+		// If we reached EOF, we're done.
+		if end.x >= len(x) && end.y >= len(y) {
+			break
+		}
+
+		// Otherwise start a new chunk.
+		chunk = pair{end.x - C, end.y - C}
+		for _, s := range x[chunk.x:end.x] {
+			ctext = append(ctext, " "+s)
+			count.x++
+			count.y++
+		}
+		done = end
+	}
+
+	return out.Bytes()
+}
+
+// lines returns the lines in the file x, including newlines.
+// If the file does not end in a newline, one is supplied
+// along with a warning about the missing newline.
+func lines(x []byte) []string {
+	l := strings.SplitAfter(string(x), "\n")
+	if l[len(l)-1] == "" {
+		l = l[:len(l)-1]
+	} else {
+		// Treat last line as having a message about the missing newline attached,
+		// using the same text as BSD/GNU diff (including the leading backslash).
+		l[len(l)-1] += "\n\\ No newline at end of file\n"
+	}
+	return l
+}
+
+// tgs returns the pairs of indexes of the longest common subsequence
+// of unique lines in x and y, where a unique line is one that appears
+// once in x and once in y.
+//
+// The longest common subsequence algorithm is as described in
+// Thomas G. Szymanski, “A Special Case of the Maximal Common
+// Subsequence Problem,” Princeton TR #170 (January 1975),
+// available at https://research.swtch.com/tgs170.pdf.
+func tgs(x, y []string) []pair {
+	// Count the number of times each string appears in a and b.
+	// We only care about 0, 1, many, counted as 0, -1, -2
+	// for the x side and 0, -4, -8 for the y side.
+	// Using negative numbers now lets us distinguish positive line numbers later.
+	m := make(map[string]int)
+	for _, s := range x {
+		if c := m[s]; c > -2 {
+			m[s] = c - 1
+		}
+	}
+	for _, s := range y {
+		if c := m[s]; c > -8 {
+			m[s] = c - 4
+		}
+	}
+
+	// Now unique strings can be identified by m[s] = -1+-4.
+	//
+	// Gather the indexes of those strings in x and y, building:
+	//	xi[i] = increasing indexes of unique strings in x.
+	//	yi[i] = increasing indexes of unique strings in y.
+	//	inv[i] = index j such that x[xi[i]] = y[yi[j]].
+	var xi, yi, inv []int
+	for i, s := range y {
+		if m[s] == -1+-4 {
+			m[s] = len(yi)
+			yi = append(yi, i)
+		}
+	}
+	for i, s := range x {
+		if j, ok := m[s]; ok && j >= 0 {
+			xi = append(xi, i)
+			inv = append(inv, j)
+		}
+	}
+
+	// Apply Algorithm A from Szymanski's paper.
+	// In those terms, A = J = inv and B = [0, n).
+	// We add sentinel pairs {0,0}, and {len(x),len(y)}
+	// to the returned sequence, to help the processing loop.
+	J := inv
+	n := len(xi)
+	T := make([]int, n)
+	L := make([]int, n)
+	for i := range T {
+		T[i] = n + 1
+	}
+	for i := 0; i < n; i++ {
+		k := sort.Search(n, func(k int) bool {
+			return T[k] >= J[i]
+		})
+		T[k] = J[i]
+		L[i] = k + 1
+	}
+	k := 0
+	for _, v := range L {
+		if k < v {
+			k = v
+		}
+	}
+	seq := make([]pair, 2+k)
+	seq[1+k] = pair{len(x), len(y)} // sentinel at end
+	lastj := n
+	for i := n - 1; i >= 0; i-- {
+		if L[i] == k && J[i] < lastj {
+			seq[k] = pair{xi[i], yi[J[i]]}
+			k--
+		}
+	}
+	seq[0] = pair{0, 0} // sentinel at start
+	return seq
+}
diff --git a/vendor/github.com/cilium/hive/script/makeraw_unix.go b/vendor/github.com/cilium/hive/script/makeraw_unix.go
new file mode 100644
index 0000000000..3fffbc74dc
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/makeraw_unix.go
@@ -0,0 +1,37 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin || dragonfly || freebsd || netbsd || openbsd || aix || linux || solaris || zos
+
+package script
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// MakeRaw sets the terminal to raw mode, but with interrupt signals enabled.
+func MakeRaw(fd int) (restore func(), err error) {
+	termios, err := unix.IoctlGetTermios(fd, ioctlReadTermios)
+	if err != nil {
+		return nil, err
+	}
+
+	oldState := *termios
+
+	termios.Iflag &^= unix.IGNBRK | unix.BRKINT | unix.PARMRK | unix.ISTRIP | unix.INLCR | unix.IGNCR | unix.ICRNL | unix.IXON
+	termios.Oflag &^= unix.OPOST
+	termios.Lflag &^= unix.ECHO | unix.ECHONL | unix.ICANON | unix.IEXTEN
+	termios.Lflag |= unix.ISIG // Enable interrupt signals
+	termios.Cflag &^= unix.CSIZE | unix.PARENB
+	termios.Cflag |= unix.CS8
+	termios.Cc[unix.VMIN] = 1
+	termios.Cc[unix.VTIME] = 0
+	if err := unix.IoctlSetTermios(fd, ioctlWriteTermios, termios); err != nil {
+		return nil, err
+	}
+
+	return func() {
+		unix.IoctlSetTermios(fd, ioctlWriteTermios, &oldState)
+	}, nil
+}
diff --git a/vendor/github.com/cilium/hive/script/makeraw_unix_bsd.go b/vendor/github.com/cilium/hive/script/makeraw_unix_bsd.go
new file mode 100644
index 0000000000..064368d40a
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/makeraw_unix_bsd.go
@@ -0,0 +1,16 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin || dragonfly || freebsd || netbsd || openbsd
+
+package script
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+const (
+	ioctlReadTermios  = unix.TIOCGETA
+	ioctlWriteTermios = unix.TIOCSETA
+)
diff --git a/vendor/github.com/cilium/hive/script/makeraw_unix_other.go b/vendor/github.com/cilium/hive/script/makeraw_unix_other.go
new file mode 100644
index 0000000000..84449a5f56
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/makeraw_unix_other.go
@@ -0,0 +1,14 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || linux || solaris || zos
+
+package script
+
+import "golang.org/x/sys/unix"
+
+const (
+	ioctlReadTermios  = unix.TCGETS
+	ioctlWriteTermios = unix.TCSETS
+)
diff --git a/vendor/github.com/cilium/hive/script/makeraw_unsupported.go b/vendor/github.com/cilium/hive/script/makeraw_unsupported.go
new file mode 100644
index 0000000000..fe88ed87b2
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/makeraw_unsupported.go
@@ -0,0 +1,16 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !darwin && !linux
+
+package script
+
+import (
+	"fmt"
+	"runtime"
+)
+
+func MakeRaw(fd int) (restore func(), err error) {
+	return func() {}, fmt.Errorf("MakeRaw: not supported on %s", runtime.GOOS)
+}
diff --git a/vendor/github.com/cilium/hive/script/state.go b/vendor/github.com/cilium/hive/script/state.go
new file mode 100644
index 0000000000..1226dcf60e
--- /dev/null
+++ b/vendor/github.com/cilium/hive/script/state.go
@@ -0,0 +1,244 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package script
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/fs"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+	"strings"
+
+	"golang.org/x/tools/txtar"
+)
+
+// A State encapsulates the current state of a running script engine,
+// including the script environment and any running background commands.
+type State struct {
+	engine *Engine // the engine currently executing the script, if any
+
+	ctx    context.Context
+	cancel context.CancelFunc
+	file   string
+	log    bytes.Buffer
+	logOut io.Writer
+
+	workdir string            // initial working directory
+	pwd     string            // current working directory during execution
+	env     []string          // environment list (for os/exec)
+	envMap  map[string]string // environment mapping (matches env)
+	stdout  string            // standard output from last 'go' command; for 'stdout' command
+	stderr  string            // standard error from last 'go' command; for 'stderr' command
+
+	background []backgroundCmd
+}
+
+type backgroundCmd struct {
+	*command
+	wait WaitFunc
+}
+
+// NewState returns a new State permanently associated with ctx, with its
+// initial working directory in workdir and its initial environment set to
+// initialEnv (or os.Environ(), if initialEnv is nil).
+//
+// The new State also contains pseudo-environment-variables for
+// ${/} and ${:} (for the platform's path and list separators respectively),
+// but does not pass those to subprocesses.
+func NewState(ctx context.Context, workdir string, initialEnv []string) (*State, error) {
+	absWork, err := filepath.Abs(workdir)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx, cancel := context.WithCancel(ctx)
+
+	// Make a fresh copy of the env slice to avoid aliasing bugs if we ever
+	// start modifying it in place; this also establishes the invariant that
+	// s.env contains no duplicates.
+	env := cleanEnv(initialEnv, absWork)
+
+	envMap := make(map[string]string, len(env))
+
+	// Add entries for ${:} and ${/} to make it easier to write platform-independent
+	// paths in scripts.
+	envMap["/"] = string(os.PathSeparator)
+	envMap[":"] = string(os.PathListSeparator)
+
+	for _, kv := range env {
+		if k, v, ok := strings.Cut(kv, "="); ok {
+			envMap[k] = v
+		}
+	}
+
+	s := &State{
+		ctx:     ctx,
+		cancel:  cancel,
+		workdir: absWork,
+		pwd:     absWork,
+		env:     env,
+		envMap:  envMap,
+	}
+	s.Setenv("PWD", absWork)
+	return s, nil
+}
+
+// CloseAndWait cancels the State's Context and waits for any background commands to
+// finish. If any remaining background command ended in an unexpected state,
+// Close returns a non-nil error.
+func (s *State) CloseAndWait(log io.Writer) error {
+	s.cancel()
+	wait, err := Wait().Run(s)
+	if wait != nil {
+		panic("script: internal error: Wait unexpectedly returns its own WaitFunc")
+	}
+	defer func(prev io.Writer) { s.logOut = prev }(s.logOut)
+	s.logOut = log
+	if flushErr := s.FlushLog(); err == nil {
+		err = flushErr
+	}
+	return err
+}
+
+// Chdir changes the State's working directory to the given path.
+func (s *State) Chdir(path string) error {
+	dir := s.Path(path)
+	if _, err := os.Stat(dir); err != nil {
+		return &fs.PathError{Op: "Chdir", Path: dir, Err: err}
+	}
+	s.pwd = dir
+	s.Setenv("PWD", dir)
+	return nil
+}
+
+// Context returns the Context with which the State was created.
+func (s *State) Context() context.Context {
+	return s.ctx
+}
+
+// Environ returns a copy of the current script environment,
+// in the form "key=value".
+func (s *State) Environ() []string {
+	return append([]string(nil), s.env...)
+}
+
+// ExpandEnv replaces ${var} or $var in the string according to the values of
+// the environment variables in s. References to undefined variables are
+// replaced by the empty string.
+func (s *State) ExpandEnv(str string, inRegexp bool) string {
+	return os.Expand(str, func(key string) string {
+		e := s.envMap[key]
+		if inRegexp {
+			// Quote to literal strings: we want paths like C:\work\go1.4 to remain
+			// paths rather than regular expressions.
+			e = regexp.QuoteMeta(e)
+		}
+		return e
+	})
+}
+
+// ExtractFiles extracts the files in ar to the state's current directory,
+// expanding any environment variables within each name.
+//
+// The files must reside within the working directory with which the State was
+// originally created.
+func (s *State) ExtractFiles(ar *txtar.Archive) error {
+	wd := s.workdir
+
+	// Add trailing separator to terminate wd.
+	// This prevents extracting to outside paths which prefix wd,
+	// e.g. extracting to /home/foobar when wd is /home/foo
+	if wd == "" {
+		panic("s.workdir is unexpectedly empty")
+	}
+	if !os.IsPathSeparator(wd[len(wd)-1]) {
+		wd += string(filepath.Separator)
+	}
+
+	for _, f := range ar.Files {
+		name := s.Path(s.ExpandEnv(f.Name, false))
+
+		if !strings.HasPrefix(name, wd) {
+			return fmt.Errorf("file %#q is outside working directory", f.Name)
+		}
+
+		if err := os.MkdirAll(filepath.Dir(name), 0777); err != nil {
+			return err
+		}
+		if err := os.WriteFile(name, f.Data, 0666); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Getwd returns the directory in which to run the next script command.
+func (s *State) Getwd() string { return s.pwd }
+
+// Logf writes output to the script's log without updating its stdout or stderr
+// buffers. (The output log functions as a kind of meta-stderr.)
+func (s *State) Logf(format string, args ...any) {
+	fmt.Fprintf(&s.log, format, args...)
+}
+
+func (s *State) LogWriter() io.Writer {
+	return &s.log
+}
+
+// FlushLog writes out the contents of the script's log and clears the buffer.
+func (s *State) FlushLog() error {
+	_, err := s.logOut.Write(s.log.Bytes())
+	s.log.Reset()
+	return err
+}
+
+// LookupEnv retrieves the value of the environment variable in s named by the key.
+func (s *State) LookupEnv(key string) (string, bool) {
+	v, ok := s.envMap[key]
+	return v, ok
+}
+
+// Path returns the absolute path in the host operating system for a
+// script-based (generally slash-separated and relative) path.
+func (s *State) Path(path string) string {
+	if filepath.IsAbs(path) {
+		return filepath.Clean(path)
+	}
+	return filepath.Join(s.pwd, path)
+}
+
+// Setenv sets the value of the environment variable in s named by the key.
+func (s *State) Setenv(key, value string) error {
+	s.env = cleanEnv(append(s.env, key+"="+value), s.pwd)
+	s.envMap[key] = value
+	return nil
+}
+
+// Stdout returns the stdout output of the last command run,
+// or the empty string if no command has been run.
+func (s *State) Stdout() string { return s.stdout }
+
+// Stderr returns the stderr output of the last command run,
+// or the empty string if no command has been run.
+func (s *State) Stderr() string { return s.stderr }
+
+// cleanEnv returns a copy of env with any duplicates removed in favor of
+// later values and any required system variables defined.
+//
+// If env is nil, cleanEnv copies the environment from os.Environ().
+func cleanEnv(env []string, pwd string) []string {
+	// There are some funky edge-cases in this logic, especially on Windows (with
+	// case-insensitive environment variables and variables with keys like "=C:").
+	// Rather than duplicating exec.dedupEnv here, cheat and use exec.Cmd directly.
+	cmd := &exec.Cmd{Env: env}
+	cmd.Dir = pwd
+	return cmd.Environ()
+}
diff --git a/vendor/github.com/cilium/statedb/any_table.go b/vendor/github.com/cilium/statedb/any_table.go
new file mode 100644
index 0000000000..ebea155734
--- /dev/null
+++ b/vendor/github.com/cilium/statedb/any_table.go
@@ -0,0 +1,145 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package statedb
+
+import (
+	"fmt"
+	"iter"
+)
+
+// AnyTable allows any-typed access to a StateDB table. This is intended
+// for building generic tooling for accessing the table and should be
+// avoided if possible.
+type AnyTable struct {
+	Meta TableMeta
+}
+
+func (t AnyTable) All(txn ReadTxn) iter.Seq2[any, Revision] {
+	all, _ := t.AllWatch(txn)
+	return all
+}
+
+func (t AnyTable) AllWatch(txn ReadTxn) (iter.Seq2[any, Revision], <-chan struct{}) {
+	indexTxn := txn.getTxn().mustIndexReadTxn(t.Meta, PrimaryIndexPos)
+	return partSeq[any](indexTxn.Iterator()), indexTxn.RootWatch()
+}
+
+func (t AnyTable) UnmarshalYAML(data []byte) (any, error) {
+	return t.Meta.unmarshalYAML(data)
+}
+
+func (t AnyTable) Insert(txn WriteTxn, obj any) (old any, hadOld bool, err error) {
+	var iobj object
+	iobj, hadOld, err = txn.getTxn().insert(t.Meta, Revision(0), obj)
+	if hadOld {
+		old = iobj.data
+	}
+	return
+}
+
+func (t AnyTable) Delete(txn WriteTxn, obj any) (old any, hadOld bool, err error) {
+	var iobj object
+	iobj, hadOld, err = txn.getTxn().delete(t.Meta, Revision(0), obj)
+	if hadOld {
+		old = iobj.data
+	}
+	return
+}
+
+func (t AnyTable) Get(txn ReadTxn, index string, key string) (any, Revision, bool, error) {
+	itxn, rawKey, err := t.queryIndex(txn, index, key)
+	if err != nil {
+		return nil, 0, false, err
+	}
+	if itxn.unique {
+		obj, _, ok := itxn.Get(rawKey)
+		return obj.data, obj.revision, ok, nil
+	}
+	// For non-unique indexes we need to prefix search and make sure to fully
+	// match the secondary key.
+	iter, _ := itxn.Prefix(rawKey)
+	for {
+		k, obj, ok := iter.Next()
+		if !ok {
+			break
+		}
+		secondary, _ := decodeNonUniqueKey(k)
+		if len(secondary) == len(rawKey) {
+			return obj.data, obj.revision, true, nil
+		}
+	}
+	return nil, 0, false, nil
+}
+
+func (t AnyTable) Prefix(txn ReadTxn, index string, key string) (iter.Seq2[any, Revision], error) {
+	itxn, rawKey, err := t.queryIndex(txn, index, key)
+	if err != nil {
+		return nil, err
+	}
+	iter, _ := itxn.Prefix(rawKey)
+	if itxn.unique {
+		return partSeq[any](iter), nil
+	}
+	return nonUniqueSeq[any](iter, true, rawKey), nil
+}
+
+func (t AnyTable) LowerBound(txn ReadTxn, index string, key string) (iter.Seq2[any, Revision], error) {
+	itxn, rawKey, err := t.queryIndex(txn, index, key)
+	if err != nil {
+		return nil, err
+	}
+	iter := itxn.LowerBound(rawKey)
+	if itxn.unique {
+		return partSeq[any](iter), nil
+	}
+	return nonUniqueLowerBoundSeq[any](iter, rawKey), nil
+}
+
+func (t AnyTable) List(txn ReadTxn, index string, key string) (iter.Seq2[any, Revision], error) {
+	itxn, rawKey, err := t.queryIndex(txn, index, key)
+	if err != nil {
+		return nil, err
+	}
+	iter, _ := itxn.Prefix(rawKey)
+	if itxn.unique {
+		// Unique index means that there can be only a single matching object.
+		// Doing a Get() is more efficient than constructing an iterator.
+		value, _, ok := itxn.Get(rawKey)
+		return func(yield func(any, Revision) bool) {
+			if ok {
+				yield(value.data, value.revision)
+			}
+		}, nil
+	}
+	return nonUniqueSeq[any](iter, false, rawKey), nil
+}
+
+func (t AnyTable) queryIndex(txn ReadTxn, index string, key string) (indexReadTxn, []byte, error) {
+	indexer := t.Meta.getIndexer(index)
+	if indexer == nil {
+		return indexReadTxn{}, nil, fmt.Errorf("invalid index %q", index)
+	}
+	rawKey, err := indexer.fromString(key)
+	if err != nil {
+		return indexReadTxn{}, nil, err
+	}
+	itxn, err := txn.getTxn().indexReadTxn(t.Meta, indexer.pos)
+	return itxn, rawKey, err
+}
+
+func (t AnyTable) Changes(txn WriteTxn) (anyChangeIterator, error) {
+	return t.Meta.anyChanges(txn)
+}
+
+func (t AnyTable) TableHeader() []string {
+	zero := t.Meta.proto()
+	if tw, ok := zero.(TableWritable); ok {
+		return tw.TableHeader()
+	}
+	return nil
+}
+
+func (t AnyTable) Proto() any {
+	return t.Meta.proto()
+}
diff --git a/vendor/github.com/cilium/statedb/cell.go b/vendor/github.com/cilium/statedb/cell.go
index 38b0658777..9a23395074 100644
--- a/vendor/github.com/cilium/statedb/cell.go
+++ b/vendor/github.com/cilium/statedb/cell.go
@@ -16,6 +16,7 @@ var Cell = cell.Module(
 
 	cell.Provide(
 		newHiveDB,
+		ScriptCommands,
 	),
 )
 
diff --git a/vendor/github.com/cilium/statedb/db.go b/vendor/github.com/cilium/statedb/db.go
index 2ec4d62a93..be6f18ec41 100644
--- a/vendor/github.com/cilium/statedb/db.go
+++ b/vendor/github.com/cilium/statedb/db.go
@@ -208,9 +208,20 @@ func (db *DB) WriteTxn(table TableMeta, tables ...TableMeta) WriteTxn {
 	lockAt := time.Now()
 	smus.Lock()
 	acquiredAt := time.Now()
-
 	root := *db.root.Load()
 	tableEntries := make([]*tableEntry, len(root))
+
+	txn := &txn{
+		db:         db,
+		root:       root,
+		handle:     db.handleName,
+		acquiredAt: time.Now(),
+		writeTxn: writeTxn{
+			modifiedTables: tableEntries,
+			smus:           smus,
+		},
+	}
+
 	var tableNames []string
 	for _, table := range allTables {
 		tableEntry := root[table.tablePos()]
@@ -223,10 +234,12 @@ func (db *DB) WriteTxn(table TableMeta, tables ...TableMeta) WriteTxn {
 			table.Name(),
 			table.sortableMutex().AcquireDuration(),
 		)
+		table.acquired(txn)
 	}
 
 	// Sort the table names so they always appear ordered in metrics.
 	sort.Strings(tableNames)
+	txn.tableNames = tableNames
 
 	db.metrics.WriteTxnTotalAcquisition(
 		db.handleName,
@@ -234,19 +247,29 @@ func (db *DB) WriteTxn(table TableMeta, tables ...TableMeta) WriteTxn {
 		acquiredAt.Sub(lockAt),
 	)
 
-	txn := &txn{
-		db:             db,
-		root:           root,
-		modifiedTables: tableEntries,
-		smus:           smus,
-		acquiredAt:     acquiredAt,
-		tableNames:     tableNames,
-		handle:         db.handleName,
-	}
 	runtime.SetFinalizer(txn, txnFinalizer)
 	return txn
 }
 
+func (db *DB) GetTables(txn ReadTxn) (tbls []TableMeta) {
+	root := txn.getTxn().root
+	tbls = make([]TableMeta, 0, len(root))
+	for _, table := range root {
+		tbls = append(tbls, table.meta)
+	}
+	return
+}
+
+func (db *DB) GetTable(txn ReadTxn, name string) TableMeta {
+	root := txn.getTxn().root
+	for _, table := range root {
+		if table.meta.Name() == name {
+			return table.meta
+		}
+	}
+	return nil
+}
+
 // Start the background workers for the database.
 //
 // This starts the graveyard worker that deals with garbage collecting
diff --git a/vendor/github.com/cilium/statedb/http.go b/vendor/github.com/cilium/statedb/http.go
index 37b01019c5..96b1a651fd 100644
--- a/vendor/github.com/cilium/statedb/http.go
+++ b/vendor/github.com/cilium/statedb/http.go
@@ -137,7 +137,7 @@ func runQuery(indexTxn indexReadTxn, lowerbound bool, queryKey []byte, onObject
 		match = func(k []byte) bool { return len(k) == len(queryKey) }
 	default:
 		match = func(k []byte) bool {
-			_, secondary := decodeNonUniqueKey(k)
+			secondary, _ := decodeNonUniqueKey(k)
 			return len(secondary) == len(queryKey)
 		}
 	}
diff --git a/vendor/github.com/cilium/statedb/index/bool.go b/vendor/github.com/cilium/statedb/index/bool.go
index c60f7b9e61..8e37371542 100644
--- a/vendor/github.com/cilium/statedb/index/bool.go
+++ b/vendor/github.com/cilium/statedb/index/bool.go
@@ -3,6 +3,8 @@
 
 package index
 
+import "strconv"
+
 var (
 	trueKey  = []byte{'T'}
 	falseKey = []byte{'F'}
@@ -14,3 +16,8 @@ func Bool(b bool) Key {
 	}
 	return falseKey
 }
+
+func BoolString(s string) (Key, error) {
+	b, err := strconv.ParseBool(s)
+	return Bool(b), err
+}
diff --git a/vendor/github.com/cilium/statedb/index/int.go b/vendor/github.com/cilium/statedb/index/int.go
index 0b285c2638..caf26d8a88 100644
--- a/vendor/github.com/cilium/statedb/index/int.go
+++ b/vendor/github.com/cilium/statedb/index/int.go
@@ -5,6 +5,7 @@ package index
 
 import (
 	"encoding/binary"
+	"strconv"
 )
 
 // The indexing functions on integers should use big-endian encoding.
@@ -19,26 +20,78 @@ func Int(n int) Key {
 	return Int32(int32(n))
 }
 
+func IntString(s string) (Key, error) {
+	return Int32String(s)
+}
+
 func Int64(n int64) Key {
 	return Uint64(uint64(n))
 }
 
+func Int64String(s string) (Key, error) {
+	n, err := strconv.ParseInt(s, 10, 64)
+	if err != nil {
+		return Key{}, err
+	}
+	return Uint64(uint64(n)), nil
+}
+
 func Int32(n int32) Key {
 	return Uint32(uint32(n))
 }
 
+func Int32String(s string) (Key, error) {
+	n, err := strconv.ParseInt(s, 10, 32)
+	if err != nil {
+		return Key{}, err
+	}
+	return Uint32(uint32(n)), nil
+}
+
 func Int16(n int16) Key {
 	return Uint16(uint16(n))
 }
 
+func Int16String(s string) (Key, error) {
+	n, err := strconv.ParseInt(s, 10, 16)
+	if err != nil {
+		return Key{}, err
+	}
+	return Uint16(uint16(n)), nil
+}
+
 func Uint64(n uint64) Key {
 	return binary.BigEndian.AppendUint64(nil, n)
 }
 
+func Uint64String(s string) (Key, error) {
+	n, err := strconv.ParseUint(s, 10, 64)
+	if err != nil {
+		return Key{}, err
+	}
+	return Uint64(n), nil
+}
+
 func Uint32(n uint32) Key {
 	return binary.BigEndian.AppendUint32(nil, n)
 }
 
+func Uint32String(s string) (Key, error) {
+	n, err := strconv.ParseUint(s, 10, 32)
+	if err != nil {
+		return Key{}, err
+	}
+	return Uint32(uint32(n)), nil
+}
+
 func Uint16(n uint16) Key {
 	return binary.BigEndian.AppendUint16(nil, n)
 }
+
+func Uint16String(s string) (Key, error) {
+	n, err := strconv.ParseUint(s, 10, 16)
+	if err != nil {
+		return Key{}, err
+	}
+	return Uint16(uint16(n)), nil
+}
diff --git a/vendor/github.com/cilium/statedb/index/netip.go b/vendor/github.com/cilium/statedb/index/netip.go
index b8223d0554..7a95f63469 100644
--- a/vendor/github.com/cilium/statedb/index/netip.go
+++ b/vendor/github.com/cilium/statedb/index/netip.go
@@ -20,8 +20,24 @@ func NetIPAddr(addr netip.Addr) Key {
 	return buf[:]
 }
 
+func NetIPAddrString(s string) (Key, error) {
+	addr, err := netip.ParseAddr(s)
+	if err != nil {
+		return Key{}, err
+	}
+	return NetIPAddr(addr), nil
+}
+
 func NetIPPrefix(prefix netip.Prefix) Key {
 	// Use the 16-byte form plus bits to have a constant-size key.
 	addrBytes := prefix.Addr().As16()
 	return append(addrBytes[:], uint8(prefix.Bits()))
 }
+
+func NetIPPrefixString(s string) (Key, error) {
+	prefix, err := netip.ParsePrefix(s)
+	if err != nil {
+		return Key{}, err
+	}
+	return NetIPPrefix(prefix), nil
+}
diff --git a/vendor/github.com/cilium/statedb/index/string.go b/vendor/github.com/cilium/statedb/index/string.go
index 9a678f0ca2..99430bc3bd 100644
--- a/vendor/github.com/cilium/statedb/index/string.go
+++ b/vendor/github.com/cilium/statedb/index/string.go
@@ -12,6 +12,10 @@ func String(s string) Key {
 	return []byte(s)
 }
 
+func FromString(s string) (Key, error) {
+	return String(s), nil
+}
+
 func Stringer[T fmt.Stringer](s T) Key {
 	return String(s.String())
 }
diff --git a/vendor/github.com/cilium/statedb/internal/time.go b/vendor/github.com/cilium/statedb/internal/time.go
new file mode 100644
index 0000000000..5463ea0e4e
--- /dev/null
+++ b/vendor/github.com/cilium/statedb/internal/time.go
@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package internal
+
+import (
+	"fmt"
+	"time"
+)
+
+func PrettySince(t time.Time) string {
+	return PrettyDuration(time.Since(t))
+}
+
+func PrettyDuration(d time.Duration) string {
+	ago := float64(d) / float64(time.Microsecond)
+
+	// micros
+	if ago < 1000.0 {
+		return fmt.Sprintf("%.1fus", ago)
+	}
+
+	// millis
+	ago /= 1000.0
+	if ago < 1000.0 {
+		return fmt.Sprintf("%.1fms", ago)
+	}
+	// secs
+	ago /= 1000.0
+	if ago < 60.0 {
+		return fmt.Sprintf("%.1fs", ago)
+	}
+	// mins
+	ago /= 60.0
+	if ago < 60.0 {
+		return fmt.Sprintf("%.1fm", ago)
+	}
+	// hours
+	ago /= 60.0
+	return fmt.Sprintf("%.1fh", ago)
+}
diff --git a/vendor/github.com/cilium/statedb/iterator.go b/vendor/github.com/cilium/statedb/iterator.go
index 08b4e79042..301ce330d5 100644
--- a/vendor/github.com/cilium/statedb/iterator.go
+++ b/vendor/github.com/cilium/statedb/iterator.go
@@ -4,6 +4,7 @@
 package statedb
 
 import (
+	"bytes"
 	"fmt"
 	"iter"
 	"slices"
@@ -53,7 +54,7 @@ func ToSeq[A, B any](seq iter.Seq2[A, B]) iter.Seq[A] {
 	}
 }
 
-// partSeq returns a sequence of objects from a part Iterator.
+// partSeq returns a casted sequence of objects from a part Iterator.
 func partSeq[Obj any](iter *part.Iterator[object]) iter.Seq2[Obj, Revision] {
 	return func(yield func(Obj, Revision) bool) {
 		// Iterate over a clone of the original iterator to allow the sequence to be iterated
@@ -75,7 +76,7 @@ func partSeq[Obj any](iter *part.Iterator[object]) iter.Seq2[Obj, Revision] {
 // Non-unique indexes work by concatenating the secondary key with the
 // primary key and then prefix searching for the items:
 //
-//	<secondary><primary><secondary length>
+//	<secondary>\0<primary><secondary length>
 //	^^^^^^^^^^^
 //
 // Since the primary key can be of any length and we're prefix searching,
@@ -84,27 +85,53 @@ func partSeq[Obj any](iter *part.Iterator[object]) iter.Seq2[Obj, Revision] {
 // For example if we search for the key "aaaa", then we might have the following
 // matches (_ is just delimiting, not part of the key):
 //
-//	aaaa_bbb4
-//	aaa_abab3
-//	aaaa_ccc4
+//	aaaa\0bbb4
+//	aaa\0abab3
+//	aaaa\0ccc4
 //
-// We yield "aaaa_bbb4", skip "aaa_abab3" and yield "aaaa_ccc4".
-func nonUniqueSeq[Obj any](iter *part.Iterator[object], searchKey []byte) iter.Seq2[Obj, Revision] {
+// We yield "aaaa\0bbb4", skip "aaa\0abab3" and yield "aaaa\0ccc4".
+func nonUniqueSeq[Obj any](iter *part.Iterator[object], prefixSearch bool, searchKey []byte) iter.Seq2[Obj, Revision] {
 	return func(yield func(Obj, Revision) bool) {
 		// Clone the iterator to allow multiple iterations over the sequence.
 		it := iter.Clone()
+
+		var visited map[string]struct{}
+		if prefixSearch {
+			// When prefix searching, keep track of objects we've already seen as
+			// multiple keys in non-unique index may map to a single object.
+			// When just doing a List() on a non-unique index we will see each object
+			// only once and do not need to track this.
+			//
+			// This of course makes iterating over a non-unique index with a prefix
+			// (or lowerbound search) about 20x slower than normal!
+			visited = map[string]struct{}{}
+		}
+
 		for {
 			key, iobj, ok := it.Next()
 			if !ok {
 				break
 			}
 
-			_, secondary := decodeNonUniqueKey(key)
+			secondary, primary := decodeNonUniqueKey(key)
 
-			// The secondary key doesn't match the search key. Since the primary
-			// key length can vary, we need to continue the prefix search.
-			if len(secondary) != len(searchKey) {
+			switch {
+			case !prefixSearch && len(secondary) != len(searchKey):
+				// This a List(), thus secondary key must match length exactly.
 				continue
+			case prefixSearch && len(secondary) < len(searchKey):
+				// This is Prefix(), thus key must be equal or longer to search key.
+				continue
+			}
+
+			if prefixSearch {
+				// When doing a prefix search on a non-unique index we may see the
+				// same object multiple times since multiple keys may point it.
+				// Skip if we've already seen this object.
+				if _, found := visited[string(primary)]; found {
+					continue
+				}
+				visited[string(primary)] = struct{}{}
 			}
 
 			if !yield(iobj.data.(Obj), iobj.revision) {
@@ -114,6 +141,37 @@ func nonUniqueSeq[Obj any](iter *part.Iterator[object], searchKey []byte) iter.S
 	}
 }
 
+func nonUniqueLowerBoundSeq[Obj any](iter *part.Iterator[object], searchKey []byte) iter.Seq2[Obj, Revision] {
+	return func(yield func(Obj, Revision) bool) {
+		// Clone the iterator to allow multiple uses.
+		iter = iter.Clone()
+
+		// Keep track of objects we've already seen as multiple keys in non-unique
+		// index may map to a single object.
+		visited := map[string]struct{}{}
+		for {
+			key, iobj, ok := iter.Next()
+			if !ok {
+				break
+			}
+			// With a non-unique index we have a composite key <secondary><primary><secondary len>.
+			// This means we need to check every key that it's larger or equal to the search key.
+			// Just seeking to the first one isn't enough as the secondary key length may vary.
+			secondary, primary := decodeNonUniqueKey(key)
+			if bytes.Compare(secondary, searchKey) >= 0 {
+				if _, found := visited[string(primary)]; found {
+					continue
+				}
+				visited[string(primary)] = struct{}{}
+
+				if !yield(iobj.data.(Obj), iobj.revision) {
+					return
+				}
+			}
+		}
+	}
+}
+
 // iterator adapts the "any" object iterator to a typed object.
 type iterator[Obj any] struct {
 	iter interface{ Next() ([]byte, object, bool) }
@@ -128,6 +186,13 @@ func (it *iterator[Obj]) Next() (obj Obj, revision uint64, ok bool) {
 	return
 }
 
+// Iterator for iterating a sequence objects.
+type Iterator[Obj any] interface {
+	// Next returns the next object and its revision if ok is true, otherwise
+	// zero values to mean that the iteration has finished.
+	Next() (obj Obj, rev Revision, ok bool)
+}
+
 func NewDualIterator[Obj any](left, right Iterator[Obj]) *DualIterator[Obj] {
 	return &DualIterator[Obj]{
 		left:  iterState[Obj]{iter: left},
diff --git a/vendor/github.com/cilium/statedb/part/map.go b/vendor/github.com/cilium/statedb/part/map.go
index 9548a147a7..70d0b070fa 100644
--- a/vendor/github.com/cilium/statedb/part/map.go
+++ b/vendor/github.com/cilium/statedb/part/map.go
@@ -9,6 +9,8 @@ import (
 	"fmt"
 	"iter"
 	"reflect"
+
+	"gopkg.in/yaml.v3"
 )
 
 // Map of key-value pairs. The zero value is ready for use, provided
@@ -22,8 +24,8 @@ type Map[K, V any] struct {
 }
 
 type mapKVPair[K, V any] struct {
-	Key   K `json:"k"`
-	Value V `json:"v"`
+	Key   K `json:"k" yaml:"k"`
+	Value V `json:"v" yaml:"v"`
 }
 
 // FromMap copies values from the hash map into the given Map.
@@ -238,3 +240,29 @@ func (m *Map[K, V]) UnmarshalJSON(data []byte) error {
 	m.tree = txn.CommitOnly()
 	return nil
 }
+
+func (m Map[K, V]) MarshalYAML() (any, error) {
+	kvs := make([]mapKVPair[K, V], 0, m.Len())
+	iter := m.tree.Iterator()
+	for _, kv, ok := iter.Next(); ok; _, kv, ok = iter.Next() {
+		kvs = append(kvs, kv)
+	}
+	return kvs, nil
+}
+
+func (m *Map[K, V]) UnmarshalYAML(value *yaml.Node) error {
+	if value.Kind != yaml.SequenceNode {
+		return fmt.Errorf("%T.UnmarshalYAML: expected sequence", m)
+	}
+	m.ensureTree()
+	txn := m.tree.Txn()
+	for _, e := range value.Content {
+		var kv mapKVPair[K, V]
+		if err := e.Decode(&kv); err != nil {
+			return err
+		}
+		txn.Insert(m.bytesFromKey(kv.Key), mapKVPair[K, V]{kv.Key, kv.Value})
+	}
+	m.tree = txn.CommitOnly()
+	return nil
+}
diff --git a/vendor/github.com/cilium/statedb/part/set.go b/vendor/github.com/cilium/statedb/part/set.go
index 8c677bcda6..89a91f0a67 100644
--- a/vendor/github.com/cilium/statedb/part/set.go
+++ b/vendor/github.com/cilium/statedb/part/set.go
@@ -8,6 +8,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"iter"
+	"slices"
+
+	"gopkg.in/yaml.v3"
 )
 
 // Set is a persistent (immutable) set of values. A Set can be
@@ -208,6 +211,32 @@ func (s *Set[T]) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+func (s Set[T]) MarshalYAML() (any, error) {
+	// TODO: Once yaml.v3 supports iter.Seq, drop the Collect().
+	return slices.Collect(s.All()), nil
+}
+
+func (s *Set[T]) UnmarshalYAML(value *yaml.Node) error {
+	if value.Kind != yaml.SequenceNode {
+		return fmt.Errorf("%T.UnmarshalYAML: expected sequence", s)
+	}
+
+	if s.tree == nil {
+		*s = NewSet[T]()
+	}
+	txn := s.tree.Txn()
+
+	for _, e := range value.Content {
+		var v T
+		if err := e.Decode(&v); err != nil {
+			return err
+		}
+		txn.Insert(s.toBytes(v), v)
+	}
+	s.tree = txn.CommitOnly()
+	return nil
+}
+
 func toSeq[T any](iter *Iterator[T]) iter.Seq[T] {
 	return func(yield func(T) bool) {
 		if iter == nil {
diff --git a/vendor/github.com/cilium/statedb/reconciler/metrics.go b/vendor/github.com/cilium/statedb/reconciler/metrics.go
index f30984a8ee..e53b3b1003 100644
--- a/vendor/github.com/cilium/statedb/reconciler/metrics.go
+++ b/vendor/github.com/cilium/statedb/reconciler/metrics.go
@@ -24,6 +24,8 @@ const (
 )
 
 type ExpVarMetrics struct {
+	root *expvar.Map
+
 	ReconciliationCountVar         *expvar.Map
 	ReconciliationDurationVar      *expvar.Map
 	ReconciliationTotalErrorsVar   *expvar.Map
@@ -73,14 +75,22 @@ func NewUnpublishedExpVarMetrics() *ExpVarMetrics {
 	return newExpVarMetrics(false)
 }
 
+func (m *ExpVarMetrics) Map() *expvar.Map {
+	return m.root
+}
+
 func newExpVarMetrics(publish bool) *ExpVarMetrics {
+	root := new(expvar.Map).Init()
 	newMap := func(name string) *expvar.Map {
 		if publish {
 			return expvar.NewMap(name)
 		}
-		return new(expvar.Map).Init()
+		m := new(expvar.Map).Init()
+		root.Set(name, m)
+		return m
 	}
 	return &ExpVarMetrics{
+		root:                           root,
 		ReconciliationCountVar:         newMap("reconciliation_count"),
 		ReconciliationDurationVar:      newMap("reconciliation_duration"),
 		ReconciliationTotalErrorsVar:   newMap("reconciliation_total_errors"),
diff --git a/vendor/github.com/cilium/statedb/reconciler/types.go b/vendor/github.com/cilium/statedb/reconciler/types.go
index aa69beb285..01b9fa8224 100644
--- a/vendor/github.com/cilium/statedb/reconciler/types.go
+++ b/vendor/github.com/cilium/statedb/reconciler/types.go
@@ -19,6 +19,8 @@ import (
 	"github.com/cilium/hive/job"
 	"github.com/cilium/statedb"
 	"github.com/cilium/statedb/index"
+	"github.com/cilium/statedb/internal"
+	"gopkg.in/yaml.v3"
 )
 
 type Reconciler[Obj any] interface {
@@ -142,36 +144,48 @@ type Status struct {
 	id uint64
 }
 
-func (s Status) IsPendingOrRefreshing() bool {
-	return s.Kind == StatusKindPending || s.Kind == StatusKindRefreshing
+// statusJSON defines the JSON/YAML format for [Status]. Separate to
+// [Status] to allow custom unmarshalling that fills in [id].
+type statusJSON struct {
+	Kind      string    `json:"kind" yaml:"kind"`
+	UpdatedAt time.Time `json:"updated-at" yaml:"updated-at"`
+	Error     string    `json:"error,omitempty" yaml:"error,omitempty"`
 }
 
-func (s Status) String() string {
-	if s.Kind == StatusKindError {
-		return fmt.Sprintf("Error: %s (%s ago)", s.Error, prettySince(s.UpdatedAt))
-	}
-	return fmt.Sprintf("%s (%s ago)", s.Kind, prettySince(s.UpdatedAt))
+func (sj *statusJSON) fill(s *Status) {
+	s.Kind = StatusKind(sj.Kind)
+	s.UpdatedAt = sj.UpdatedAt
+	s.Error = sj.Error
+	s.id = nextID()
 }
 
-func prettySince(t time.Time) string {
-	ago := float64(time.Now().Sub(t)) / float64(time.Millisecond)
-	// millis
-	if ago < 1000.0 {
-		return fmt.Sprintf("%.1fms", ago)
+func (s *Status) UnmarshalYAML(value *yaml.Node) error {
+	var sj statusJSON
+	if err := value.Decode(&sj); err != nil {
+		return err
 	}
-	// secs
-	ago /= 1000.0
-	if ago < 60.0 {
-		return fmt.Sprintf("%.1fs", ago)
+	sj.fill(s)
+	return nil
+}
+
+func (s *Status) UnmarshalJSON(data []byte) error {
+	var sj statusJSON
+	if err := json.Unmarshal(data, &sj); err != nil {
+		return err
 	}
-	// mins
-	ago /= 60.0
-	if ago < 60.0 {
-		return fmt.Sprintf("%.1fm", ago)
+	sj.fill(s)
+	return nil
+}
+
+func (s Status) IsPendingOrRefreshing() bool {
+	return s.Kind == StatusKindPending || s.Kind == StatusKindRefreshing
+}
+
+func (s Status) String() string {
+	if s.Kind == StatusKindError {
+		return fmt.Sprintf("Error: %s (%s ago)", s.Error, internal.PrettySince(s.UpdatedAt))
 	}
-	// hours
-	ago /= 60.0
-	return fmt.Sprintf("%.1fh", ago)
+	return fmt.Sprintf("%s (%s ago)", s.Kind, internal.PrettySince(s.UpdatedAt))
 }
 
 var idGen atomic.Uint64
@@ -206,6 +220,7 @@ func StatusRefreshing() Status {
 		Kind:      StatusKindRefreshing,
 		UpdatedAt: time.Now(),
 		Error:     "",
+		id:        nextID(),
 	}
 }
 
@@ -216,6 +231,7 @@ func StatusDone() Status {
 		Kind:      StatusKindDone,
 		UpdatedAt: time.Now(),
 		Error:     "",
+		id:        nextID(),
 	}
 }
 
@@ -226,6 +242,7 @@ func StatusError(err error) Status {
 		Kind:      StatusKindError,
 		UpdatedAt: time.Now(),
 		Error:     err.Error(),
+		id:        nextID(),
 	}
 }
 
@@ -314,7 +331,7 @@ func (s StatusSet) String() string {
 		b.WriteString(strings.Join(done, " "))
 	}
 	b.WriteString(" (")
-	b.WriteString(prettySince(updatedAt))
+	b.WriteString(internal.PrettySince(updatedAt))
 	b.WriteString(" ago)")
 	return b.String()
 }
diff --git a/vendor/github.com/cilium/statedb/script.go b/vendor/github.com/cilium/statedb/script.go
new file mode 100644
index 0000000000..88488a8c20
--- /dev/null
+++ b/vendor/github.com/cilium/statedb/script.go
@@ -0,0 +1,836 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package statedb
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"flag"
+	"fmt"
+	"io"
+	"iter"
+	"maps"
+	"os"
+	"regexp"
+	"slices"
+	"strings"
+	"time"
+
+	"github.com/cilium/hive"
+	"github.com/cilium/hive/script"
+	"github.com/liggitt/tabwriter"
+	"golang.org/x/time/rate"
+	"gopkg.in/yaml.v3"
+)
+
+func ScriptCommands(db *DB) hive.ScriptCmdOut {
+	subCmds := map[string]script.Cmd{
+		"tables":      TablesCmd(db),
+		"show":        ShowCmd(db),
+		"cmp":         CompareCmd(db),
+		"insert":      InsertCmd(db),
+		"delete":      DeleteCmd(db),
+		"get":         GetCmd(db),
+		"prefix":      PrefixCmd(db),
+		"list":        ListCmd(db),
+		"lowerbound":  LowerBoundCmd(db),
+		"watch":       WatchCmd(db),
+		"initialized": InitializedCmd(db),
+	}
+	subCmdsList := strings.Join(slices.Collect(maps.Keys(subCmds)), ", ")
+	return hive.NewScriptCmd(
+		"db",
+		script.Command(
+			script.CmdUsage{
+				Summary: "Inspect and manipulate StateDB",
+				Args:    "cmd args...",
+				Detail: []string{
+					"Supported commands: " + subCmdsList,
+				},
+			},
+			func(s *script.State, args ...string) (script.WaitFunc, error) {
+				if len(args) < 1 {
+					return nil, fmt.Errorf("expected command (%s)", subCmdsList)
+				}
+				cmd, ok := subCmds[args[0]]
+				if !ok {
+					return nil, fmt.Errorf("command not found, expected one of %s", subCmdsList)
+				}
+				wf, err := cmd.Run(s, args[1:]...)
+				if errors.Is(err, errUsage) {
+					s.Logf("usage: db %s %s\n", args[0], cmd.Usage().Args)
+				}
+				return wf, err
+			},
+		),
+	)
+}
+
+var errUsage = errors.New("bad arguments")
+
+func TablesCmd(db *DB) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "Show StateDB tables",
+			Args:    "table",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			txn := db.ReadTxn()
+			tbls := db.GetTables(txn)
+			w := newTabWriter(s.LogWriter())
+			fmt.Fprintf(w, "Name\tObject count\tDeleted objects\tIndexes\tInitializers\tGo type\tLast WriteTxn\n")
+			for _, tbl := range tbls {
+				idxs := strings.Join(tbl.Indexes(), ", ")
+				fmt.Fprintf(w, "%s\t%d\t%d\t%s\t%v\t%T\t%s\n",
+					tbl.Name(), tbl.NumObjects(txn), tbl.numDeletedObjects(txn), idxs, tbl.PendingInitializers(txn), tbl.proto(), tbl.getAcquiredInfo())
+			}
+			w.Flush()
+			return nil, nil
+		},
+	)
+}
+
+func newCmdFlagSet() *flag.FlagSet {
+	return &flag.FlagSet{
+		// Disable showing the normal usage.
+		Usage: func() {},
+	}
+}
+
+func InitializedCmd(db *DB) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "Wait until all or specific tables have been initialized",
+			Args:    "(-timeout=<duration>) table...",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			txn := db.ReadTxn()
+			allTbls := db.GetTables(txn)
+			tbls := allTbls
+
+			flags := newCmdFlagSet()
+			timeout := flags.Duration("timeout", 5*time.Second, "Maximum amount of time to wait for the table contents to match")
+			if err := flags.Parse(args); err != nil {
+				return nil, fmt.Errorf("%w: %s", errUsage, err)
+			}
+			timeoutChan := time.After(*timeout)
+			args = flags.Args()
+
+			if len(args) > 0 {
+				// Specific tables requested, look them up.
+				tbls = make([]TableMeta, 0, len(args))
+				for _, tableName := range args {
+					found := false
+					for _, tbl := range allTbls {
+						if tableName == tbl.Name() {
+							tbls = append(tbls, tbl)
+							found = true
+							break
+						}
+					}
+					if !found {
+						return nil, fmt.Errorf("table %q not found", tableName)
+					}
+				}
+			}
+
+			for _, tbl := range tbls {
+				init, watch := tbl.Initialized(txn)
+				if init {
+					s.Logf("%s initialized\n", tbl.Name())
+					continue
+				}
+				s.Logf("Waiting for %s to initialize (%v)...\n", tbl.Name(), tbl.PendingInitializers(txn))
+				select {
+				case <-s.Context().Done():
+					return nil, s.Context().Err()
+				case <-timeoutChan:
+					return nil, fmt.Errorf("timed out")
+				case <-watch:
+					s.Logf("%s initialized\n", tbl.Name())
+				}
+			}
+			return nil, nil
+		},
+	)
+}
+
+func ShowCmd(db *DB) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "Show table",
+			Args:    "(-o=<file>) (-columns=col1,...) (-format={table,yaml,json}) table",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			flags := newCmdFlagSet()
+			file := flags.String("o", "", "File to write to instead of stdout")
+			columns := flags.String("columns", "", "Comma-separated list of columns to write")
+			format := flags.String("format", "table", "Format to write in (table, yaml, json)")
+			if err := flags.Parse(args); err != nil {
+				return nil, fmt.Errorf("%w: %s", errUsage, err)
+			}
+
+			var cols []string
+			if len(*columns) > 0 {
+				cols = strings.Split(*columns, ",")
+			}
+
+			args = flags.Args()
+			if len(args) < 1 {
+				return nil, fmt.Errorf("%w: missing table name", errUsage)
+			}
+			tableName := args[0]
+			return func(*script.State) (stdout, stderr string, err error) {
+				var buf strings.Builder
+				var w io.Writer
+				if *file == "" {
+					w = &buf
+				} else {
+					f, err := os.OpenFile(s.Path(*file), os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
+					if err != nil {
+						return "", "", fmt.Errorf("OpenFile(%s): %w", *file, err)
+					}
+					defer f.Close()
+					w = f
+				}
+				tbl, txn, err := getTable(db, tableName)
+				if err != nil {
+					return "", "", err
+				}
+				err = writeObjects(tbl, tbl.All(txn), w, cols, *format)
+				return buf.String(), "", err
+			}, nil
+		})
+}
+
+func CompareCmd(db *DB) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "Compare table",
+			Args:    "(-timeout=<dur>) (-grep=<pattern>) table file",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			flags := newCmdFlagSet()
+			timeout := flags.Duration("timeout", time.Second, "Maximum amount of time to wait for the table contents to match")
+			grep := flags.String("grep", "", "Grep the result rows and only compare matching ones")
+			err := flags.Parse(args)
+			args = flags.Args()
+			if err != nil || len(args) != 2 {
+				return nil, fmt.Errorf("%w: %s", errUsage, err)
+			}
+
+			var grepRe *regexp.Regexp
+			if *grep != "" {
+				grepRe, err = regexp.Compile(*grep)
+				if err != nil {
+					return nil, fmt.Errorf("bad grep: %w", err)
+				}
+			}
+
+			tableName := args[0]
+
+			txn := db.ReadTxn()
+			meta := db.GetTable(txn, tableName)
+			if meta == nil {
+				return nil, fmt.Errorf("table %q not found", tableName)
+			}
+			tbl := AnyTable{Meta: meta}
+			header := tbl.TableHeader()
+
+			data, err := os.ReadFile(s.Path(args[1]))
+			if err != nil {
+				return nil, fmt.Errorf("ReadFile(%s): %w", args[1], err)
+			}
+			lines := strings.Split(string(data), "\n")
+			lines = slices.DeleteFunc(lines, func(line string) bool {
+				return strings.TrimSpace(line) == ""
+			})
+			if len(lines) < 1 {
+				return nil, fmt.Errorf("%q missing header line, e.g. %q", args[1], strings.Join(header, " "))
+			}
+
+			columnNames, columnPositions := splitHeaderLine(lines[0])
+			columnIndexes, err := getColumnIndexes(columnNames, header)
+			if err != nil {
+				return nil, err
+			}
+			lines = lines[1:]
+			origLines := lines
+			timeoutChan := time.After(*timeout)
+
+			for {
+				lines = origLines
+
+				// Create the diff between 'lines' and the rows in the table.
+				equal := true
+				var diff bytes.Buffer
+				w := newTabWriter(&diff)
+				fmt.Fprintf(w, "  %s\n", joinByPositions(columnNames, columnPositions))
+
+				objs, watch := tbl.AllWatch(db.ReadTxn())
+				for obj := range objs {
+					rowRaw := takeColumns(obj.(TableWritable).TableRow(), columnIndexes)
+					row := joinByPositions(rowRaw, columnPositions)
+					if grepRe != nil && !grepRe.Match([]byte(row)) {
+						continue
+					}
+
+					if len(lines) == 0 {
+						equal = false
+						fmt.Fprintf(w, "- %s\n", row)
+						continue
+					}
+					line := lines[0]
+					splitLine := splitByPositions(line, columnPositions)
+
+					if slices.Equal(rowRaw, splitLine) {
+						fmt.Fprintf(w, "  %s\n", row)
+					} else {
+						fmt.Fprintf(w, "- %s\n", row)
+						fmt.Fprintf(w, "+ %s\n", line)
+						equal = false
+					}
+					lines = lines[1:]
+				}
+				for _, line := range lines {
+					fmt.Fprintf(w, "+ %s\n", line)
+					equal = false
+				}
+				if equal {
+					return nil, nil
+				}
+				w.Flush()
+
+				select {
+				case <-s.Context().Done():
+					return nil, s.Context().Err()
+
+				case <-timeoutChan:
+					return nil, fmt.Errorf("table mismatch:\n%s", diff.String())
+
+				case <-watch:
+				}
+			}
+		})
+}
+
+func InsertCmd(db *DB) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "Insert object into a table",
+			Args:    "table path...",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			return insertOrDelete(true, db, s, args...)
+		},
+	)
+}
+
+func DeleteCmd(db *DB) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "Delete an object from the table",
+			Args:    "table path...",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			return insertOrDelete(false, db, s, args...)
+		},
+	)
+}
+
+func getTable(db *DB, tableName string) (*AnyTable, ReadTxn, error) {
+	txn := db.ReadTxn()
+	meta := db.GetTable(txn, tableName)
+	if meta == nil {
+		return nil, nil, fmt.Errorf("table %q not found", tableName)
+	}
+	return &AnyTable{Meta: meta}, txn, nil
+}
+
+func insertOrDelete(insert bool, db *DB, s *script.State, args ...string) (script.WaitFunc, error) {
+	if len(args) < 2 {
+		return nil, fmt.Errorf("%w: expected table and path(s)", errUsage)
+	}
+
+	tbl, _, err := getTable(db, args[0])
+	if err != nil {
+		return nil, err
+	}
+
+	wtxn := db.WriteTxn(tbl.Meta)
+	defer wtxn.Commit()
+
+	for _, arg := range args[1:] {
+		data, err := os.ReadFile(s.Path(arg))
+		if err != nil {
+			return nil, fmt.Errorf("ReadFile(%s): %w", arg, err)
+		}
+		parts := strings.Split(string(data), "---")
+		for _, part := range parts {
+			obj, err := tbl.UnmarshalYAML([]byte(part))
+			if err != nil {
+				return nil, fmt.Errorf("Unmarshal(%s): %w", arg, err)
+			}
+			if insert {
+				_, _, err = tbl.Insert(wtxn, obj)
+				if err != nil {
+					return nil, fmt.Errorf("Insert(%s): %w", arg, err)
+				}
+			} else {
+				_, _, err = tbl.Delete(wtxn, obj)
+				if err != nil {
+					return nil, fmt.Errorf("Delete(%s): %w", arg, err)
+				}
+
+			}
+		}
+	}
+	return nil, nil
+}
+
+func PrefixCmd(db *DB) script.Cmd {
+	return queryCmd(db, queryCmdPrefix, "Query table by prefix")
+}
+
+func LowerBoundCmd(db *DB) script.Cmd {
+	return queryCmd(db, queryCmdLowerBound, "Query table by lower bound search")
+}
+
+func ListCmd(db *DB) script.Cmd {
+	return queryCmd(db, queryCmdList, "List objects in the table")
+}
+
+func GetCmd(db *DB) script.Cmd {
+	return queryCmd(db, queryCmdGet, "Get the first matching object")
+}
+
+const (
+	queryCmdList = iota
+	queryCmdPrefix
+	queryCmdLowerBound
+	queryCmdGet
+)
+
+func queryCmd(db *DB, query int, summary string) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: summary,
+			Args:    "(-o=<file>) (-columns=col1,...) (-format={table*,yaml,json}) (-index=<index>) table key",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			return runQueryCmd(query, db, s, args)
+		},
+	)
+}
+
+func runQueryCmd(query int, db *DB, s *script.State, args []string) (script.WaitFunc, error) {
+	flags := newCmdFlagSet()
+	file := flags.String("o", "", "File to write results to instead of stdout")
+	index := flags.String("index", "", "Index to query")
+	format := flags.String("format", "table", "Format to write in (table, yaml, json)")
+	columns := flags.String("columns", "", "Comma-separated list of columns to write")
+	delete := flags.Bool("delete", false, "Delete all matching objects")
+	if err := flags.Parse(args); err != nil {
+		return nil, fmt.Errorf("%w: %s", errUsage, err)
+	}
+
+	var cols []string
+	if len(*columns) > 0 {
+		cols = strings.Split(*columns, ",")
+	}
+
+	args = flags.Args()
+	if len(args) < 2 {
+		return nil, fmt.Errorf("%w: expected table and key", errUsage)
+	}
+
+	return func(*script.State) (stdout, stderr string, err error) {
+		tbl, txn, err := getTable(db, args[0])
+		if err != nil {
+			return "", "", err
+		}
+
+		var buf strings.Builder
+		var w io.Writer
+		if *file == "" {
+			w = &buf
+		} else {
+			f, err := os.OpenFile(s.Path(*file), os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
+			if err != nil {
+				return "", "", fmt.Errorf("OpenFile(%s): %s", *file, err)
+			}
+			defer f.Close()
+			w = f
+		}
+
+		var it iter.Seq2[any, uint64]
+		switch query {
+		case queryCmdList:
+			it, err = tbl.List(txn, *index, args[1])
+		case queryCmdLowerBound:
+			it, err = tbl.LowerBound(txn, *index, args[1])
+		case queryCmdPrefix:
+			it, err = tbl.Prefix(txn, *index, args[1])
+		case queryCmdGet:
+			it, err = tbl.List(txn, *index, args[1])
+			if err == nil {
+				it = firstOfSeq2(it)
+			}
+		default:
+			panic("unknown query enum")
+		}
+		if err != nil {
+			return "", "", fmt.Errorf("query: %w", err)
+		}
+
+		err = writeObjects(tbl, it, w, cols, *format)
+		if err != nil {
+			return "", "", err
+		}
+
+		if *delete {
+			wtxn := db.WriteTxn(tbl.Meta)
+			count := 0
+			for obj := range it {
+				_, hadOld, err := tbl.Delete(wtxn, obj)
+				if err != nil {
+					wtxn.Abort()
+					return "", "", err
+				}
+				if hadOld {
+					count++
+				}
+			}
+			s.Logf("Deleted %d objects\n", count)
+			wtxn.Commit()
+		}
+
+		return buf.String(), "", err
+	}, nil
+}
+
+func WatchCmd(db *DB) script.Cmd {
+	return script.Command(
+		script.CmdUsage{
+			Summary: "Watch a table for changes",
+			Args:    "table",
+		},
+		func(s *script.State, args ...string) (script.WaitFunc, error) {
+			if len(args) < 1 {
+				return nil, fmt.Errorf("expected table name")
+			}
+
+			tbl, _, err := getTable(db, args[0])
+			if err != nil {
+				return nil, err
+			}
+			wtxn := db.WriteTxn(tbl.Meta)
+			iter, err := tbl.Changes(wtxn)
+			wtxn.Commit()
+			if err != nil {
+				return nil, err
+			}
+
+			header := tbl.TableHeader()
+			if header == nil {
+				return nil, fmt.Errorf("objects in table %q not TableWritable", tbl.Meta.Name())
+			}
+			tw := newTabWriter(&strikethroughWriter{w: s.LogWriter()})
+			fmt.Fprintf(tw, "%s\n", strings.Join(header, "\t"))
+
+			limiter := rate.NewLimiter(10.0, 1)
+			for {
+				if err := limiter.Wait(s.Context()); err != nil {
+					break
+				}
+				changes, watch := iter.nextAny(db.ReadTxn())
+				for change := range changes {
+					row := change.Object.(TableWritable).TableRow()
+					if change.Deleted {
+						fmt.Fprintf(tw, "%s (deleted)%s", strings.Join(row, "\t"), magicStrikethroughNewline)
+					} else {
+						fmt.Fprintf(tw, "%s\n", strings.Join(row, "\t"))
+					}
+				}
+				tw.Flush()
+				if err := s.FlushLog(); err != nil {
+					return nil, err
+				}
+				select {
+				case <-watch:
+				case <-s.Context().Done():
+					return nil, nil
+				}
+			}
+			return nil, nil
+
+		},
+	)
+}
+
+func firstOfSeq2[A, B any](it iter.Seq2[A, B]) iter.Seq2[A, B] {
+	return func(yield func(a A, b B) bool) {
+		for a, b := range it {
+			yield(a, b)
+			break
+		}
+	}
+}
+
+func writeObjects(tbl *AnyTable, it iter.Seq2[any, Revision], w io.Writer, columns []string, format string) error {
+	if len(columns) > 0 && format != "table" {
+		return fmt.Errorf("-columns not supported with non-table formats")
+	}
+	switch format {
+	case "yaml":
+		sep := []byte("---\n")
+		first := true
+		for obj := range it {
+			if !first {
+				w.Write(sep)
+			}
+			first = false
+
+			out, err := yaml.Marshal(obj)
+			if err != nil {
+				return fmt.Errorf("yaml.Marshal: %w", err)
+			}
+			if _, err := w.Write(out); err != nil {
+				return err
+			}
+		}
+		return nil
+	case "json":
+		sep := []byte("\n")
+		first := true
+		for obj := range it {
+			if !first {
+				w.Write(sep)
+			}
+			first = false
+
+			out, err := json.Marshal(obj)
+			if err != nil {
+				return fmt.Errorf("json.Marshal: %w", err)
+			}
+			if _, err := w.Write(out); err != nil {
+				return err
+			}
+		}
+		return nil
+	case "table":
+		header := tbl.TableHeader()
+		if header == nil {
+			return fmt.Errorf("objects in table %q not TableWritable", tbl.Meta.Name())
+		}
+
+		var idxs []int
+		var err error
+		if len(columns) > 0 {
+			idxs, err = getColumnIndexes(columns, header)
+			header = columns
+		} else {
+			idxs, err = getColumnIndexes(header, header)
+		}
+		if err != nil {
+			return err
+		}
+		tw := newTabWriter(w)
+		fmt.Fprintf(tw, "%s\n", strings.Join(header, "\t"))
+
+		for obj := range it {
+			row := takeColumns(obj.(TableWritable).TableRow(), idxs)
+			fmt.Fprintf(tw, "%s\n", strings.Join(row, "\t"))
+		}
+		return tw.Flush()
+	}
+	return fmt.Errorf("unknown format %q, expected table, yaml or json", format)
+}
+
+func takeColumns[T any](xs []T, idxs []int) (out []T) {
+	for _, idx := range idxs {
+		out = append(out, xs[idx])
+	}
+	return
+}
+
+func getColumnIndexes(names []string, header []string) ([]int, error) {
+	columnIndexes := make([]int, 0, len(header))
+loop:
+	for _, name := range names {
+		for i, name2 := range header {
+			if strings.EqualFold(name, name2) {
+				columnIndexes = append(columnIndexes, i)
+				continue loop
+			}
+		}
+		return nil, fmt.Errorf("column %q not part of %v", name, header)
+	}
+	return columnIndexes, nil
+}
+
+// splitHeaderLine takes a header of column names separated by any
+// number of whitespaces and returns the names and their starting positions.
+// e.g. "Foo  Bar Baz" would result in ([Foo,Bar,Baz],[0,5,9]).
+// With this information we can take a row in the database and format it
+// the same way as our test data.
+func splitHeaderLine(line string) (names []string, pos []int) {
+	start := 0
+	skip := true
+	for i, r := range line {
+		switch r {
+		case ' ', '\t':
+			if !skip {
+				names = append(names, line[start:i])
+				pos = append(pos, start)
+				start = -1
+			}
+			skip = true
+		default:
+			skip = false
+			if start == -1 {
+				start = i
+			}
+		}
+	}
+	if start >= 0 && start < len(line) {
+		names = append(names, line[start:])
+		pos = append(pos, start)
+	}
+	return
+}
+
+// splitByPositions takes a "row" line and the positions of the header columns
+// and extracts the values.
+// e.g. if we have the positions [0,5,9] (from header "Foo  Bar Baz") and
+// line is "1    a   b", then we'd extract [1,a,b].
+// The whitespace on the right of the start position (e.g. "1  \t") is trimmed.
+// This of course requires that the table is properly formatted in a way that the
+// header columns are indented to fit the data exactly.
+func splitByPositions(line string, positions []int) []string {
+	out := make([]string, 0, len(positions))
+	start := 0
+	for _, pos := range positions[1:] {
+		if start >= len(line) {
+			out = append(out, "")
+			start = len(line)
+			continue
+		}
+		out = append(out, strings.TrimRight(line[start:min(pos, len(line))], " \t"))
+		start = pos
+	}
+	out = append(out, strings.TrimRight(line[min(start, len(line)):], " \t"))
+	return out
+}
+
+// joinByPositions is the reverse of splitByPositions, it takes the columns of a
+// row and the starting positions of each and joins into a single line.
+// e.g. [1,a,b] and positions [0,5,9] expands to "1    a   b".
+// NOTE: This does not deal well with mixing tabs and spaces. The test input
+// data should preferably just use spaces.
+func joinByPositions(row []string, positions []int) string {
+	var w strings.Builder
+	prev := 0
+	for i, pos := range positions {
+		for pad := pos - prev; pad > 0; pad-- {
+			w.WriteByte(' ')
+		}
+		w.WriteString(row[i])
+		prev = pos + len(row[i])
+	}
+	return w.String()
+}
+
+// strikethroughWriter writes a line of text that is striken through
+// if the line contains the magic character at the end before \n.
+// This is used to strike through a tab-formatted line without messing
+// up with the widths of the cells.
+type strikethroughWriter struct {
+	buf           []byte
+	strikethrough bool
+	w             io.Writer
+}
+
+var (
+	// Magic character to use at the end of the line to denote that this should be
+	// striken through.
+	// This is to avoid messing up the width calculations in the tab writer, which
+	// would happen if ANSI codes were used directly.
+	magicStrikethrough        = byte('\xfe')
+	magicStrikethroughNewline = "\xfe\n"
+)
+
+func stripTrailingWhitespace(buf []byte) []byte {
+	idx := bytes.LastIndexFunc(
+		buf,
+		func(r rune) bool {
+			return r != ' ' && r != '\t'
+		},
+	)
+	if idx > 0 {
+		return buf[:idx+1]
+	}
+	return buf
+}
+
+func (s *strikethroughWriter) Write(p []byte) (n int, err error) {
+	write := func(bs []byte) {
+		if err == nil {
+			_, e := s.w.Write(bs)
+			if e != nil {
+				err = e
+			}
+		}
+	}
+	for _, c := range p {
+		switch c {
+		case '\n':
+			s.buf = stripTrailingWhitespace(s.buf)
+
+			if s.strikethrough {
+				write(beginStrikethrough)
+				write(s.buf)
+				write(endStrikethrough)
+			} else {
+				write(s.buf)
+			}
+			write(newline)
+
+			s.buf = s.buf[:0] // reset len for reuse.
+			s.strikethrough = false
+
+			if err != nil {
+				return 0, err
+			}
+
+		case magicStrikethrough:
+			s.strikethrough = true
+
+		default:
+			s.buf = append(s.buf, c)
+		}
+	}
+	return len(p), nil
+}
+
+var (
+	// Use color red and the strikethrough escape
+	beginStrikethrough = []byte("\033[9m\033[31m")
+	endStrikethrough   = []byte("\033[0m")
+	newline            = []byte("\n")
+)
+
+var _ io.Writer = &strikethroughWriter{}
+
+func newTabWriter(out io.Writer) *tabwriter.Writer {
+	const (
+		minWidth = 5
+		width    = 4
+		padding  = 3
+		padChar  = ' '
+		flags    = tabwriter.RememberWidths
+	)
+	return tabwriter.NewWriter(out, minWidth, width, padding, padChar, flags)
+}
diff --git a/vendor/github.com/cilium/statedb/table.go b/vendor/github.com/cilium/statedb/table.go
index 1402e9360c..1d75f07241 100644
--- a/vendor/github.com/cilium/statedb/table.go
+++ b/vendor/github.com/cilium/statedb/table.go
@@ -9,11 +9,14 @@ import (
 	"regexp"
 	"runtime"
 	"slices"
+	"sort"
 	"strings"
 	"sync"
+	"sync/atomic"
 
 	"github.com/cilium/statedb/internal"
 	"github.com/cilium/statedb/part"
+	"gopkg.in/yaml.v3"
 
 	"github.com/cilium/statedb/index"
 )
@@ -45,7 +48,8 @@ func NewTable[Obj any](
 			fromObject: func(iobj object) index.KeySet {
 				return idx.fromObject(iobj.data.(Obj))
 			},
-			unique: idx.isUnique(),
+			fromString: idx.fromString,
+			unique:     idx.isUnique(),
 		}
 	}
 
@@ -128,6 +132,15 @@ type genTable[Obj any] struct {
 	primaryAnyIndexer    anyIndexer
 	secondaryAnyIndexers map[string]anyIndexer
 	indexPositions       map[string]int
+	lastWriteTxn         atomic.Pointer[txn]
+}
+
+func (t *genTable[Obj]) acquired(txn *txn) {
+	t.lastWriteTxn.Store(txn)
+}
+
+func (t *genTable[Obj]) getAcquiredInfo() string {
+	return t.lastWriteTxn.Load().acquiredInfo()
 }
 
 func (t *genTable[Obj]) tableEntry() tableEntry {
@@ -168,6 +181,16 @@ func (t *genTable[Obj]) indexPos(name string) int {
 	return t.indexPositions[name]
 }
 
+func (t *genTable[Obj]) getIndexer(name string) *anyIndexer {
+	if name == "" || t.primaryAnyIndexer.name == name {
+		return &t.primaryAnyIndexer
+	}
+	if indexer, ok := t.secondaryAnyIndexers[name]; ok {
+		return &indexer
+	}
+	return nil
+}
+
 func (t *genTable[Obj]) PrimaryIndexer() Indexer[Obj] {
 	return t.primaryIndexer
 }
@@ -184,6 +207,16 @@ func (t *genTable[Obj]) Name() string {
 	return t.table
 }
 
+func (t *genTable[Obj]) Indexes() []string {
+	idxs := make([]string, 0, 1+len(t.secondaryAnyIndexers))
+	idxs = append(idxs, t.primaryAnyIndexer.name)
+	for k := range t.secondaryAnyIndexers {
+		idxs = append(idxs, k)
+	}
+	sort.Strings(idxs)
+	return idxs
+}
+
 func (t *genTable[Obj]) ToTable() Table[Obj] {
 	return t
 }
@@ -233,6 +266,11 @@ func (t *genTable[Obj]) NumObjects(txn ReadTxn) int {
 	return table.numObjects()
 }
 
+func (t *genTable[Obj]) numDeletedObjects(txn ReadTxn) int {
+	table := txn.getTxn().getTableEntry(t)
+	return table.numDeletedObjects()
+}
+
 func (t *genTable[Obj]) Get(txn ReadTxn, q Query[Obj]) (obj Obj, revision uint64, ok bool) {
 	obj, revision, _, ok = t.GetWatch(txn, q)
 	return
@@ -283,7 +321,7 @@ func (t *genTable[Obj]) GetWatch(txn ReadTxn, q Query[Obj]) (obj Obj, revision u
 		}
 
 		// Check that we have a full match on the key
-		_, secondary := decodeNonUniqueKey(key)
+		secondary, _ := decodeNonUniqueKey(key)
 		if len(secondary) == len(q.key) {
 			break
 		}
@@ -308,7 +346,10 @@ func (t *genTable[Obj]) LowerBoundWatch(txn ReadTxn, q Query[Obj]) (iter.Seq2[Ob
 	// we watch the whole table for changes.
 	watch := indexTxn.RootWatch()
 	iter := indexTxn.LowerBound(q.key)
-	return partSeq[Obj](iter), watch
+	if indexTxn.unique {
+		return partSeq[Obj](iter), watch
+	}
+	return nonUniqueLowerBoundSeq[Obj](iter, q.key), watch
 }
 
 func (t *genTable[Obj]) Prefix(txn ReadTxn, q Query[Obj]) iter.Seq2[Obj, Revision] {
@@ -319,7 +360,10 @@ func (t *genTable[Obj]) Prefix(txn ReadTxn, q Query[Obj]) iter.Seq2[Obj, Revisio
 func (t *genTable[Obj]) PrefixWatch(txn ReadTxn, q Query[Obj]) (iter.Seq2[Obj, Revision], <-chan struct{}) {
 	indexTxn := txn.getTxn().mustIndexReadTxn(t, t.indexPos(q.index))
 	iter, watch := indexTxn.Prefix(q.key)
-	return partSeq[Obj](iter), watch
+	if indexTxn.unique {
+		return partSeq[Obj](iter), watch
+	}
+	return nonUniqueSeq[Obj](iter, true, q.key), watch
 }
 
 func (t *genTable[Obj]) All(txn ReadTxn) iter.Seq2[Obj, Revision] {
@@ -356,7 +400,7 @@ func (t *genTable[Obj]) ListWatch(txn ReadTxn, q Query[Obj]) (iter.Seq2[Obj, Rev
 	// iteration will continue until key length mismatches, e.g. we hit a
 	// longer key sharing the same prefix.
 	iter, watch := indexTxn.Prefix(q.key)
-	return nonUniqueSeq[Obj](iter, q.key), watch
+	return nonUniqueSeq[Obj](iter, false, q.key), watch
 }
 
 func (t *genTable[Obj]) Insert(txn WriteTxn, obj Obj) (oldObj Obj, hadOld bool, err error) {
@@ -468,5 +512,18 @@ func (t *genTable[Obj]) sortableMutex() internal.SortableMutex {
 	return t.smu
 }
 
+func (t *genTable[Obj]) proto() any {
+	var zero Obj
+	return zero
+}
+
+func (t *genTable[Obj]) unmarshalYAML(data []byte) (any, error) {
+	var obj Obj
+	if err := yaml.Unmarshal(data, &obj); err != nil {
+		return nil, err
+	}
+	return obj, nil
+}
+
 var _ Table[bool] = &genTable[bool]{}
 var _ RWTable[bool] = &genTable[bool]{}
diff --git a/vendor/github.com/cilium/statedb/txn.go b/vendor/github.com/cilium/statedb/txn.go
index bc4fb48cb3..4a7bc1c767 100644
--- a/vendor/github.com/cilium/statedb/txn.go
+++ b/vendor/github.com/cilium/statedb/txn.go
@@ -12,6 +12,7 @@ import (
 	"reflect"
 	"runtime"
 	"slices"
+	"sync/atomic"
 	"time"
 
 	"github.com/cilium/statedb/index"
@@ -20,12 +21,18 @@ import (
 )
 
 type txn struct {
-	db             *DB
-	handle         string
-	root           dbRoot
+	db   *DB
+	root dbRoot
+
+	handle     string
+	acquiredAt time.Time     // the time at which the transaction acquired the locks
+	duration   atomic.Uint64 // the transaction duration after it finished
+	writeTxn
+}
+
+type writeTxn struct {
 	modifiedTables []*tableEntry            // table entries being modified
 	smus           internal.SortableMutexes // the (sorted) table locks
-	acquiredAt     time.Time                // the time at which the transaction acquired the locks
 	tableNames     []string
 }
 
@@ -46,6 +53,23 @@ func (txn *txn) getTxn() *txn {
 	return txn
 }
 
+// acquiredInfo returns the information for the "Last WriteTxn" column
+// in "db tables" command. The correctness of this relies on the following assumptions:
+// - txn.handle and txn.acquiredAt are not modified
+// - txn.duration is atomically updated on Commit or Abort
+func (txn *txn) acquiredInfo() string {
+	if txn == nil {
+		return ""
+	}
+	since := internal.PrettySince(txn.acquiredAt)
+	dur := time.Duration(txn.duration.Load())
+	if txn.duration.Load() == 0 {
+		// Still locked
+		return fmt.Sprintf("%s (locked for %s)", txn.handle, since)
+	}
+	return fmt.Sprintf("%s (%s ago, locked for %s)", txn.handle, since, internal.PrettyDuration(dur))
+}
+
 // txnFinalizer is called when the GC frees *txn. It checks that a WriteTxn
 // has been Aborted or Committed. This is a safeguard against forgetting to
 // Abort/Commit which would cause the table to be locked forever.
@@ -336,22 +360,59 @@ func (txn *txn) delete(meta TableMeta, guardRevision Revision, data any) (object
 	return obj, true, nil
 }
 
+const (
+	nonUniqueSeparator   = 0x0
+	nonUniqueSubstitute  = 0xfe
+	nonUniqueSubstitute2 = 0xfd
+)
+
+// appendEncodePrimary encodes the 'src' (primary key) into 'dst'.
+func appendEncodePrimary(dst, src []byte) []byte {
+	for _, b := range src {
+		switch b {
+		case nonUniqueSeparator:
+			dst = append(dst, nonUniqueSubstitute)
+		case nonUniqueSubstitute:
+			dst = append(dst, nonUniqueSubstitute2, 0x00)
+		case nonUniqueSubstitute2:
+			dst = append(dst, nonUniqueSubstitute2, 0x01)
+		default:
+			dst = append(dst, b)
+		}
+	}
+	return dst
+}
+
 // encodeNonUniqueKey constructs the internal key to use with non-unique indexes.
-// It concatenates the secondary key with the primary key and the length of the secondary key.
-// The length is stored as unsigned 16-bit big endian.
-// This allows looking up from the non-unique index with the secondary key by doing a prefix
-// search. The length is used to safe-guard against indexers that don't terminate the key
-// properly (e.g. if secondary key is "foo", then we don't want "foobar" to match).
+// The key is constructed by concatenating the secondary key with the primary key
+// along with the secondary key length. The secondary and primary key are separated
+// with by a 0x0 to ensure ordering is defined by the secondary key. To make sure the
+// separator does not appear in the primary key it is encoded using this schema:
+//
+//	0x0 => 0xfe, 0xfe => 0xfd00, 0xfd => 0xfd01
+//
+// The schema tries to avoid expansion for encoded small integers, e.g. 0x0000 becomes 0xfefe.
+// The length at the end is encoded as unsigned 16-bit big endian.
+//
+// This schema allows looking up from the non-unique index with the secondary key by
+// doing a prefix search. The length is used to safe-guard against indexers that don't
+// terminate the key properly (e.g. if secondary key is "foo", then we don't want
+// "foobar" to match).
 func encodeNonUniqueKey(primary, secondary index.Key) []byte {
-	key := make([]byte, 0, len(secondary)+len(primary)+2)
+	key := make([]byte, 0,
+		len(secondary)+1 /* separator */ +
+			len(primary)+
+			2 /* space for few substitutions */ +
+			2 /* length */)
 	key = append(key, secondary...)
-	key = append(key, primary...)
+	key = append(key, nonUniqueSeparator)
+	key = appendEncodePrimary(key, primary)
 	// KeySet limits size of key to 16 bits.
 	return binary.BigEndian.AppendUint16(key, uint16(len(secondary)))
 }
 
-func decodeNonUniqueKey(key []byte) (primary []byte, secondary []byte) {
-	// Multi-index key is [<secondary...>, <primary...>, <secondary length>]
+func decodeNonUniqueKey(key []byte) (secondary []byte, encPrimary []byte) {
+	// Non-unique key is [<secondary...>, '\xfe', <encoded primary...>, <secondary length>]
 	if len(key) < 2 {
 		return nil, nil
 	}
@@ -359,13 +420,13 @@ func decodeNonUniqueKey(key []byte) (primary []byte, secondary []byte) {
 	if len(key) < secondaryLength {
 		return nil, nil
 	}
-	return key[secondaryLength : len(key)-2], key[:secondaryLength]
+	return key[:secondaryLength], key[secondaryLength+1 : len(key)-2]
 }
 
 func (txn *txn) Abort() {
 	runtime.SetFinalizer(txn, nil)
 
-	// If writeTxns is nil, this transaction has already been committed or aborted, and
+	// If modifiedTables is nil, this transaction has already been committed or aborted, and
 	// thus there is nothing to do. We allow this without failure to allow for defer
 	// pattern:
 	//
@@ -384,13 +445,15 @@ func (txn *txn) Abort() {
 		return
 	}
 
+	txn.duration.Store(uint64(time.Since(txn.acquiredAt)))
+
 	txn.smus.Unlock()
 	txn.db.metrics.WriteTxnDuration(
 		txn.handle,
 		txn.tableNames,
 		time.Since(txn.acquiredAt))
 
-	*txn = zeroTxn
+	txn.writeTxn = writeTxn{}
 }
 
 // Commit the transaction. Returns a ReadTxn that is the snapshot of the database at the
@@ -422,6 +485,8 @@ func (txn *txn) Commit() ReadTxn {
 		return nil
 	}
 
+	txn.duration.Store(uint64(time.Since(txn.acquiredAt)))
+
 	db := txn.db
 
 	// Commit each individual changed index to each table.
@@ -477,6 +542,7 @@ func (txn *txn) Commit() ReadTxn {
 
 	// Commit the transaction to build the new root tree and then
 	// atomically store it.
+	txn.root = root
 	db.root.Store(&root)
 	db.mu.Unlock()
 
@@ -499,11 +565,8 @@ func (txn *txn) Commit() ReadTxn {
 		txn.tableNames,
 		time.Since(txn.acquiredAt))
 
-	// Zero out the transaction to make it inert and
-	// convert it into a ReadTxn.
-	*txn = zeroTxn
-	txn.db = db
-	txn.root = root
+	// Convert into a ReadTxn
+	txn.writeTxn = writeTxn{}
 	return txn
 }
 
diff --git a/vendor/github.com/cilium/statedb/types.go b/vendor/github.com/cilium/statedb/types.go
index 5f817f8e71..5492e64f1d 100644
--- a/vendor/github.com/cilium/statedb/types.go
+++ b/vendor/github.com/cilium/statedb/types.go
@@ -4,6 +4,7 @@
 package statedb
 
 import (
+	"errors"
 	"io"
 	"iter"
 
@@ -28,22 +29,6 @@ type Table[Obj any] interface {
 	// Useful for generic utilities that need access to the primary key.
 	PrimaryIndexer() Indexer[Obj]
 
-	// NumObjects returns the number of objects stored in the table.
-	NumObjects(ReadTxn) int
-
-	// Initialized returns true if in this ReadTxn (snapshot of the database)
-	// the registered initializers have all been completed. The returned
-	// watch channel will be closed when the table becomes initialized.
-	Initialized(ReadTxn) (bool, <-chan struct{})
-
-	// PendingInitializers returns the set of pending initializers that
-	// have not yet completed.
-	PendingInitializers(ReadTxn) []string
-
-	// Revision of the table. Constant for a read transaction, but
-	// increments in a write transaction on each Insert and Delete.
-	Revision(ReadTxn) Revision
-
 	// All returns a sequence of all objects in the table.
 	All(ReadTxn) iter.Seq2[Obj, Revision]
 
@@ -215,24 +200,48 @@ type RWTable[Obj any] interface {
 // TableMeta provides information about the table that is independent of
 // the object type (the 'Obj' constraint).
 type TableMeta interface {
-	Name() TableName // The name of the table
+	// Name returns the name of the table
+	Name() TableName
+
+	// Indexes returns the names of the indexes
+	Indexes() []string
+
+	// NumObjects returns the number of objects stored in the table.
+	NumObjects(ReadTxn) int
 
+	// Initialized returns true if in this ReadTxn (snapshot of the database)
+	// the registered initializers have all been completed. The returned
+	// watch channel will be closed when the table becomes initialized.
+	Initialized(ReadTxn) (bool, <-chan struct{})
+
+	// PendingInitializers returns the set of pending initializers that
+	// have not yet completed.
+	PendingInitializers(ReadTxn) []string
+
+	// Revision of the table. Constant for a read transaction, but
+	// increments in a write transaction on each Insert and Delete.
+	Revision(ReadTxn) Revision
+
+	// Internal unexported methods used only internally.
+	tableInternal
+}
+
+type tableInternal interface {
 	tableEntry() tableEntry
 	tablePos() int
 	setTablePos(int)
 	indexPos(string) int
-	tableKey() []byte                      // The radix key for the table in the root tree
+	tableKey() []byte // The radix key for the table in the root tree
+	getIndexer(name string) *anyIndexer
 	primary() anyIndexer                   // The untyped primary indexer for the table
 	secondary() map[string]anyIndexer      // Secondary indexers (if any)
 	sortableMutex() internal.SortableMutex // The sortable mutex for locking the table for writing
 	anyChanges(txn WriteTxn) (anyChangeIterator, error)
-}
-
-// Iterator for iterating objects returned from queries.
-type Iterator[Obj any] interface {
-	// Next returns the next object and its revision if ok is true, otherwise
-	// zero values to mean that the iteration has finished.
-	Next() (obj Obj, rev Revision, ok bool)
+	proto() any                             // Returns the zero value of 'Obj', e.g. the prototype
+	unmarshalYAML(data []byte) (any, error) // Unmarshal the data into 'Obj'
+	numDeletedObjects(txn ReadTxn) int      // Number of objects in graveyard
+	acquired(*txn)
+	getAcquiredInfo() string
 }
 
 type ReadTxn interface {
@@ -278,10 +287,26 @@ func ByRevision[Obj any](rev uint64) Query[Obj] {
 
 // Index implements the indexing of objects (FromObjects) and querying of objects from the index (FromKey)
 type Index[Obj any, Key any] struct {
-	Name       string
+	// Name of the index
+	Name string
+
+	// FromObject extracts key(s) from the object. The key set
+	// can contain 0, 1 or more keys.
 	FromObject func(obj Obj) index.KeySet
-	FromKey    func(key Key) index.Key
-	Unique     bool
+
+	// FromKey converts the index key into a raw key.
+	// With this we can perform Query() against this index with
+	// the [Key] type.
+	FromKey func(key Key) index.Key
+
+	// FromString is an optional conversion from string to a raw key.
+	// If implemented allows script commands to query with this index.
+	FromString func(key string) (index.Key, error)
+
+	// Unique marks the index as unique. Primary index must always be
+	// unique. A secondary index may be non-unique in which case a single
+	// key may map to multiple objects.
+	Unique bool
 }
 
 var _ Indexer[struct{}] = &Index[struct{}, bool]{}
@@ -299,6 +324,17 @@ func (i Index[Obj, Key]) fromObject(obj Obj) index.KeySet {
 	return i.FromObject(obj)
 }
 
+var errFromStringNil = errors.New("FromString not defined")
+
+//nolint:unused
+func (i Index[Obj, Key]) fromString(s string) (index.Key, error) {
+	if i.FromString == nil {
+		return index.Key{}, errFromStringNil
+	}
+	k, err := i.FromString(s)
+	return k, err
+}
+
 //nolint:unused
 func (i Index[Obj, Key]) isUnique() bool {
 	return i.Unique
@@ -329,6 +365,7 @@ type Indexer[Obj any] interface {
 	indexName() string
 	isUnique() bool
 	fromObject(Obj) index.KeySet
+	fromString(string) (index.Key, error)
 
 	ObjectToKey(Obj) index.Key
 	QueryFromObject(Obj) Query[Obj]
@@ -379,6 +416,9 @@ type anyIndexer struct {
 	// object with.
 	fromObject func(object) index.KeySet
 
+	// fromString converts string into a key. Optional.
+	fromString func(string) (index.Key, error)
+
 	// unique if true will index the object solely on the
 	// values returned by fromObject. If false the primary
 	// key of the object will be appended to the key.
diff --git a/vendor/github.com/fatih/color/README.md b/vendor/github.com/fatih/color/README.md
index be82827cac..d135bfe023 100644
--- a/vendor/github.com/fatih/color/README.md
+++ b/vendor/github.com/fatih/color/README.md
@@ -9,7 +9,7 @@ suits you.
 
 ## Install
 
-```bash
+```
 go get github.com/fatih/color
 ```
 
@@ -30,6 +30,18 @@ color.Magenta("And many others ..")
 
 ```
 
+### RGB colors
+
+If your terminal supports 24-bit colors, you can use RGB color codes.
+
+```go
+color.RGB(255, 128, 0).Println("foreground orange")
+color.RGB(230, 42, 42).Println("foreground red")
+
+color.BgRGB(255, 128, 0).Println("background orange")
+color.BgRGB(230, 42, 42).Println("background red")
+```
+
 ### Mix and reuse colors
 
 ```go
@@ -49,6 +61,11 @@ boldRed.Println("This will print text in bold red.")
 
 whiteBackground := red.Add(color.BgWhite)
 whiteBackground.Println("Red text with white background.")
+
+// Mix with RGB color codes
+color.RGB(255, 128, 0).AddBgRGB(0, 0, 0).Println("orange with black background")
+
+color.BgRGB(255, 128, 0).AddRGB(255, 255, 255).Println("orange background with white foreground")
 ```
 
 ### Use your own output (io.Writer)
@@ -161,10 +178,6 @@ c.Println("This prints again cyan...")
 
 To output color in GitHub Actions (or other CI systems that support ANSI colors), make sure to set `color.NoColor = false` so that it bypasses the check for non-tty output streams. 
 
-## Todo
-
-* Save/Return previous values
-* Evaluate fmt.Formatter interface
 
 ## Credits
 
diff --git a/vendor/github.com/fatih/color/color.go b/vendor/github.com/fatih/color/color.go
index 81094e87c5..ee39b408e9 100644
--- a/vendor/github.com/fatih/color/color.go
+++ b/vendor/github.com/fatih/color/color.go
@@ -98,6 +98,9 @@ const (
 	FgMagenta
 	FgCyan
 	FgWhite
+
+	// used internally for 256 and 24-bit coloring
+	foreground
 )
 
 // Foreground Hi-Intensity text colors
@@ -122,6 +125,9 @@ const (
 	BgMagenta
 	BgCyan
 	BgWhite
+
+	// used internally for 256 and 24-bit coloring
+	background
 )
 
 // Background Hi-Intensity text colors
@@ -150,6 +156,30 @@ func New(value ...Attribute) *Color {
 	return c
 }
 
+// RGB returns a new foreground color in 24-bit RGB.
+func RGB(r, g, b int) *Color {
+	return New(foreground, 2, Attribute(r), Attribute(g), Attribute(b))
+}
+
+// BgRGB returns a new background color in 24-bit RGB.
+func BgRGB(r, g, b int) *Color {
+	return New(background, 2, Attribute(r), Attribute(g), Attribute(b))
+}
+
+// AddRGB is used to chain foreground RGB SGR parameters. Use as many as parameters to combine
+// and create custom color objects. Example: .Add(34, 0, 12).Add(255, 128, 0).
+func (c *Color) AddRGB(r, g, b int) *Color {
+	c.params = append(c.params, foreground, 2, Attribute(r), Attribute(g), Attribute(b))
+	return c
+}
+
+// AddRGB is used to chain background RGB SGR parameters. Use as many as parameters to combine
+// and create custom color objects. Example: .Add(34, 0, 12).Add(255, 128, 0).
+func (c *Color) AddBgRGB(r, g, b int) *Color {
+	c.params = append(c.params, background, 2, Attribute(r), Attribute(g), Attribute(b))
+	return c
+}
+
 // Set sets the given parameters immediately. It will change the color of
 // output with the given SGR parameters until color.Unset() is called.
 func Set(p ...Attribute) *Color {
@@ -401,7 +431,7 @@ func (c *Color) format() string {
 
 func (c *Color) unformat() string {
 	//return fmt.Sprintf("%s[%dm", escape, Reset)
-	//for each element in sequence let's use the speficic reset escape, ou the generic one if not found
+	//for each element in sequence let's use the specific reset escape, or the generic one if not found
 	format := make([]string, len(c.params))
 	for i, v := range c.params {
 		format[i] = strconv.Itoa(int(Reset))
diff --git a/vendor/github.com/prometheus/common/model/labelset_string.go b/vendor/github.com/prometheus/common/model/labelset_string.go
index 481c47b46e..abb2c90018 100644
--- a/vendor/github.com/prometheus/common/model/labelset_string.go
+++ b/vendor/github.com/prometheus/common/model/labelset_string.go
@@ -11,8 +11,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//go:build go1.21
-
 package model
 
 import (
diff --git a/vendor/github.com/prometheus/common/model/labelset_string_go120.go b/vendor/github.com/prometheus/common/model/labelset_string_go120.go
deleted file mode 100644
index c4212685e7..0000000000
--- a/vendor/github.com/prometheus/common/model/labelset_string_go120.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2024 The Prometheus Authors
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build !go1.21
-
-package model
-
-import (
-	"fmt"
-	"sort"
-	"strings"
-)
-
-// String was optimized using functions not available for go 1.20
-// or lower. We keep the old implementation for compatibility with client_golang.
-// Once client golang drops support for go 1.20 (scheduled for August 2024), this
-// file can be removed.
-func (l LabelSet) String() string {
-	labelNames := make([]string, 0, len(l))
-	for name := range l {
-		labelNames = append(labelNames, string(name))
-	}
-	sort.Strings(labelNames)
-	lstrs := make([]string, 0, len(l))
-	for _, name := range labelNames {
-		lstrs = append(lstrs, fmt.Sprintf("%s=%q", name, l[LabelName(name)]))
-	}
-	return fmt.Sprintf("{%s}", strings.Join(lstrs, ", "))
-}
diff --git a/vendor/github.com/vishvananda/netlink/addr_linux.go b/vendor/github.com/vishvananda/netlink/addr_linux.go
index 218ab23796..9b49baf976 100644
--- a/vendor/github.com/vishvananda/netlink/addr_linux.go
+++ b/vendor/github.com/vishvananda/netlink/addr_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"net"
 	"strings"
@@ -169,6 +170,9 @@ func (h *Handle) addrHandle(link Link, addr *Addr, req *nl.NetlinkRequest) error
 // AddrList gets a list of IP addresses in the system.
 // Equivalent to: `ip addr show`.
 // The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func AddrList(link Link, family int) ([]Addr, error) {
 	return pkgHandle.AddrList(link, family)
 }
@@ -176,14 +180,17 @@ func AddrList(link Link, family int) ([]Addr, error) {
 // AddrList gets a list of IP addresses in the system.
 // Equivalent to: `ip addr show`.
 // The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
 	req := h.newNetlinkRequest(unix.RTM_GETADDR, unix.NLM_F_DUMP)
 	msg := nl.NewIfAddrmsg(family)
 	req.AddData(msg)
 
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWADDR)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWADDR)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	indexFilter := 0
@@ -212,7 +219,7 @@ func (h *Handle) AddrList(link Link, family int) ([]Addr, error) {
 		res = append(res, addr)
 	}
 
-	return res, nil
+	return res, executeErr
 }
 
 func parseAddr(m []byte) (addr Addr, family int, err error) {
diff --git a/vendor/github.com/vishvananda/netlink/bridge_linux.go b/vendor/github.com/vishvananda/netlink/bridge_linux.go
index 6c340b0ce9..fa5766b801 100644
--- a/vendor/github.com/vishvananda/netlink/bridge_linux.go
+++ b/vendor/github.com/vishvananda/netlink/bridge_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/vishvananda/netlink/nl"
@@ -9,21 +10,27 @@ import (
 
 // BridgeVlanList gets a map of device id to bridge vlan infos.
 // Equivalent to: `bridge vlan show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
 	return pkgHandle.BridgeVlanList()
 }
 
 // BridgeVlanList gets a map of device id to bridge vlan infos.
 // Equivalent to: `bridge vlan show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
 	req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP)
 	msg := nl.NewIfInfomsg(unix.AF_BRIDGE)
 	req.AddData(msg)
 	req.AddData(nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(uint32(nl.RTEXT_FILTER_BRVLAN))))
 
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 	ret := make(map[int32][]*nl.BridgeVlanInfo)
 	for _, m := range msgs {
@@ -51,7 +58,7 @@ func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error) {
 			}
 		}
 	}
-	return ret, nil
+	return ret, executeErr
 }
 
 // BridgeVlanAdd adds a new vlan filter entry
diff --git a/vendor/github.com/vishvananda/netlink/chain_linux.go b/vendor/github.com/vishvananda/netlink/chain_linux.go
index d9f441613c..5008e7101f 100644
--- a/vendor/github.com/vishvananda/netlink/chain_linux.go
+++ b/vendor/github.com/vishvananda/netlink/chain_linux.go
@@ -1,6 +1,8 @@
 package netlink
 
 import (
+	"errors"
+
 	"github.com/vishvananda/netlink/nl"
 	"golang.org/x/sys/unix"
 )
@@ -56,6 +58,9 @@ func (h *Handle) chainModify(cmd, flags int, link Link, chain Chain) error {
 // ChainList gets a list of chains in the system.
 // Equivalent to: `tc chain list`.
 // The list can be filtered by link.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func ChainList(link Link, parent uint32) ([]Chain, error) {
 	return pkgHandle.ChainList(link, parent)
 }
@@ -63,6 +68,9 @@ func ChainList(link Link, parent uint32) ([]Chain, error) {
 // ChainList gets a list of chains in the system.
 // Equivalent to: `tc chain list`.
 // The list can be filtered by link.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) ChainList(link Link, parent uint32) ([]Chain, error) {
 	req := h.newNetlinkRequest(unix.RTM_GETCHAIN, unix.NLM_F_DUMP)
 	index := int32(0)
@@ -78,9 +86,9 @@ func (h *Handle) ChainList(link Link, parent uint32) ([]Chain, error) {
 	}
 	req.AddData(msg)
 
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWCHAIN)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWCHAIN)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res []Chain
@@ -108,5 +116,5 @@ func (h *Handle) ChainList(link Link, parent uint32) ([]Chain, error) {
 		res = append(res, chain)
 	}
 
-	return res, nil
+	return res, executeErr
 }
diff --git a/vendor/github.com/vishvananda/netlink/class_linux.go b/vendor/github.com/vishvananda/netlink/class_linux.go
index a82eb09de2..08fb16c2bc 100644
--- a/vendor/github.com/vishvananda/netlink/class_linux.go
+++ b/vendor/github.com/vishvananda/netlink/class_linux.go
@@ -201,14 +201,20 @@ func classPayload(req *nl.NetlinkRequest, class Class) error {
 
 // ClassList gets a list of classes in the system.
 // Equivalent to: `tc class show`.
+//
 // Generally returns nothing if link and parent are not specified.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func ClassList(link Link, parent uint32) ([]Class, error) {
 	return pkgHandle.ClassList(link, parent)
 }
 
 // ClassList gets a list of classes in the system.
 // Equivalent to: `tc class show`.
+//
 // Generally returns nothing if link and parent are not specified.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
 	req := h.newNetlinkRequest(unix.RTM_GETTCLASS, unix.NLM_F_DUMP)
 	msg := &nl.TcMsg{
@@ -222,9 +228,9 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
 	}
 	req.AddData(msg)
 
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTCLASS)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTCLASS)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res []Class
@@ -295,7 +301,7 @@ func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error) {
 		res = append(res, class)
 	}
 
-	return res, nil
+	return res, executeErr
 }
 
 func parseHtbClassData(class Class, data []syscall.NetlinkRouteAttr) (bool, error) {
diff --git a/vendor/github.com/vishvananda/netlink/conntrack_linux.go b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
index ba022453b3..69c5eca034 100644
--- a/vendor/github.com/vishvananda/netlink/conntrack_linux.go
+++ b/vendor/github.com/vishvananda/netlink/conntrack_linux.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"strings"
 	"time"
 
 	"github.com/vishvananda/netlink/nl"
@@ -44,6 +45,9 @@ type InetFamily uint8
 
 // ConntrackTableList returns the flow list of a table of a specific family
 // conntrack -L [table] [options]          List conntrack or expectation table
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error) {
 	return pkgHandle.ConntrackTableList(table, family)
 }
@@ -70,7 +74,7 @@ func ConntrackUpdate(table ConntrackTableType, family InetFamily, flow *Conntrac
 // ConntrackDeleteFilter deletes entries on the specified table on the base of the filter
 // conntrack -D [table] parameters         Delete conntrack or expectation
 //
-// Deprecated: use [ConntrackDeleteFilter] instead.
+// Deprecated: use [ConntrackDeleteFilters] instead.
 func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error) {
 	return pkgHandle.ConntrackDeleteFilters(table, family, filter)
 }
@@ -83,10 +87,13 @@ func ConntrackDeleteFilters(table ConntrackTableType, family InetFamily, filters
 
 // ConntrackTableList returns the flow list of a table of a specific family using the netlink handle passed
 // conntrack -L [table] [options]          List conntrack or expectation table
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error) {
-	res, err := h.dumpConntrackTable(table, family)
-	if err != nil {
-		return nil, err
+	res, executeErr := h.dumpConntrackTable(table, family)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	// Deserialize all the flows
@@ -95,7 +102,7 @@ func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily)
 		result = append(result, parseRawData(dataRaw))
 	}
 
-	return result, nil
+	return result, executeErr
 }
 
 // ConntrackTableFlush flushes all the flows of a specified table using the netlink handle passed
@@ -158,6 +165,7 @@ func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFam
 	}
 
 	var matched uint
+	var errMsgs []string
 	for _, dataRaw := range res {
 		flow := parseRawData(dataRaw)
 		for _, filter := range filters {
@@ -165,14 +173,18 @@ func (h *Handle) ConntrackDeleteFilters(table ConntrackTableType, family InetFam
 				req2 := h.newConntrackRequest(table, family, nl.IPCTNL_MSG_CT_DELETE, unix.NLM_F_ACK)
 				// skip the first 4 byte that are the netfilter header, the newConntrackRequest is adding it already
 				req2.AddRawData(dataRaw[4:])
-				req2.Execute(unix.NETLINK_NETFILTER, 0)
-				matched++
-				// flow is already deleted, no need to match on other filters and continue to the next flow.
-				break
+				if _, err = req2.Execute(unix.NETLINK_NETFILTER, 0); err == nil {
+					matched++
+					// flow is already deleted, no need to match on other filters and continue to the next flow.
+					break
+				}
+				errMsgs = append(errMsgs, fmt.Sprintf("failed to delete conntrack flow '%s': %s", flow.String(), err.Error()))
 			}
 		}
 	}
-
+	if len(errMsgs) > 0 {
+		return matched, fmt.Errorf(strings.Join(errMsgs, "; "))
+	}
 	return matched, nil
 }
 
diff --git a/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go b/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go
index 0bfdf422d1..0049048dc3 100644
--- a/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/conntrack_unspecified.go
@@ -33,7 +33,7 @@ func ConntrackTableFlush(table ConntrackTableType) error {
 // ConntrackDeleteFilter deletes entries on the specified table on the base of the filter
 // conntrack -D [table] parameters         Delete conntrack or expectation
 //
-// Deprecated: use [ConntrackDeleteFilter] instead.
+// Deprecated: use [ConntrackDeleteFilters] instead.
 func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter *ConntrackFilter) (uint, error) {
 	return 0, ErrNotImplemented
 }
diff --git a/vendor/github.com/vishvananda/netlink/devlink_linux.go b/vendor/github.com/vishvananda/netlink/devlink_linux.go
index d98801dbbe..45d8ee4b6b 100644
--- a/vendor/github.com/vishvananda/netlink/devlink_linux.go
+++ b/vendor/github.com/vishvananda/netlink/devlink_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"net"
 	"strings"
@@ -466,6 +467,8 @@ func (h *Handle) getEswitchAttrs(family *GenlFamily, dev *DevlinkDevice) {
 
 // DevLinkGetDeviceList provides a pointer to devlink devices and nil error,
 // otherwise returns an error code.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
 	f, err := h.GenlFamilyGet(nl.GENL_DEVLINK_NAME)
 	if err != nil {
@@ -478,9 +481,9 @@ func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
 	req := h.newNetlinkRequest(int(f.ID),
 		unix.NLM_F_REQUEST|unix.NLM_F_ACK|unix.NLM_F_DUMP)
 	req.AddData(msg)
-	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 	devices, err := parseDevLinkDeviceList(msgs)
 	if err != nil {
@@ -489,11 +492,14 @@ func (h *Handle) DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
 	for _, d := range devices {
 		h.getEswitchAttrs(f, d)
 	}
-	return devices, nil
+	return devices, executeErr
 }
 
 // DevLinkGetDeviceList provides a pointer to devlink devices and nil error,
 // otherwise returns an error code.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func DevLinkGetDeviceList() ([]*DevlinkDevice, error) {
 	return pkgHandle.DevLinkGetDeviceList()
 }
@@ -646,6 +652,8 @@ func parseDevLinkAllPortList(msgs [][]byte) ([]*DevlinkPort, error) {
 
 // DevLinkGetPortList provides a pointer to devlink ports and nil error,
 // otherwise returns an error code.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) DevLinkGetAllPortList() ([]*DevlinkPort, error) {
 	f, err := h.GenlFamilyGet(nl.GENL_DEVLINK_NAME)
 	if err != nil {
@@ -658,19 +666,21 @@ func (h *Handle) DevLinkGetAllPortList() ([]*DevlinkPort, error) {
 	req := h.newNetlinkRequest(int(f.ID),
 		unix.NLM_F_REQUEST|unix.NLM_F_ACK|unix.NLM_F_DUMP)
 	req.AddData(msg)
-	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 	ports, err := parseDevLinkAllPortList(msgs)
 	if err != nil {
 		return nil, err
 	}
-	return ports, nil
+	return ports, executeErr
 }
 
 // DevLinkGetPortList provides a pointer to devlink ports and nil error,
 // otherwise returns an error code.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func DevLinkGetAllPortList() ([]*DevlinkPort, error) {
 	return pkgHandle.DevLinkGetAllPortList()
 }
@@ -738,15 +748,18 @@ func (h *Handle) DevlinkGetDeviceResources(bus string, device string) (*DevlinkR
 
 // DevlinkGetDeviceParams returns parameters for devlink device
 // Equivalent to: `devlink dev param show <bus>/<device>`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkParam, error) {
 	_, req, err := h.createCmdReq(nl.DEVLINK_CMD_PARAM_GET, bus, device)
 	if err != nil {
 		return nil, err
 	}
 	req.Flags |= unix.NLM_F_DUMP
-	respmsg, err := req.Execute(unix.NETLINK_GENERIC, 0)
-	if err != nil {
-		return nil, err
+	respmsg, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 	var params []*DevlinkParam
 	for _, m := range respmsg {
@@ -761,11 +774,14 @@ func (h *Handle) DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkPa
 		params = append(params, p)
 	}
 
-	return params, nil
+	return params, executeErr
 }
 
 // DevlinkGetDeviceParams returns parameters for devlink device
 // Equivalent to: `devlink dev param show <bus>/<device>`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func DevlinkGetDeviceParams(bus string, device string) ([]*DevlinkParam, error) {
 	return pkgHandle.DevlinkGetDeviceParams(bus, device)
 }
diff --git a/vendor/github.com/vishvananda/netlink/filter_linux.go b/vendor/github.com/vishvananda/netlink/filter_linux.go
index 87cd18f8e4..19306612ee 100644
--- a/vendor/github.com/vishvananda/netlink/filter_linux.go
+++ b/vendor/github.com/vishvananda/netlink/filter_linux.go
@@ -405,14 +405,20 @@ func (h *Handle) filterModify(filter Filter, proto, flags int) error {
 
 // FilterList gets a list of filters in the system.
 // Equivalent to: `tc filter show`.
+//
 // Generally returns nothing if link and parent are not specified.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func FilterList(link Link, parent uint32) ([]Filter, error) {
 	return pkgHandle.FilterList(link, parent)
 }
 
 // FilterList gets a list of filters in the system.
 // Equivalent to: `tc filter show`.
+//
 // Generally returns nothing if link and parent are not specified.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
 	req := h.newNetlinkRequest(unix.RTM_GETTFILTER, unix.NLM_F_DUMP)
 	msg := &nl.TcMsg{
@@ -426,9 +432,9 @@ func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
 	}
 	req.AddData(msg)
 
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTFILTER)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWTFILTER)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res []Filter
@@ -516,7 +522,7 @@ func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error) {
 		}
 	}
 
-	return res, nil
+	return res, executeErr
 }
 
 func toTcGen(attrs *ActionAttrs, tcgen *nl.TcGen) {
@@ -920,9 +926,11 @@ func parseActions(tables []syscall.NetlinkRouteAttr) ([]Action, error) {
 				actionnStatistic = (*ActionStatistic)(s)
 			}
 		}
-		action.Attrs().Statistics = actionnStatistic
-		action.Attrs().Timestamp = actionTimestamp
-		actions = append(actions, action)
+		if action != nil {
+			action.Attrs().Statistics = actionnStatistic
+			action.Attrs().Timestamp = actionTimestamp
+			actions = append(actions, action)
+		}
 	}
 	return actions, nil
 }
diff --git a/vendor/github.com/vishvananda/netlink/fou.go b/vendor/github.com/vishvananda/netlink/fou.go
index 71e73c37a0..ea9f6cf673 100644
--- a/vendor/github.com/vishvananda/netlink/fou.go
+++ b/vendor/github.com/vishvananda/netlink/fou.go
@@ -1,16 +1,7 @@
 package netlink
 
 import (
-	"errors"
-)
-
-var (
-	// ErrAttrHeaderTruncated is returned when a netlink attribute's header is
-	// truncated.
-	ErrAttrHeaderTruncated = errors.New("attribute header truncated")
-	// ErrAttrBodyTruncated is returned when a netlink attribute's body is
-	// truncated.
-	ErrAttrBodyTruncated = errors.New("attribute body truncated")
+	"net"
 )
 
 type Fou struct {
@@ -18,4 +9,8 @@ type Fou struct {
 	Port      int
 	Protocol  int
 	EncapType int
+	Local     net.IP
+	Peer      net.IP
+	PeerPort  int
+	IfIndex   int
 }
diff --git a/vendor/github.com/vishvananda/netlink/fou_linux.go b/vendor/github.com/vishvananda/netlink/fou_linux.go
index ed55b2b790..7645a5a5c2 100644
--- a/vendor/github.com/vishvananda/netlink/fou_linux.go
+++ b/vendor/github.com/vishvananda/netlink/fou_linux.go
@@ -1,3 +1,4 @@
+//go:build linux
 // +build linux
 
 package netlink
@@ -5,6 +6,8 @@ package netlink
 import (
 	"encoding/binary"
 	"errors"
+	"log"
+	"net"
 
 	"github.com/vishvananda/netlink/nl"
 	"golang.org/x/sys/unix"
@@ -29,6 +32,12 @@ const (
 	FOU_ATTR_IPPROTO
 	FOU_ATTR_TYPE
 	FOU_ATTR_REMCSUM_NOPARTIAL
+	FOU_ATTR_LOCAL_V4
+	FOU_ATTR_LOCAL_V6
+	FOU_ATTR_PEER_V4
+	FOU_ATTR_PEER_V6
+	FOU_ATTR_PEER_PORT
+	FOU_ATTR_IFINDEX
 	FOU_ATTR_MAX = FOU_ATTR_REMCSUM_NOPARTIAL
 )
 
@@ -128,10 +137,14 @@ func (h *Handle) FouDel(f Fou) error {
 	return nil
 }
 
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func FouList(fam int) ([]Fou, error) {
 	return pkgHandle.FouList(fam)
 }
 
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) FouList(fam int) ([]Fou, error) {
 	fam_id, err := FouFamilyId()
 	if err != nil {
@@ -150,9 +163,9 @@ func (h *Handle) FouList(fam int) ([]Fou, error) {
 
 	req.AddRawData(raw)
 
-	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+	if executeErr != nil && !errors.Is(err, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	fous := make([]Fou, 0, len(msgs))
@@ -165,45 +178,32 @@ func (h *Handle) FouList(fam int) ([]Fou, error) {
 		fous = append(fous, f)
 	}
 
-	return fous, nil
+	return fous, executeErr
 }
 
 func deserializeFouMsg(msg []byte) (Fou, error) {
-	// we'll skip to byte 4 to first attribute
-	msg = msg[3:]
-	var shift int
 	fou := Fou{}
 
-	for {
-		// attribute header is at least 16 bits
-		if len(msg) < 4 {
-			return fou, ErrAttrHeaderTruncated
-		}
-
-		lgt := int(binary.BigEndian.Uint16(msg[0:2]))
-		if len(msg) < lgt+4 {
-			return fou, ErrAttrBodyTruncated
-		}
-		attr := binary.BigEndian.Uint16(msg[2:4])
-
-		shift = lgt + 3
-		switch attr {
+	for attr := range nl.ParseAttributes(msg[4:]) {
+		switch attr.Type {
 		case FOU_ATTR_AF:
-			fou.Family = int(msg[5])
+			fou.Family = int(attr.Value[0])
 		case FOU_ATTR_PORT:
-			fou.Port = int(binary.BigEndian.Uint16(msg[5:7]))
-			// port is 2 bytes
-			shift = lgt + 2
+			fou.Port = int(networkOrder.Uint16(attr.Value))
 		case FOU_ATTR_IPPROTO:
-			fou.Protocol = int(msg[5])
+			fou.Protocol = int(attr.Value[0])
 		case FOU_ATTR_TYPE:
-			fou.EncapType = int(msg[5])
-		}
-
-		msg = msg[shift:]
-
-		if len(msg) < 4 {
-			break
+			fou.EncapType = int(attr.Value[0])
+		case FOU_ATTR_LOCAL_V4, FOU_ATTR_LOCAL_V6:
+			fou.Local = net.IP(attr.Value)
+		case FOU_ATTR_PEER_V4, FOU_ATTR_PEER_V6:
+			fou.Peer = net.IP(attr.Value)
+		case FOU_ATTR_PEER_PORT:
+			fou.PeerPort = int(networkOrder.Uint16(attr.Value))
+		case FOU_ATTR_IFINDEX:
+			fou.IfIndex = int(native.Uint16(attr.Value))
+		default:
+			log.Printf("unknown fou attribute from kernel: %+v %v", attr, attr.Type&nl.NLA_TYPE_MASK)
 		}
 	}
 
diff --git a/vendor/github.com/vishvananda/netlink/fou_unspecified.go b/vendor/github.com/vishvananda/netlink/fou_unspecified.go
index 3a8365bfe6..7e550151ad 100644
--- a/vendor/github.com/vishvananda/netlink/fou_unspecified.go
+++ b/vendor/github.com/vishvananda/netlink/fou_unspecified.go
@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package netlink
diff --git a/vendor/github.com/vishvananda/netlink/genetlink_linux.go b/vendor/github.com/vishvananda/netlink/genetlink_linux.go
index 772e5834a2..7bdaad97b4 100644
--- a/vendor/github.com/vishvananda/netlink/genetlink_linux.go
+++ b/vendor/github.com/vishvananda/netlink/genetlink_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"syscall"
 
@@ -126,6 +127,8 @@ func parseFamilies(msgs [][]byte) ([]*GenlFamily, error) {
 	return families, nil
 }
 
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) GenlFamilyList() ([]*GenlFamily, error) {
 	msg := &nl.Genlmsg{
 		Command: nl.GENL_CTRL_CMD_GETFAMILY,
@@ -133,13 +136,19 @@ func (h *Handle) GenlFamilyList() ([]*GenlFamily, error) {
 	}
 	req := h.newNetlinkRequest(nl.GENL_ID_CTRL, unix.NLM_F_DUMP)
 	req.AddData(msg)
-	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
+	msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
+	}
+	families, err := parseFamilies(msgs)
 	if err != nil {
 		return nil, err
 	}
-	return parseFamilies(msgs)
+	return families, executeErr
 }
 
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func GenlFamilyList() ([]*GenlFamily, error) {
 	return pkgHandle.GenlFamilyList()
 }
diff --git a/vendor/github.com/vishvananda/netlink/gtp_linux.go b/vendor/github.com/vishvananda/netlink/gtp_linux.go
index f5e160ba5c..377dcae5c0 100644
--- a/vendor/github.com/vishvananda/netlink/gtp_linux.go
+++ b/vendor/github.com/vishvananda/netlink/gtp_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"net"
 	"strings"
@@ -74,6 +75,8 @@ func parsePDP(msgs [][]byte) ([]*PDP, error) {
 	return pdps, nil
 }
 
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) GTPPDPList() ([]*PDP, error) {
 	f, err := h.GenlFamilyGet(nl.GENL_GTP_NAME)
 	if err != nil {
@@ -85,13 +88,19 @@ func (h *Handle) GTPPDPList() ([]*PDP, error) {
 	}
 	req := h.newNetlinkRequest(int(f.ID), unix.NLM_F_DUMP)
 	req.AddData(msg)
-	msgs, err := req.Execute(unix.NETLINK_GENERIC, 0)
+	msgs, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+	if executeErr != nil && !errors.Is(err, ErrDumpInterrupted) {
+		return nil, executeErr
+	}
+	pdps, err := parsePDP(msgs)
 	if err != nil {
 		return nil, err
 	}
-	return parsePDP(msgs)
+	return pdps, executeErr
 }
 
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func GTPPDPList() ([]*PDP, error) {
 	return pkgHandle.GTPPDPList()
 }
diff --git a/vendor/github.com/vishvananda/netlink/link.go b/vendor/github.com/vishvananda/netlink/link.go
index f820cdb678..e09a6cfe54 100644
--- a/vendor/github.com/vishvananda/netlink/link.go
+++ b/vendor/github.com/vishvananda/netlink/link.go
@@ -377,6 +377,13 @@ const (
 	NETKIT_POLICY_BLACKHOLE NetkitPolicy = 2
 )
 
+type NetkitScrub int
+
+const (
+	NETKIT_SCRUB_NONE    NetkitScrub = 0
+	NETKIT_SCRUB_DEFAULT NetkitScrub = 1
+)
+
 func (n *Netkit) IsPrimary() bool {
 	return n.isPrimary
 }
@@ -391,6 +398,9 @@ type Netkit struct {
 	Mode          NetkitMode
 	Policy        NetkitPolicy
 	PeerPolicy    NetkitPolicy
+	Scrub         NetkitScrub
+	PeerScrub     NetkitScrub
+	supportsScrub bool
 	isPrimary     bool
 	peerLinkAttrs LinkAttrs
 }
@@ -403,6 +413,10 @@ func (n *Netkit) Type() string {
 	return "netkit"
 }
 
+func (n *Netkit) SupportsScrub() bool {
+	return n.supportsScrub
+}
+
 // Veth devices must specify PeerName on create
 type Veth struct {
 	LinkAttrs
@@ -761,19 +775,19 @@ const (
 )
 
 var bondXmitHashPolicyToString = map[BondXmitHashPolicy]string{
-	BOND_XMIT_HASH_POLICY_LAYER2:   "layer2",
-	BOND_XMIT_HASH_POLICY_LAYER3_4: "layer3+4",
-	BOND_XMIT_HASH_POLICY_LAYER2_3: "layer2+3",
-	BOND_XMIT_HASH_POLICY_ENCAP2_3: "encap2+3",
-	BOND_XMIT_HASH_POLICY_ENCAP3_4: "encap3+4",
+	BOND_XMIT_HASH_POLICY_LAYER2:      "layer2",
+	BOND_XMIT_HASH_POLICY_LAYER3_4:    "layer3+4",
+	BOND_XMIT_HASH_POLICY_LAYER2_3:    "layer2+3",
+	BOND_XMIT_HASH_POLICY_ENCAP2_3:    "encap2+3",
+	BOND_XMIT_HASH_POLICY_ENCAP3_4:    "encap3+4",
 	BOND_XMIT_HASH_POLICY_VLAN_SRCMAC: "vlan+srcmac",
 }
 var StringToBondXmitHashPolicyMap = map[string]BondXmitHashPolicy{
-	"layer2":   BOND_XMIT_HASH_POLICY_LAYER2,
-	"layer3+4": BOND_XMIT_HASH_POLICY_LAYER3_4,
-	"layer2+3": BOND_XMIT_HASH_POLICY_LAYER2_3,
-	"encap2+3": BOND_XMIT_HASH_POLICY_ENCAP2_3,
-	"encap3+4": BOND_XMIT_HASH_POLICY_ENCAP3_4,
+	"layer2":      BOND_XMIT_HASH_POLICY_LAYER2,
+	"layer3+4":    BOND_XMIT_HASH_POLICY_LAYER3_4,
+	"layer2+3":    BOND_XMIT_HASH_POLICY_LAYER2_3,
+	"encap2+3":    BOND_XMIT_HASH_POLICY_ENCAP2_3,
+	"encap3+4":    BOND_XMIT_HASH_POLICY_ENCAP3_4,
 	"vlan+srcmac": BOND_XMIT_HASH_POLICY_VLAN_SRCMAC,
 }
 
diff --git a/vendor/github.com/vishvananda/netlink/link_linux.go b/vendor/github.com/vishvananda/netlink/link_linux.go
index d713612a90..52491c5804 100644
--- a/vendor/github.com/vishvananda/netlink/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/link_linux.go
@@ -3,6 +3,7 @@ package netlink
 import (
 	"bytes"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -1807,20 +1808,20 @@ func (h *Handle) LinkDel(link Link) error {
 }
 
 func (h *Handle) linkByNameDump(name string) (Link, error) {
-	links, err := h.LinkList()
-	if err != nil {
-		return nil, err
+	links, executeErr := h.LinkList()
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	for _, link := range links {
 		if link.Attrs().Name == name {
-			return link, nil
+			return link, executeErr
 		}
 
 		// support finding interfaces also via altnames
 		for _, altName := range link.Attrs().AltNames {
 			if altName == name {
-				return link, nil
+				return link, executeErr
 			}
 		}
 	}
@@ -1828,25 +1829,33 @@ func (h *Handle) linkByNameDump(name string) (Link, error) {
 }
 
 func (h *Handle) linkByAliasDump(alias string) (Link, error) {
-	links, err := h.LinkList()
-	if err != nil {
-		return nil, err
+	links, executeErr := h.LinkList()
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	for _, link := range links {
 		if link.Attrs().Alias == alias {
-			return link, nil
+			return link, executeErr
 		}
 	}
 	return nil, LinkNotFoundError{fmt.Errorf("Link alias %s not found", alias)}
 }
 
 // LinkByName finds a link by name and returns a pointer to the object.
+//
+// If the kernel doesn't support IFLA_IFNAME, this method will fall back to
+// filtering a dump of all link names. In this case, if the returned error is
+// [ErrDumpInterrupted] the result may be missing or outdated.
 func LinkByName(name string) (Link, error) {
 	return pkgHandle.LinkByName(name)
 }
 
 // LinkByName finds a link by name and returns a pointer to the object.
+//
+// If the kernel doesn't support IFLA_IFNAME, this method will fall back to
+// filtering a dump of all link names. In this case, if the returned error is
+// [ErrDumpInterrupted] the result may be missing or outdated.
 func (h *Handle) LinkByName(name string) (Link, error) {
 	if h.lookupByDump {
 		return h.linkByNameDump(name)
@@ -1879,12 +1888,20 @@ func (h *Handle) LinkByName(name string) (Link, error) {
 
 // LinkByAlias finds a link by its alias and returns a pointer to the object.
 // If there are multiple links with the alias it returns the first one
+//
+// If the kernel doesn't support IFLA_IFALIAS, this method will fall back to
+// filtering a dump of all link names. In this case, if the returned error is
+// [ErrDumpInterrupted] the result may be missing or outdated.
 func LinkByAlias(alias string) (Link, error) {
 	return pkgHandle.LinkByAlias(alias)
 }
 
 // LinkByAlias finds a link by its alias and returns a pointer to the object.
 // If there are multiple links with the alias it returns the first one
+//
+// If the kernel doesn't support IFLA_IFALIAS, this method will fall back to
+// filtering a dump of all link names. In this case, if the returned error is
+// [ErrDumpInterrupted] the result may be missing or outdated.
 func (h *Handle) LinkByAlias(alias string) (Link, error) {
 	if h.lookupByDump {
 		return h.linkByAliasDump(alias)
@@ -2321,6 +2338,9 @@ func LinkList() ([]Link, error) {
 
 // LinkList gets a list of link devices.
 // Equivalent to: `ip link show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) LinkList() ([]Link, error) {
 	// NOTE(vish): This duplicates functionality in net/iface_linux.go, but we need
 	//             to get the message ourselves to parse link type.
@@ -2331,9 +2351,9 @@ func (h *Handle) LinkList() ([]Link, error) {
 	attr := nl.NewRtAttr(unix.IFLA_EXT_MASK, nl.Uint32Attr(nl.RTEXT_FILTER_VF))
 	req.AddData(attr)
 
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWLINK)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res []Link
@@ -2345,7 +2365,7 @@ func (h *Handle) LinkList() ([]Link, error) {
 		res = append(res, link)
 	}
 
-	return res, nil
+	return res, executeErr
 }
 
 // LinkUpdate is used to pass information back from LinkSubscribe()
@@ -2381,6 +2401,10 @@ type LinkSubscribeOptions struct {
 // LinkSubscribeWithOptions work like LinkSubscribe but enable to
 // provide additional options to modify the behavior. Currently, the
 // namespace can be provided as well as an error callback.
+//
+// When options.ListExisting is true, options.ErrorCallback may be
+// called with [ErrDumpInterrupted] to indicate that results from
+// the initial dump of links may be inconsistent or incomplete.
 func LinkSubscribeWithOptions(ch chan<- LinkUpdate, done <-chan struct{}, options LinkSubscribeOptions) error {
 	if options.Namespace == nil {
 		none := netns.None()
@@ -2440,6 +2464,9 @@ func linkSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- LinkUpdate, done <-c
 				continue
 			}
 			for _, m := range msgs {
+				if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil {
+					cberr(ErrDumpInterrupted)
+				}
 				if m.Header.Type == unix.NLMSG_DONE {
 					continue
 				}
@@ -2649,6 +2676,8 @@ func addNetkitAttrs(nk *Netkit, linkInfo *nl.RtAttr, flag int) error {
 	data.AddRtAttr(nl.IFLA_NETKIT_MODE, nl.Uint32Attr(uint32(nk.Mode)))
 	data.AddRtAttr(nl.IFLA_NETKIT_POLICY, nl.Uint32Attr(uint32(nk.Policy)))
 	data.AddRtAttr(nl.IFLA_NETKIT_PEER_POLICY, nl.Uint32Attr(uint32(nk.PeerPolicy)))
+	data.AddRtAttr(nl.IFLA_NETKIT_SCRUB, nl.Uint32Attr(uint32(nk.Scrub)))
+	data.AddRtAttr(nl.IFLA_NETKIT_PEER_SCRUB, nl.Uint32Attr(uint32(nk.PeerScrub)))
 
 	if (flag & unix.NLM_F_EXCL) == 0 {
 		// Modifying peer link attributes will not take effect
@@ -2709,6 +2738,12 @@ func parseNetkitData(link Link, data []syscall.NetlinkRouteAttr) {
 			netkit.Policy = NetkitPolicy(native.Uint32(datum.Value[0:4]))
 		case nl.IFLA_NETKIT_PEER_POLICY:
 			netkit.PeerPolicy = NetkitPolicy(native.Uint32(datum.Value[0:4]))
+		case nl.IFLA_NETKIT_SCRUB:
+			netkit.supportsScrub = true
+			netkit.Scrub = NetkitScrub(native.Uint32(datum.Value[0:4]))
+		case nl.IFLA_NETKIT_PEER_SCRUB:
+			netkit.supportsScrub = true
+			netkit.PeerScrub = NetkitScrub(native.Uint32(datum.Value[0:4]))
 		}
 	}
 }
diff --git a/vendor/github.com/vishvananda/netlink/neigh_linux.go b/vendor/github.com/vishvananda/netlink/neigh_linux.go
index 2d93044a6e..1c6f2958ae 100644
--- a/vendor/github.com/vishvananda/netlink/neigh_linux.go
+++ b/vendor/github.com/vishvananda/netlink/neigh_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"net"
 	"syscall"
@@ -206,6 +207,9 @@ func neighHandle(neigh *Neigh, req *nl.NetlinkRequest) error {
 // NeighList returns a list of IP-MAC mappings in the system (ARP table).
 // Equivalent to: `ip neighbor show`.
 // The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func NeighList(linkIndex, family int) ([]Neigh, error) {
 	return pkgHandle.NeighList(linkIndex, family)
 }
@@ -213,6 +217,9 @@ func NeighList(linkIndex, family int) ([]Neigh, error) {
 // NeighProxyList returns a list of neighbor proxies in the system.
 // Equivalent to: `ip neighbor show proxy`.
 // The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func NeighProxyList(linkIndex, family int) ([]Neigh, error) {
 	return pkgHandle.NeighProxyList(linkIndex, family)
 }
@@ -220,6 +227,9 @@ func NeighProxyList(linkIndex, family int) ([]Neigh, error) {
 // NeighList returns a list of IP-MAC mappings in the system (ARP table).
 // Equivalent to: `ip neighbor show`.
 // The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error) {
 	return h.NeighListExecute(Ndmsg{
 		Family: uint8(family),
@@ -230,6 +240,9 @@ func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error) {
 // NeighProxyList returns a list of neighbor proxies in the system.
 // Equivalent to: `ip neighbor show proxy`.
 // The list can be filtered by link, ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error) {
 	return h.NeighListExecute(Ndmsg{
 		Family: uint8(family),
@@ -239,18 +252,24 @@ func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error) {
 }
 
 // NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func NeighListExecute(msg Ndmsg) ([]Neigh, error) {
 	return pkgHandle.NeighListExecute(msg)
 }
 
 // NeighListExecute returns a list of neighbour entries filtered by link, ip family, flag and state.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) {
 	req := h.newNetlinkRequest(unix.RTM_GETNEIGH, unix.NLM_F_DUMP)
 	req.AddData(&msg)
 
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNEIGH)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWNEIGH)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res []Neigh
@@ -281,7 +300,7 @@ func (h *Handle) NeighListExecute(msg Ndmsg) ([]Neigh, error) {
 		res = append(res, *neigh)
 	}
 
-	return res, nil
+	return res, executeErr
 }
 
 func NeighDeserialize(m []byte) (*Neigh, error) {
@@ -364,6 +383,10 @@ type NeighSubscribeOptions struct {
 // NeighSubscribeWithOptions work like NeighSubscribe but enable to
 // provide additional options to modify the behavior. Currently, the
 // namespace can be provided as well as an error callback.
+//
+// When options.ListExisting is true, options.ErrorCallback may be
+// called with [ErrDumpInterrupted] to indicate that results from
+// the initial dump of links may be inconsistent or incomplete.
 func NeighSubscribeWithOptions(ch chan<- NeighUpdate, done <-chan struct{}, options NeighSubscribeOptions) error {
 	if options.Namespace == nil {
 		none := netns.None()
@@ -428,6 +451,9 @@ func neighSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- NeighUpdate, done <
 				continue
 			}
 			for _, m := range msgs {
+				if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil {
+					cberr(ErrDumpInterrupted)
+				}
 				if m.Header.Type == unix.NLMSG_DONE {
 					if listExisting {
 						// This will be called after handling AF_UNSPEC
diff --git a/vendor/github.com/vishvananda/netlink/netlink_linux.go b/vendor/github.com/vishvananda/netlink/netlink_linux.go
index a20d293d87..7416e30510 100644
--- a/vendor/github.com/vishvananda/netlink/netlink_linux.go
+++ b/vendor/github.com/vishvananda/netlink/netlink_linux.go
@@ -9,3 +9,6 @@ const (
 	FAMILY_V6   = nl.FAMILY_V6
 	FAMILY_MPLS = nl.FAMILY_MPLS
 )
+
+// ErrDumpInterrupted is an alias for [nl.ErrDumpInterrupted].
+var ErrDumpInterrupted = nl.ErrDumpInterrupted
diff --git a/vendor/github.com/vishvananda/netlink/nl/link_linux.go b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
index 0b5be470cb..6dfa16cc28 100644
--- a/vendor/github.com/vishvananda/netlink/nl/link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/link_linux.go
@@ -38,6 +38,8 @@ const (
 	IFLA_NETKIT_POLICY
 	IFLA_NETKIT_PEER_POLICY
 	IFLA_NETKIT_MODE
+	IFLA_NETKIT_SCRUB
+	IFLA_NETKIT_PEER_SCRUB
 	IFLA_NETKIT_MAX = IFLA_NETKIT_MODE
 )
 
diff --git a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
index 6cecc4517a..4d2732a9e8 100644
--- a/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
+++ b/vendor/github.com/vishvananda/netlink/nl/nl_linux.go
@@ -4,6 +4,7 @@ package nl
 import (
 	"bytes"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"net"
 	"os"
@@ -11,6 +12,7 @@ import (
 	"sync"
 	"sync/atomic"
 	"syscall"
+	"time"
 	"unsafe"
 
 	"github.com/vishvananda/netns"
@@ -43,6 +45,26 @@ var SocketTimeoutTv = unix.Timeval{Sec: 60, Usec: 0}
 // ErrorMessageReporting is the default error message reporting configuration for the new netlink sockets
 var EnableErrorMessageReporting bool = false
 
+// ErrDumpInterrupted is an instance of errDumpInterrupted, used to report that
+// a netlink function has set the NLM_F_DUMP_INTR flag in a response message,
+// indicating that the results may be incomplete or inconsistent.
+var ErrDumpInterrupted = errDumpInterrupted{}
+
+// errDumpInterrupted is an error type, used to report that NLM_F_DUMP_INTR was
+// set in a netlink response.
+type errDumpInterrupted struct{}
+
+func (errDumpInterrupted) Error() string {
+	return "results may be incomplete or inconsistent"
+}
+
+// Before errDumpInterrupted was introduced, EINTR was returned when a netlink
+// response had NLM_F_DUMP_INTR. Retain backward compatibility with code that
+// may be checking for EINTR using Is.
+func (e errDumpInterrupted) Is(target error) bool {
+	return target == unix.EINTR
+}
+
 // GetIPFamily returns the family type of a net.IP.
 func GetIPFamily(ip net.IP) int {
 	if len(ip) <= net.IPv4len {
@@ -492,22 +514,26 @@ func (req *NetlinkRequest) AddRawData(data []byte) {
 // Execute the request against the given sockType.
 // Returns a list of netlink messages in serialized format, optionally filtered
 // by resType.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (req *NetlinkRequest) Execute(sockType int, resType uint16) ([][]byte, error) {
 	var res [][]byte
 	err := req.ExecuteIter(sockType, resType, func(msg []byte) bool {
 		res = append(res, msg)
 		return true
 	})
-	if err != nil {
+	if err != nil && !errors.Is(err, ErrDumpInterrupted) {
 		return nil, err
 	}
-	return res, nil
+	return res, err
 }
 
 // ExecuteIter executes the request against the given sockType.
 // Calls the provided callback func once for each netlink message.
 // If the callback returns false, it is not called again, but
 // the remaining messages are consumed/discarded.
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 //
 // Thread safety: ExecuteIter holds a lock on the socket until
 // it finishes iteration so the callback must not call back into
@@ -559,6 +585,8 @@ func (req *NetlinkRequest) ExecuteIter(sockType int, resType uint16, f func(msg
 		return err
 	}
 
+	dumpIntr := false
+
 done:
 	for {
 		msgs, from, err := s.Receive()
@@ -580,7 +608,7 @@ done:
 			}
 
 			if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 {
-				return syscall.Errno(unix.EINTR)
+				dumpIntr = true
 			}
 
 			if m.Header.Type == unix.NLMSG_DONE || m.Header.Type == unix.NLMSG_ERROR {
@@ -634,6 +662,9 @@ done:
 			}
 		}
 	}
+	if dumpIntr {
+		return ErrDumpInterrupted
+	}
 	return nil
 }
 
@@ -656,9 +687,11 @@ func NewNetlinkRequest(proto, flags int) *NetlinkRequest {
 }
 
 type NetlinkSocket struct {
-	fd   int32
-	file *os.File
-	lsa  unix.SockaddrNetlink
+	fd             int32
+	file           *os.File
+	lsa            unix.SockaddrNetlink
+	sendTimeout    int64 // Access using atomic.Load/StoreInt64
+	receiveTimeout int64 // Access using atomic.Load/StoreInt64
 	sync.Mutex
 }
 
@@ -802,8 +835,44 @@ func (s *NetlinkSocket) GetFd() int {
 	return int(s.fd)
 }
 
+func (s *NetlinkSocket) GetTimeouts() (send, receive time.Duration) {
+	return time.Duration(atomic.LoadInt64(&s.sendTimeout)),
+		time.Duration(atomic.LoadInt64(&s.receiveTimeout))
+}
+
 func (s *NetlinkSocket) Send(request *NetlinkRequest) error {
-	return unix.Sendto(int(s.fd), request.Serialize(), 0, &s.lsa)
+	rawConn, err := s.file.SyscallConn()
+	if err != nil {
+		return err
+	}
+	var (
+		deadline time.Time
+		innerErr error
+	)
+	sendTimeout := atomic.LoadInt64(&s.sendTimeout)
+	if sendTimeout != 0 {
+		deadline = time.Now().Add(time.Duration(sendTimeout))
+	}
+	if err := s.file.SetWriteDeadline(deadline); err != nil {
+		return err
+	}
+	serializedReq := request.Serialize()
+	err = rawConn.Write(func(fd uintptr) (done bool) {
+		innerErr = unix.Sendto(int(s.fd), serializedReq, 0, &s.lsa)
+		return innerErr != unix.EWOULDBLOCK
+	})
+	if innerErr != nil {
+		return innerErr
+	}
+	if err != nil {
+		// The timeout was previously implemented using SO_SNDTIMEO on a blocking
+		// socket. So, continue to return EAGAIN when the timeout is reached.
+		if errors.Is(err, os.ErrDeadlineExceeded) {
+			return unix.EAGAIN
+		}
+		return err
+	}
+	return nil
 }
 
 func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetlink, error) {
@@ -812,20 +881,33 @@ func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetli
 		return nil, nil, err
 	}
 	var (
+		deadline time.Time
 		fromAddr *unix.SockaddrNetlink
 		rb       [RECEIVE_BUFFER_SIZE]byte
 		nr       int
 		from     unix.Sockaddr
 		innerErr error
 	)
+	receiveTimeout := atomic.LoadInt64(&s.receiveTimeout)
+	if receiveTimeout != 0 {
+		deadline = time.Now().Add(time.Duration(receiveTimeout))
+	}
+	if err := s.file.SetReadDeadline(deadline); err != nil {
+		return nil, nil, err
+	}
 	err = rawConn.Read(func(fd uintptr) (done bool) {
 		nr, from, innerErr = unix.Recvfrom(int(fd), rb[:], 0)
 		return innerErr != unix.EWOULDBLOCK
 	})
 	if innerErr != nil {
-		err = innerErr
+		return nil, nil, innerErr
 	}
 	if err != nil {
+		// The timeout was previously implemented using SO_RCVTIMEO on a blocking
+		// socket. So, continue to return EAGAIN when the timeout is reached.
+		if errors.Is(err, os.ErrDeadlineExceeded) {
+			return nil, nil, unix.EAGAIN
+		}
 		return nil, nil, err
 	}
 	fromAddr, ok := from.(*unix.SockaddrNetlink)
@@ -847,16 +929,14 @@ func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, *unix.SockaddrNetli
 
 // SetSendTimeout allows to set a send timeout on the socket
 func (s *NetlinkSocket) SetSendTimeout(timeout *unix.Timeval) error {
-	// Set a send timeout of SOCKET_SEND_TIMEOUT, this will allow the Send to periodically unblock and avoid that a routine
-	// remains stuck on a send on a closed fd
-	return unix.SetsockoptTimeval(int(s.fd), unix.SOL_SOCKET, unix.SO_SNDTIMEO, timeout)
+	atomic.StoreInt64(&s.sendTimeout, timeout.Nano())
+	return nil
 }
 
 // SetReceiveTimeout allows to set a receive timeout on the socket
 func (s *NetlinkSocket) SetReceiveTimeout(timeout *unix.Timeval) error {
-	// Set a read timeout of SOCKET_READ_TIMEOUT, this will allow the Read to periodically unblock and avoid that a routine
-	// remains stuck on a recvmsg on a closed fd
-	return unix.SetsockoptTimeval(int(s.fd), unix.SOL_SOCKET, unix.SO_RCVTIMEO, timeout)
+	atomic.StoreInt64(&s.receiveTimeout, timeout.Nano())
+	return nil
 }
 
 // SetReceiveBufferSize allows to set a receive buffer size on the socket
diff --git a/vendor/github.com/vishvananda/netlink/protinfo_linux.go b/vendor/github.com/vishvananda/netlink/protinfo_linux.go
index 1ba25d3cd4..aa51e3b470 100644
--- a/vendor/github.com/vishvananda/netlink/protinfo_linux.go
+++ b/vendor/github.com/vishvananda/netlink/protinfo_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"syscall"
 
@@ -8,10 +9,14 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func LinkGetProtinfo(link Link) (Protinfo, error) {
 	return pkgHandle.LinkGetProtinfo(link)
 }
 
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) {
 	base := link.Attrs()
 	h.ensureIndex(base)
@@ -19,9 +24,9 @@ func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) {
 	req := h.newNetlinkRequest(unix.RTM_GETLINK, unix.NLM_F_DUMP)
 	msg := nl.NewIfInfomsg(unix.AF_BRIDGE)
 	req.AddData(msg)
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, 0)
-	if err != nil {
-		return pi, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, 0)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return pi, executeErr
 	}
 
 	for _, m := range msgs {
@@ -43,7 +48,7 @@ func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error) {
 			}
 			pi = parseProtinfo(infos)
 
-			return pi, nil
+			return pi, executeErr
 		}
 	}
 	return pi, fmt.Errorf("Device with index %d not found", base.Index)
diff --git a/vendor/github.com/vishvananda/netlink/qdisc_linux.go b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
index e732ae3bd6..22cf0e5825 100644
--- a/vendor/github.com/vishvananda/netlink/qdisc_linux.go
+++ b/vendor/github.com/vishvananda/netlink/qdisc_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"strconv"
@@ -338,6 +339,9 @@ func qdiscPayload(req *nl.NetlinkRequest, qdisc Qdisc) error {
 // QdiscList gets a list of qdiscs in the system.
 // Equivalent to: `tc qdisc show`.
 // The list can be filtered by link.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func QdiscList(link Link) ([]Qdisc, error) {
 	return pkgHandle.QdiscList(link)
 }
@@ -345,6 +349,9 @@ func QdiscList(link Link) ([]Qdisc, error) {
 // QdiscList gets a list of qdiscs in the system.
 // Equivalent to: `tc qdisc show`.
 // The list can be filtered by link.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
 	req := h.newNetlinkRequest(unix.RTM_GETQDISC, unix.NLM_F_DUMP)
 	index := int32(0)
@@ -359,9 +366,9 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
 	}
 	req.AddData(msg)
 
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWQDISC)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWQDISC)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res []Qdisc
@@ -497,7 +504,7 @@ func (h *Handle) QdiscList(link Link) ([]Qdisc, error) {
 		res = append(res, qdisc)
 	}
 
-	return res, nil
+	return res, executeErr
 }
 
 func parsePfifoFastData(qdisc Qdisc, value []byte) error {
diff --git a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
index 036399db6b..9bb7507321 100644
--- a/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rdma_link_linux.go
@@ -3,6 +3,7 @@ package netlink
 import (
 	"bytes"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"net"
 
@@ -85,19 +86,25 @@ func execRdmaSetLink(req *nl.NetlinkRequest) error {
 
 // RdmaLinkList gets a list of RDMA link devices.
 // Equivalent to: `rdma dev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func RdmaLinkList() ([]*RdmaLink, error) {
 	return pkgHandle.RdmaLinkList()
 }
 
 // RdmaLinkList gets a list of RDMA link devices.
 // Equivalent to: `rdma dev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) RdmaLinkList() ([]*RdmaLink, error) {
 	proto := getProtoField(nl.RDMA_NL_NLDEV, nl.RDMA_NLDEV_CMD_GET)
 	req := h.newNetlinkRequest(proto, unix.NLM_F_ACK|unix.NLM_F_DUMP)
 
-	msgs, err := req.Execute(unix.NETLINK_RDMA, 0)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_RDMA, 0)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res []*RdmaLink
@@ -109,17 +116,23 @@ func (h *Handle) RdmaLinkList() ([]*RdmaLink, error) {
 		res = append(res, link)
 	}
 
-	return res, nil
+	return res, executeErr
 }
 
 // RdmaLinkByName finds a link by name and returns a pointer to the object if
 // found and nil error, otherwise returns error code.
+//
+// If the returned error is [ErrDumpInterrupted], the result may be missing or
+// outdated and the caller should retry.
 func RdmaLinkByName(name string) (*RdmaLink, error) {
 	return pkgHandle.RdmaLinkByName(name)
 }
 
 // RdmaLinkByName finds a link by name and returns a pointer to the object if
 // found and nil error, otherwise returns error code.
+//
+// If the returned error is [ErrDumpInterrupted], the result may be missing or
+// outdated and the caller should retry.
 func (h *Handle) RdmaLinkByName(name string) (*RdmaLink, error) {
 	links, err := h.RdmaLinkList()
 	if err != nil {
@@ -288,6 +301,8 @@ func RdmaLinkDel(name string) error {
 }
 
 // RdmaLinkDel deletes an rdma link.
+//
+// If the returned error is [ErrDumpInterrupted], the caller should retry.
 func (h *Handle) RdmaLinkDel(name string) error {
 	link, err := h.RdmaLinkByName(name)
 	if err != nil {
@@ -307,6 +322,7 @@ func (h *Handle) RdmaLinkDel(name string) error {
 
 // RdmaLinkAdd adds an rdma link for the specified type to the network device.
 // Similar to: rdma link add NAME type TYPE netdev NETDEV
+//
 //	NAME - specifies the new name of the rdma link to add
 //	TYPE - specifies which rdma type to use.  Link types:
 //		rxe - Soft RoCE driver
diff --git a/vendor/github.com/vishvananda/netlink/route_linux.go b/vendor/github.com/vishvananda/netlink/route_linux.go
index 0cd4f8363a..28a132a2f0 100644
--- a/vendor/github.com/vishvananda/netlink/route_linux.go
+++ b/vendor/github.com/vishvananda/netlink/route_linux.go
@@ -3,6 +3,7 @@ package netlink
 import (
 	"bytes"
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"net"
 	"strconv"
@@ -1163,6 +1164,9 @@ func (h *Handle) prepareRouteReq(route *Route, req *nl.NetlinkRequest, msg *nl.R
 // RouteList gets a list of routes in the system.
 // Equivalent to: `ip route show`.
 // The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func RouteList(link Link, family int) ([]Route, error) {
 	return pkgHandle.RouteList(link, family)
 }
@@ -1170,6 +1174,9 @@ func RouteList(link Link, family int) ([]Route, error) {
 // RouteList gets a list of routes in the system.
 // Equivalent to: `ip route show`.
 // The list can be filtered by link and ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) RouteList(link Link, family int) ([]Route, error) {
 	routeFilter := &Route{}
 	if link != nil {
@@ -1188,6 +1195,9 @@ func RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, e
 
 // RouteListFiltered gets a list of routes in the system filtered with specified rules.
 // All rules must be defined in RouteFilter struct
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, error) {
 	var res []Route
 	err := h.RouteListFilteredIter(family, filter, filterMask, func(route Route) (cont bool) {
@@ -1202,17 +1212,22 @@ func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64)
 
 // RouteListFilteredIter passes each route that matches the filter to the given iterator func.  Iteration continues
 // until all routes are loaded or the func returns false.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func RouteListFilteredIter(family int, filter *Route, filterMask uint64, f func(Route) (cont bool)) error {
 	return pkgHandle.RouteListFilteredIter(family, filter, filterMask, f)
 }
 
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) RouteListFilteredIter(family int, filter *Route, filterMask uint64, f func(Route) (cont bool)) error {
 	req := h.newNetlinkRequest(unix.RTM_GETROUTE, unix.NLM_F_DUMP)
 	rtmsg := &nl.RtMsg{}
 	rtmsg.Family = uint8(family)
 
 	var parseErr error
-	err := h.routeHandleIter(filter, req, rtmsg, func(m []byte) bool {
+	executeErr := h.routeHandleIter(filter, req, rtmsg, func(m []byte) bool {
 		msg := nl.DeserializeRtMsg(m)
 		if family != FAMILY_ALL && msg.Family != uint8(family) {
 			// Ignore routes not matching requested family
@@ -1270,13 +1285,13 @@ func (h *Handle) RouteListFilteredIter(family int, filter *Route, filterMask uin
 		}
 		return f(route)
 	})
-	if err != nil {
-		return err
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return executeErr
 	}
 	if parseErr != nil {
 		return parseErr
 	}
-	return nil
+	return executeErr
 }
 
 // deserializeRoute decodes a binary netlink message into a Route struct
@@ -1684,6 +1699,10 @@ type RouteSubscribeOptions struct {
 // RouteSubscribeWithOptions work like RouteSubscribe but enable to
 // provide additional options to modify the behavior. Currently, the
 // namespace can be provided as well as an error callback.
+//
+// When options.ListExisting is true, options.ErrorCallback may be
+// called with [ErrDumpInterrupted] to indicate that results from
+// the initial dump of links may be inconsistent or incomplete.
 func RouteSubscribeWithOptions(ch chan<- RouteUpdate, done <-chan struct{}, options RouteSubscribeOptions) error {
 	if options.Namespace == nil {
 		none := netns.None()
@@ -1743,6 +1762,9 @@ func routeSubscribeAt(newNs, curNs netns.NsHandle, ch chan<- RouteUpdate, done <
 				continue
 			}
 			for _, m := range msgs {
+				if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 && cberr != nil {
+					cberr(ErrDumpInterrupted)
+				}
 				if m.Header.Type == unix.NLMSG_DONE {
 					continue
 				}
diff --git a/vendor/github.com/vishvananda/netlink/rule_linux.go b/vendor/github.com/vishvananda/netlink/rule_linux.go
index ddff99cfad..dba99147b2 100644
--- a/vendor/github.com/vishvananda/netlink/rule_linux.go
+++ b/vendor/github.com/vishvananda/netlink/rule_linux.go
@@ -2,6 +2,7 @@ package netlink
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"net"
 
@@ -183,12 +184,18 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
 
 // RuleList lists rules in the system.
 // Equivalent to: ip rule list
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func RuleList(family int) ([]Rule, error) {
 	return pkgHandle.RuleList(family)
 }
 
 // RuleList lists rules in the system.
 // Equivalent to: ip rule list
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) RuleList(family int) ([]Rule, error) {
 	return h.RuleListFiltered(family, nil, 0)
 }
@@ -196,20 +203,26 @@ func (h *Handle) RuleList(family int) ([]Rule, error) {
 // RuleListFiltered gets a list of rules in the system filtered by the
 // specified rule template `filter`.
 // Equivalent to: ip rule list
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
 	return pkgHandle.RuleListFiltered(family, filter, filterMask)
 }
 
 // RuleListFiltered lists rules in the system.
 // Equivalent to: ip rule list
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) ([]Rule, error) {
 	req := h.newNetlinkRequest(unix.RTM_GETRULE, unix.NLM_F_DUMP|unix.NLM_F_REQUEST)
 	msg := nl.NewIfInfomsg(family)
 	req.AddData(msg)
 
-	msgs, err := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWRULE)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_ROUTE, unix.RTM_NEWRULE)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res = make([]Rule, 0)
@@ -306,7 +319,7 @@ func (h *Handle) RuleListFiltered(family int, filter *Rule, filterMask uint64) (
 		res = append(res, *rule)
 	}
 
-	return res, nil
+	return res, executeErr
 }
 
 func (pr *RulePortRange) toRtAttrData() []byte {
diff --git a/vendor/github.com/vishvananda/netlink/socket_linux.go b/vendor/github.com/vishvananda/netlink/socket_linux.go
index 4eb4aeafbd..82891bc2e0 100644
--- a/vendor/github.com/vishvananda/netlink/socket_linux.go
+++ b/vendor/github.com/vishvananda/netlink/socket_linux.go
@@ -157,6 +157,9 @@ func (u *UnixSocket) deserialize(b []byte) error {
 }
 
 // SocketGet returns the Socket identified by its local and remote addresses.
+//
+// If the returned error is [ErrDumpInterrupted], the search for a result may
+// be incomplete and the caller should retry.
 func (h *Handle) SocketGet(local, remote net.Addr) (*Socket, error) {
 	var protocol uint8
 	var localIP, remoteIP net.IP
@@ -232,6 +235,9 @@ func (h *Handle) SocketGet(local, remote net.Addr) (*Socket, error) {
 }
 
 // SocketGet returns the Socket identified by its local and remote addresses.
+//
+// If the returned error is [ErrDumpInterrupted], the search for a result may
+// be incomplete and the caller should retry.
 func SocketGet(local, remote net.Addr) (*Socket, error) {
 	return pkgHandle.SocketGet(local, remote)
 }
@@ -283,6 +289,9 @@ func SocketDestroy(local, remote net.Addr) error {
 }
 
 // SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type and return with extension TCP info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) {
 	// Construct the request
 	req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
@@ -295,9 +304,9 @@ func (h *Handle) SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error)
 
 	// Do the query and parse the result
 	var result []*InetDiagTCPInfoResp
-	var err error
-	err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+	executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
 		sockInfo := &Socket{}
+		var err error
 		if err = sockInfo.deserialize(msg); err != nil {
 			return false
 		}
@@ -315,18 +324,24 @@ func (h *Handle) SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error)
 		return true
 	})
 
-	if err != nil {
-		return nil, err
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
-	return result, nil
+	return result, executeErr
 }
 
 // SocketDiagTCPInfo requests INET_DIAG_INFO for TCP protocol for specified family type and return with extension TCP info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func SocketDiagTCPInfo(family uint8) ([]*InetDiagTCPInfoResp, error) {
 	return pkgHandle.SocketDiagTCPInfo(family)
 }
 
 // SocketDiagTCP requests INET_DIAG_INFO for TCP protocol for specified family type and return related socket.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) SocketDiagTCP(family uint8) ([]*Socket, error) {
 	// Construct the request
 	req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
@@ -339,27 +354,32 @@ func (h *Handle) SocketDiagTCP(family uint8) ([]*Socket, error) {
 
 	// Do the query and parse the result
 	var result []*Socket
-	var err error
-	err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+	executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
 		sockInfo := &Socket{}
-		if err = sockInfo.deserialize(msg); err != nil {
+		if err := sockInfo.deserialize(msg); err != nil {
 			return false
 		}
 		result = append(result, sockInfo)
 		return true
 	})
-	if err != nil {
-		return nil, err
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
-	return result, nil
+	return result, executeErr
 }
 
 // SocketDiagTCP requests INET_DIAG_INFO for TCP protocol for specified family type and return related socket.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func SocketDiagTCP(family uint8) ([]*Socket, error) {
 	return pkgHandle.SocketDiagTCP(family)
 }
 
 // SocketDiagUDPInfo requests INET_DIAG_INFO for UDP protocol for specified family type and return with extension info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error) {
 	// Construct the request
 	var extensions uint8
@@ -377,14 +397,14 @@ func (h *Handle) SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error)
 
 	// Do the query and parse the result
 	var result []*InetDiagUDPInfoResp
-	var err error
-	err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+	executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
 		sockInfo := &Socket{}
-		if err = sockInfo.deserialize(msg); err != nil {
+		if err := sockInfo.deserialize(msg); err != nil {
 			return false
 		}
 
 		var attrs []syscall.NetlinkRouteAttr
+		var err error
 		if attrs, err = nl.ParseRouteAttr(msg[sizeofSocket:]); err != nil {
 			return false
 		}
@@ -397,18 +417,24 @@ func (h *Handle) SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error)
 		result = append(result, res)
 		return true
 	})
-	if err != nil {
-		return nil, err
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
-	return result, nil
+	return result, executeErr
 }
 
 // SocketDiagUDPInfo requests INET_DIAG_INFO for UDP protocol for specified family type and return with extension info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func SocketDiagUDPInfo(family uint8) ([]*InetDiagUDPInfoResp, error) {
 	return pkgHandle.SocketDiagUDPInfo(family)
 }
 
 // SocketDiagUDP requests INET_DIAG_INFO for UDP protocol for specified family type and return related socket.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) SocketDiagUDP(family uint8) ([]*Socket, error) {
 	// Construct the request
 	req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
@@ -421,27 +447,32 @@ func (h *Handle) SocketDiagUDP(family uint8) ([]*Socket, error) {
 
 	// Do the query and parse the result
 	var result []*Socket
-	var err error
-	err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+	executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
 		sockInfo := &Socket{}
-		if err = sockInfo.deserialize(msg); err != nil {
+		if err := sockInfo.deserialize(msg); err != nil {
 			return false
 		}
 		result = append(result, sockInfo)
 		return true
 	})
-	if err != nil {
-		return nil, err
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
-	return result, nil
+	return result, executeErr
 }
 
 // SocketDiagUDP requests INET_DIAG_INFO for UDP protocol for specified family type and return related socket.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func SocketDiagUDP(family uint8) ([]*Socket, error) {
 	return pkgHandle.SocketDiagUDP(family)
 }
 
 // UnixSocketDiagInfo requests UNIX_DIAG_INFO for unix sockets and return with extension info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
 	// Construct the request
 	var extensions uint8
@@ -456,10 +487,9 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
 	})
 
 	var result []*UnixDiagInfoResp
-	var err error
-	err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+	executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
 		sockInfo := &UnixSocket{}
-		if err = sockInfo.deserialize(msg); err != nil {
+		if err := sockInfo.deserialize(msg); err != nil {
 			return false
 		}
 
@@ -469,6 +499,7 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
 		}
 
 		var attrs []syscall.NetlinkRouteAttr
+		var err error
 		if attrs, err = nl.ParseRouteAttr(msg[sizeofSocket:]); err != nil {
 			return false
 		}
@@ -480,18 +511,24 @@ func (h *Handle) UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
 		result = append(result, res)
 		return true
 	})
-	if err != nil {
-		return nil, err
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
-	return result, nil
+	return result, executeErr
 }
 
 // UnixSocketDiagInfo requests UNIX_DIAG_INFO for unix sockets and return with extension info.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func UnixSocketDiagInfo() ([]*UnixDiagInfoResp, error) {
 	return pkgHandle.UnixSocketDiagInfo()
 }
 
 // UnixSocketDiag requests UNIX_DIAG_INFO for unix sockets.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) UnixSocketDiag() ([]*UnixSocket, error) {
 	// Construct the request
 	req := h.newNetlinkRequest(nl.SOCK_DIAG_BY_FAMILY, unix.NLM_F_DUMP)
@@ -501,10 +538,9 @@ func (h *Handle) UnixSocketDiag() ([]*UnixSocket, error) {
 	})
 
 	var result []*UnixSocket
-	var err error
-	err = req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
+	executeErr := req.ExecuteIter(unix.NETLINK_INET_DIAG, nl.SOCK_DIAG_BY_FAMILY, func(msg []byte) bool {
 		sockInfo := &UnixSocket{}
-		if err = sockInfo.deserialize(msg); err != nil {
+		if err := sockInfo.deserialize(msg); err != nil {
 			return false
 		}
 
@@ -514,13 +550,16 @@ func (h *Handle) UnixSocketDiag() ([]*UnixSocket, error) {
 		}
 		return true
 	})
-	if err != nil {
-		return nil, err
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
-	return result, nil
+	return result, executeErr
 }
 
 // UnixSocketDiag requests UNIX_DIAG_INFO for unix sockets.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func UnixSocketDiag() ([]*UnixSocket, error) {
 	return pkgHandle.UnixSocketDiag()
 }
diff --git a/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go b/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go
index 20c82f9c76..c1dd00a864 100644
--- a/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go
+++ b/vendor/github.com/vishvananda/netlink/socket_xdp_linux.go
@@ -52,8 +52,10 @@ func (s *XDPSocket) deserialize(b []byte) error {
 	return nil
 }
 
-// XDPSocketGet returns the XDP socket identified by its inode number and/or
+// SocketXDPGetInfo returns the XDP socket identified by its inode number and/or
 // socket cookie. Specify the cookie as SOCK_ANY_COOKIE if
+//
+// If the returned error is [ErrDumpInterrupted], the caller should retry.
 func SocketXDPGetInfo(ino uint32, cookie uint64) (*XDPDiagInfoResp, error) {
 	// We have a problem here: dumping AF_XDP sockets currently does not support
 	// filtering. We thus need to dump all XSKs and then only filter afterwards
@@ -85,6 +87,9 @@ func SocketXDPGetInfo(ino uint32, cookie uint64) (*XDPDiagInfoResp, error) {
 }
 
 // SocketDiagXDP requests XDP_DIAG_INFO for XDP family sockets.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func SocketDiagXDP() ([]*XDPDiagInfoResp, error) {
 	var result []*XDPDiagInfoResp
 	err := socketDiagXDPExecutor(func(m syscall.NetlinkMessage) error {
@@ -105,10 +110,10 @@ func SocketDiagXDP() ([]*XDPDiagInfoResp, error) {
 		result = append(result, res)
 		return nil
 	})
-	if err != nil {
+	if err != nil && !errors.Is(err, ErrDumpInterrupted) {
 		return nil, err
 	}
-	return result, nil
+	return result, err
 }
 
 // socketDiagXDPExecutor requests XDP_DIAG_INFO for XDP family sockets.
@@ -128,6 +133,7 @@ func socketDiagXDPExecutor(receiver func(syscall.NetlinkMessage) error) error {
 		return err
 	}
 
+	dumpIntr := false
 loop:
 	for {
 		msgs, from, err := s.Receive()
@@ -142,6 +148,9 @@ loop:
 		}
 
 		for _, m := range msgs {
+			if m.Header.Flags&unix.NLM_F_DUMP_INTR != 0 {
+				dumpIntr = true
+			}
 			switch m.Header.Type {
 			case unix.NLMSG_DONE:
 				break loop
@@ -154,6 +163,9 @@ loop:
 			}
 		}
 	}
+	if dumpIntr {
+		return ErrDumpInterrupted
+	}
 	return nil
 }
 
diff --git a/vendor/github.com/vishvananda/netlink/vdpa_linux.go b/vendor/github.com/vishvananda/netlink/vdpa_linux.go
index 7c15986d0f..c14877a295 100644
--- a/vendor/github.com/vishvananda/netlink/vdpa_linux.go
+++ b/vendor/github.com/vishvananda/netlink/vdpa_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"net"
 	"syscall"
@@ -118,6 +119,9 @@ func VDPADelDev(name string) error {
 
 // VDPAGetDevList returns list of VDPA devices
 // Equivalent to: `vdpa dev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func VDPAGetDevList() ([]*VDPADev, error) {
 	return pkgHandle.VDPAGetDevList()
 }
@@ -130,6 +134,9 @@ func VDPAGetDevByName(name string) (*VDPADev, error) {
 
 // VDPAGetDevConfigList returns list of VDPA devices configurations
 // Equivalent to: `vdpa dev config show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func VDPAGetDevConfigList() ([]*VDPADevConfig, error) {
 	return pkgHandle.VDPAGetDevConfigList()
 }
@@ -148,6 +155,9 @@ func VDPAGetDevVStats(name string, queueIndex uint32) (*VDPADevVStats, error) {
 
 // VDPAGetMGMTDevList returns list of mgmt devices
 // Equivalent to: `vdpa mgmtdev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func VDPAGetMGMTDevList() ([]*VDPAMGMTDev, error) {
 	return pkgHandle.VDPAGetMGMTDevList()
 }
@@ -261,9 +271,9 @@ func (h *Handle) vdpaRequest(command uint8, extraFlags int, attrs []*nl.RtAttr)
 		req.AddData(a)
 	}
 
-	resp, err := req.Execute(unix.NETLINK_GENERIC, 0)
-	if err != nil {
-		return nil, err
+	resp, executeErr := req.Execute(unix.NETLINK_GENERIC, 0)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 	messages := make([]vdpaNetlinkMessage, 0, len(resp))
 	for _, m := range resp {
@@ -273,10 +283,13 @@ func (h *Handle) vdpaRequest(command uint8, extraFlags int, attrs []*nl.RtAttr)
 		}
 		messages = append(messages, attrs)
 	}
-	return messages, nil
+	return messages, executeErr
 }
 
 // dump all devices if dev is nil
+//
+// If dev is nil and the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) {
 	var extraFlags int
 	var attrs []*nl.RtAttr
@@ -285,9 +298,9 @@ func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) {
 	} else {
 		extraFlags = extraFlags | unix.NLM_F_DUMP
 	}
-	messages, err := h.vdpaRequest(nl.VDPA_CMD_DEV_GET, extraFlags, attrs)
-	if err != nil {
-		return nil, err
+	messages, executeErr := h.vdpaRequest(nl.VDPA_CMD_DEV_GET, extraFlags, attrs)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 	devs := make([]*VDPADev, 0, len(messages))
 	for _, m := range messages {
@@ -295,10 +308,13 @@ func (h *Handle) vdpaDevGet(dev *string) ([]*VDPADev, error) {
 		d.parseAttributes(m)
 		devs = append(devs, d)
 	}
-	return devs, nil
+	return devs, executeErr
 }
 
 // dump all devices if dev is nil
+//
+// If dev is nil, and the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) {
 	var extraFlags int
 	var attrs []*nl.RtAttr
@@ -307,9 +323,9 @@ func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) {
 	} else {
 		extraFlags = extraFlags | unix.NLM_F_DUMP
 	}
-	messages, err := h.vdpaRequest(nl.VDPA_CMD_DEV_CONFIG_GET, extraFlags, attrs)
-	if err != nil {
-		return nil, err
+	messages, executeErr := h.vdpaRequest(nl.VDPA_CMD_DEV_CONFIG_GET, extraFlags, attrs)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 	cfgs := make([]*VDPADevConfig, 0, len(messages))
 	for _, m := range messages {
@@ -317,10 +333,13 @@ func (h *Handle) vdpaDevConfigGet(dev *string) ([]*VDPADevConfig, error) {
 		cfg.parseAttributes(m)
 		cfgs = append(cfgs, cfg)
 	}
-	return cfgs, nil
+	return cfgs, executeErr
 }
 
 // dump all devices if dev is nil
+//
+// If dev is nil and the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) {
 	var extraFlags int
 	var attrs []*nl.RtAttr
@@ -336,9 +355,9 @@ func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) {
 	} else {
 		extraFlags = extraFlags | unix.NLM_F_DUMP
 	}
-	messages, err := h.vdpaRequest(nl.VDPA_CMD_MGMTDEV_GET, extraFlags, attrs)
-	if err != nil {
-		return nil, err
+	messages, executeErr := h.vdpaRequest(nl.VDPA_CMD_MGMTDEV_GET, extraFlags, attrs)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 	cfgs := make([]*VDPAMGMTDev, 0, len(messages))
 	for _, m := range messages {
@@ -346,7 +365,7 @@ func (h *Handle) vdpaMGMTDevGet(bus, dev *string) ([]*VDPAMGMTDev, error) {
 		cfg.parseAttributes(m)
 		cfgs = append(cfgs, cfg)
 	}
-	return cfgs, nil
+	return cfgs, executeErr
 }
 
 // VDPANewDev adds new VDPA device
@@ -385,6 +404,9 @@ func (h *Handle) VDPADelDev(name string) error {
 
 // VDPAGetDevList returns list of VDPA devices
 // Equivalent to: `vdpa dev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) VDPAGetDevList() ([]*VDPADev, error) {
 	return h.vdpaDevGet(nil)
 }
@@ -404,6 +426,9 @@ func (h *Handle) VDPAGetDevByName(name string) (*VDPADev, error) {
 
 // VDPAGetDevConfigList returns list of VDPA devices configurations
 // Equivalent to: `vdpa dev config show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) VDPAGetDevConfigList() ([]*VDPADevConfig, error) {
 	return h.vdpaDevConfigGet(nil)
 }
@@ -441,6 +466,9 @@ func (h *Handle) VDPAGetDevVStats(name string, queueIndex uint32) (*VDPADevVStat
 
 // VDPAGetMGMTDevList returns list of mgmt devices
 // Equivalent to: `vdpa mgmtdev show`
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) VDPAGetMGMTDevList() ([]*VDPAMGMTDev, error) {
 	return h.vdpaMGMTDevGet(nil, nil)
 }
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go
index d526739ceb..bf143a1b13 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_policy_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"net"
 
@@ -215,6 +216,9 @@ func (h *Handle) XfrmPolicyDel(policy *XfrmPolicy) error {
 // XfrmPolicyList gets a list of xfrm policies in the system.
 // Equivalent to: `ip xfrm policy show`.
 // The list can be filtered by ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func XfrmPolicyList(family int) ([]XfrmPolicy, error) {
 	return pkgHandle.XfrmPolicyList(family)
 }
@@ -222,15 +226,18 @@ func XfrmPolicyList(family int) ([]XfrmPolicy, error) {
 // XfrmPolicyList gets a list of xfrm policies in the system.
 // Equivalent to: `ip xfrm policy show`.
 // The list can be filtered by ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error) {
 	req := h.newNetlinkRequest(nl.XFRM_MSG_GETPOLICY, unix.NLM_F_DUMP)
 
 	msg := nl.NewIfInfomsg(family)
 	req.AddData(msg)
 
-	msgs, err := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWPOLICY)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWPOLICY)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res []XfrmPolicy
@@ -243,7 +250,7 @@ func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error) {
 			return nil, err
 		}
 	}
-	return res, nil
+	return res, executeErr
 }
 
 // XfrmPolicyGet gets a the policy described by the index or selector, if found.
diff --git a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
index 554f2498c2..2f46146514 100644
--- a/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
+++ b/vendor/github.com/vishvananda/netlink/xfrm_state_linux.go
@@ -1,6 +1,7 @@
 package netlink
 
 import (
+	"errors"
 	"fmt"
 	"net"
 	"time"
@@ -382,6 +383,9 @@ func (h *Handle) XfrmStateDel(state *XfrmState) error {
 // XfrmStateList gets a list of xfrm states in the system.
 // Equivalent to: `ip [-4|-6] xfrm state show`.
 // The list can be filtered by ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func XfrmStateList(family int) ([]XfrmState, error) {
 	return pkgHandle.XfrmStateList(family)
 }
@@ -389,12 +393,15 @@ func XfrmStateList(family int) ([]XfrmState, error) {
 // XfrmStateList gets a list of xfrm states in the system.
 // Equivalent to: `ip xfrm state show`.
 // The list can be filtered by ip family.
+//
+// If the returned error is [ErrDumpInterrupted], results may be inconsistent
+// or incomplete.
 func (h *Handle) XfrmStateList(family int) ([]XfrmState, error) {
 	req := h.newNetlinkRequest(nl.XFRM_MSG_GETSA, unix.NLM_F_DUMP)
 
-	msgs, err := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWSA)
-	if err != nil {
-		return nil, err
+	msgs, executeErr := req.Execute(unix.NETLINK_XFRM, nl.XFRM_MSG_NEWSA)
+	if executeErr != nil && !errors.Is(executeErr, ErrDumpInterrupted) {
+		return nil, executeErr
 	}
 
 	var res []XfrmState
@@ -407,7 +414,7 @@ func (h *Handle) XfrmStateList(family int) ([]XfrmState, error) {
 			return nil, err
 		}
 	}
-	return res, nil
+	return res, executeErr
 }
 
 // XfrmStateGet gets the xfrm state described by the ID, if found.
diff --git a/vendor/go.opentelemetry.io/otel/.golangci.yml b/vendor/go.opentelemetry.io/otel/.golangci.yml
index a5f904197f..d09555506f 100644
--- a/vendor/go.opentelemetry.io/otel/.golangci.yml
+++ b/vendor/go.opentelemetry.io/otel/.golangci.yml
@@ -25,6 +25,7 @@ linters:
     - revive
     - staticcheck
     - tenv
+    - testifylint
     - typecheck
     - unconvert
     - unused
@@ -302,3 +303,9 @@ linters-settings:
       # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#waitgroup-by-value
       - name: waitgroup-by-value
         disabled: false
+  testifylint:
+    enable-all: true
+    disable:
+      - float-compare
+      - go-require
+      - require-error
diff --git a/vendor/go.opentelemetry.io/otel/CHANGELOG.md b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
index fb107426e7..4b361d0269 100644
--- a/vendor/go.opentelemetry.io/otel/CHANGELOG.md
+++ b/vendor/go.opentelemetry.io/otel/CHANGELOG.md
@@ -11,6 +11,35 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 <!-- Released section -->
 <!-- Don't change this section unless doing release -->
 
+## [1.31.0/0.53.0/0.7.0/0.0.10] 2024-10-11
+
+### Added
+
+- Add `go.opentelemetry.io/otel/sdk/metric/exemplar` package which includes `Exemplar`, `Filter`, `TraceBasedFilter`, `AlwaysOnFilter`, `HistogramReservoir`, `FixedSizeReservoir`, `Reservoir`, `Value` and `ValueType` types. These will be used for configuring the exemplar reservoir for the metrics sdk. (#5747, #5862)
+- Add `WithExportBufferSize` option to log batch processor.(#5877)
+
+### Changed
+
+- Enable exemplars by default in `go.opentelemetry.io/otel/sdk/metric`. Exemplars can be disabled by setting `OTEL_METRICS_EXEMPLAR_FILTER=always_off` (#5778)
+- `Logger.Enabled` in `go.opentelemetry.io/otel/log` now accepts a newly introduced `EnabledParameters` type instead of `Record`. (#5791)
+- `FilterProcessor.Enabled` in `go.opentelemetry.io/otel/sdk/log/internal/x` now accepts `EnabledParameters` instead of `Record`. (#5791)
+- The `Record` type in `go.opentelemetry.io/otel/log` is no longer comparable. (#5847)
+- Performance improvements for the trace SDK `SetAttributes` method in `Span`. (#5864)
+- Reduce memory allocations for the `Event` and `Link` lists in `Span`. (#5858)
+- Performance improvements for the trace SDK `AddEvent`, `AddLink`, `RecordError` and `End` methods in `Span`. (#5874)
+
+### Deprecated
+
+- Deprecate all examples under `go.opentelemetry.io/otel/example` as they are moved to [Contrib repository](https://github.com/open-telemetry/opentelemetry-go-contrib/tree/main/examples). (#5854)
+
+### Fixed
+
+- The race condition for multiple `FixedSize` exemplar reservoirs identified in #5814 is resolved. (#5819)
+- Fix log records duplication in case of heterogeneous resource attributes by correctly mapping each log record to it's resource and scope. (#5803)
+- Fix timer channel drain to avoid hanging on Go 1.23. (#5868)
+- Fix delegation for global meter providers, and panic when calling otel.SetMeterProvider. (#5827)
+- Change the `reflect.TypeOf` to use a nil pointer to not allocate on the heap unless necessary. (#5827)
+
 ## [1.30.0/0.52.0/0.6.0/0.0.9] 2024-09-09
 
 ### Added
@@ -3081,7 +3110,8 @@ It contains api and sdk for trace and meter.
 - CircleCI build CI manifest files.
 - CODEOWNERS file to track owners of this project.
 
-[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...HEAD
+[Unreleased]: https://github.com/open-telemetry/opentelemetry-go/compare/v1.31.0...HEAD
+[1.31.0/0.53.0/0.7.0/0.0.10]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.31.0
 [1.30.0/0.52.0/0.6.0/0.0.9]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.30.0
 [1.29.0/0.51.0/0.5.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.29.0
 [1.28.0/0.50.0/0.4.0]: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.28.0
diff --git a/vendor/go.opentelemetry.io/otel/CODEOWNERS b/vendor/go.opentelemetry.io/otel/CODEOWNERS
index 5904bb7070..945a07d2b0 100644
--- a/vendor/go.opentelemetry.io/otel/CODEOWNERS
+++ b/vendor/go.opentelemetry.io/otel/CODEOWNERS
@@ -12,6 +12,6 @@
 #  https://help.github.com/en/articles/about-code-owners
 #
 
-* @MrAlias @XSAM @dashpole @MadVikingGod @pellared @hanyuancheung @dmathieu
+* @MrAlias @XSAM @dashpole @pellared @dmathieu
 
-CODEOWNERS @MrAlias @MadVikingGod @pellared @dashpole @XSAM @dmathieu
+CODEOWNERS @MrAlias @pellared @dashpole @XSAM @dmathieu
diff --git a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
index 9158072535..bb33965574 100644
--- a/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
+++ b/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md
@@ -631,11 +631,8 @@ should be canceled.
 
 ### Approvers
 
-- [Chester Cheung](https://github.com/hanyuancheung), Tencent
-
 ### Maintainers
 
-- [Aaron Clawson](https://github.com/MadVikingGod), LightStep
 - [Damien Mathieu](https://github.com/dmathieu), Elastic
 - [David Ashpole](https://github.com/dashpole), Google
 - [Robert Pająk](https://github.com/pellared), Splunk
@@ -644,11 +641,13 @@ should be canceled.
 
 ### Emeritus
 
-- [Liz Fong-Jones](https://github.com/lizthegrey), Honeycomb
-- [Gustavo Silva Paiva](https://github.com/paivagustavo), LightStep
-- [Josh MacDonald](https://github.com/jmacd), LightStep
+- [Aaron Clawson](https://github.com/MadVikingGod), LightStep
 - [Anthony Mirabella](https://github.com/Aneurysm9), AWS
+- [Chester Cheung](https://github.com/hanyuancheung), Tencent
 - [Evan Torrie](https://github.com/evantorrie), Yahoo
+- [Gustavo Silva Paiva](https://github.com/paivagustavo), LightStep
+- [Josh MacDonald](https://github.com/jmacd), LightStep
+- [Liz Fong-Jones](https://github.com/lizthegrey), Honeycomb
 
 ### Become an Approver or a Maintainer
 
diff --git a/vendor/go.opentelemetry.io/otel/Makefile b/vendor/go.opentelemetry.io/otel/Makefile
index b04695b242..a1228a2124 100644
--- a/vendor/go.opentelemetry.io/otel/Makefile
+++ b/vendor/go.opentelemetry.io/otel/Makefile
@@ -54,9 +54,6 @@ $(TOOLS)/stringer: PACKAGE=golang.org/x/tools/cmd/stringer
 PORTO = $(TOOLS)/porto
 $(TOOLS)/porto: PACKAGE=github.com/jcchavezs/porto/cmd/porto
 
-GOJQ = $(TOOLS)/gojq
-$(TOOLS)/gojq: PACKAGE=github.com/itchyny/gojq/cmd/gojq
-
 GOTMPL = $(TOOLS)/gotmpl
 $(GOTMPL): PACKAGE=go.opentelemetry.io/build-tools/gotmpl
 
@@ -67,7 +64,7 @@ GOVULNCHECK = $(TOOLS)/govulncheck
 $(TOOLS)/govulncheck: PACKAGE=golang.org/x/vuln/cmd/govulncheck
 
 .PHONY: tools
-tools: $(CROSSLINK) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(GOJQ) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE)
+tools: $(CROSSLINK) $(GOLANGCI_LINT) $(MISSPELL) $(GOCOVMERGE) $(STRINGER) $(PORTO) $(SEMCONVGEN) $(MULTIMOD) $(SEMCONVKIT) $(GOTMPL) $(GORELEASE)
 
 # Virtualized python tools via docker
 
diff --git a/vendor/go.opentelemetry.io/otel/README.md b/vendor/go.opentelemetry.io/otel/README.md
index 9a65707038..efec278905 100644
--- a/vendor/go.opentelemetry.io/otel/README.md
+++ b/vendor/go.opentelemetry.io/otel/README.md
@@ -89,8 +89,8 @@ If you need to extend the telemetry an instrumentation library provides or want
 to build your own instrumentation for your application directly you will need
 to use the
 [Go otel](https://pkg.go.dev/go.opentelemetry.io/otel)
-package. The included [examples](./example/) are a good way to see some
-practical uses of this process.
+package. The [examples](https://github.com/open-telemetry/opentelemetry-go-contrib/tree/main/examples)
+are a good way to see some practical uses of this process.
 
 ### Export
 
diff --git a/vendor/go.opentelemetry.io/otel/RELEASING.md b/vendor/go.opentelemetry.io/otel/RELEASING.md
index 59992984d4..ffa9b61258 100644
--- a/vendor/go.opentelemetry.io/otel/RELEASING.md
+++ b/vendor/go.opentelemetry.io/otel/RELEASING.md
@@ -111,17 +111,6 @@ It is critical you make sure the version you push upstream is correct.
 Finally create a Release for the new `<new tag>` on GitHub.
 The release body should include all the release notes from the Changelog for this release.
 
-## Verify Examples
-
-After releasing verify that examples build outside of the repository.
-
-```
-./verify_examples.sh
-```
-
-The script copies examples into a different directory removes any `replace` declarations in `go.mod` and builds them.
-This ensures they build with the published release, not the local copy.
-
 ## Post-Release
 
 ### Contrib Repository
diff --git a/vendor/go.opentelemetry.io/otel/attribute/set.go b/vendor/go.opentelemetry.io/otel/attribute/set.go
index bff9c7fdbb..6cbefceadf 100644
--- a/vendor/go.opentelemetry.io/otel/attribute/set.go
+++ b/vendor/go.opentelemetry.io/otel/attribute/set.go
@@ -347,45 +347,25 @@ func computeDistinct(kvs []KeyValue) Distinct {
 func computeDistinctFixed(kvs []KeyValue) interface{} {
 	switch len(kvs) {
 	case 1:
-		ptr := new([1]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [1]KeyValue(kvs)
 	case 2:
-		ptr := new([2]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [2]KeyValue(kvs)
 	case 3:
-		ptr := new([3]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [3]KeyValue(kvs)
 	case 4:
-		ptr := new([4]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [4]KeyValue(kvs)
 	case 5:
-		ptr := new([5]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [5]KeyValue(kvs)
 	case 6:
-		ptr := new([6]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [6]KeyValue(kvs)
 	case 7:
-		ptr := new([7]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [7]KeyValue(kvs)
 	case 8:
-		ptr := new([8]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [8]KeyValue(kvs)
 	case 9:
-		ptr := new([9]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [9]KeyValue(kvs)
 	case 10:
-		ptr := new([10]KeyValue)
-		copy((*ptr)[:], kvs)
-		return *ptr
+		return [10]KeyValue(kvs)
 	default:
 		return nil
 	}
diff --git a/vendor/go.opentelemetry.io/otel/internal/global/meter.go b/vendor/go.opentelemetry.io/otel/internal/global/meter.go
index f2fc3929b1..e3db438a09 100644
--- a/vendor/go.opentelemetry.io/otel/internal/global/meter.go
+++ b/vendor/go.opentelemetry.io/otel/internal/global/meter.go
@@ -152,14 +152,17 @@ func (m *meter) Int64Counter(name string, options ...metric.Int64CounterOption)
 		return m.delegate.Int64Counter(name, options...)
 	}
 
-	i := &siCounter{name: name, opts: options}
 	cfg := metric.NewInt64CounterConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*siCounter)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Int64Counter), nil
+	}
+	i := &siCounter{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -172,14 +175,17 @@ func (m *meter) Int64UpDownCounter(name string, options ...metric.Int64UpDownCou
 		return m.delegate.Int64UpDownCounter(name, options...)
 	}
 
-	i := &siUpDownCounter{name: name, opts: options}
 	cfg := metric.NewInt64UpDownCounterConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*siUpDownCounter)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Int64UpDownCounter), nil
+	}
+	i := &siUpDownCounter{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -192,14 +198,17 @@ func (m *meter) Int64Histogram(name string, options ...metric.Int64HistogramOpti
 		return m.delegate.Int64Histogram(name, options...)
 	}
 
-	i := &siHistogram{name: name, opts: options}
 	cfg := metric.NewInt64HistogramConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*siHistogram)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Int64Histogram), nil
+	}
+	i := &siHistogram{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -212,14 +221,17 @@ func (m *meter) Int64Gauge(name string, options ...metric.Int64GaugeOption) (met
 		return m.delegate.Int64Gauge(name, options...)
 	}
 
-	i := &siGauge{name: name, opts: options}
 	cfg := metric.NewInt64GaugeConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*siGauge)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Int64Gauge), nil
+	}
+	i := &siGauge{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -232,14 +244,17 @@ func (m *meter) Int64ObservableCounter(name string, options ...metric.Int64Obser
 		return m.delegate.Int64ObservableCounter(name, options...)
 	}
 
-	i := &aiCounter{name: name, opts: options}
 	cfg := metric.NewInt64ObservableCounterConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*aiCounter)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Int64ObservableCounter), nil
+	}
+	i := &aiCounter{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -252,14 +267,17 @@ func (m *meter) Int64ObservableUpDownCounter(name string, options ...metric.Int6
 		return m.delegate.Int64ObservableUpDownCounter(name, options...)
 	}
 
-	i := &aiUpDownCounter{name: name, opts: options}
 	cfg := metric.NewInt64ObservableUpDownCounterConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*aiUpDownCounter)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Int64ObservableUpDownCounter), nil
+	}
+	i := &aiUpDownCounter{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -272,14 +290,17 @@ func (m *meter) Int64ObservableGauge(name string, options ...metric.Int64Observa
 		return m.delegate.Int64ObservableGauge(name, options...)
 	}
 
-	i := &aiGauge{name: name, opts: options}
 	cfg := metric.NewInt64ObservableGaugeConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*aiGauge)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Int64ObservableGauge), nil
+	}
+	i := &aiGauge{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -292,14 +313,17 @@ func (m *meter) Float64Counter(name string, options ...metric.Float64CounterOpti
 		return m.delegate.Float64Counter(name, options...)
 	}
 
-	i := &sfCounter{name: name, opts: options}
 	cfg := metric.NewFloat64CounterConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*sfCounter)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Float64Counter), nil
+	}
+	i := &sfCounter{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -312,14 +336,17 @@ func (m *meter) Float64UpDownCounter(name string, options ...metric.Float64UpDow
 		return m.delegate.Float64UpDownCounter(name, options...)
 	}
 
-	i := &sfUpDownCounter{name: name, opts: options}
 	cfg := metric.NewFloat64UpDownCounterConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*sfUpDownCounter)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Float64UpDownCounter), nil
+	}
+	i := &sfUpDownCounter{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -332,14 +359,17 @@ func (m *meter) Float64Histogram(name string, options ...metric.Float64Histogram
 		return m.delegate.Float64Histogram(name, options...)
 	}
 
-	i := &sfHistogram{name: name, opts: options}
 	cfg := metric.NewFloat64HistogramConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*sfHistogram)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Float64Histogram), nil
+	}
+	i := &sfHistogram{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -352,14 +382,17 @@ func (m *meter) Float64Gauge(name string, options ...metric.Float64GaugeOption)
 		return m.delegate.Float64Gauge(name, options...)
 	}
 
-	i := &sfGauge{name: name, opts: options}
 	cfg := metric.NewFloat64GaugeConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*sfGauge)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Float64Gauge), nil
+	}
+	i := &sfGauge{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -372,14 +405,17 @@ func (m *meter) Float64ObservableCounter(name string, options ...metric.Float64O
 		return m.delegate.Float64ObservableCounter(name, options...)
 	}
 
-	i := &afCounter{name: name, opts: options}
 	cfg := metric.NewFloat64ObservableCounterConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*afCounter)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Float64ObservableCounter), nil
+	}
+	i := &afCounter{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -392,14 +428,17 @@ func (m *meter) Float64ObservableUpDownCounter(name string, options ...metric.Fl
 		return m.delegate.Float64ObservableUpDownCounter(name, options...)
 	}
 
-	i := &afUpDownCounter{name: name, opts: options}
 	cfg := metric.NewFloat64ObservableUpDownCounterConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*afUpDownCounter)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Float64ObservableUpDownCounter), nil
+	}
+	i := &afUpDownCounter{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -412,14 +451,17 @@ func (m *meter) Float64ObservableGauge(name string, options ...metric.Float64Obs
 		return m.delegate.Float64ObservableGauge(name, options...)
 	}
 
-	i := &afGauge{name: name, opts: options}
 	cfg := metric.NewFloat64ObservableGaugeConfig(options...)
 	id := instID{
 		name:        name,
-		kind:        reflect.TypeOf(i),
+		kind:        reflect.TypeOf((*afGauge)(nil)),
 		description: cfg.Description(),
 		unit:        cfg.Unit(),
 	}
+	if f, ok := m.instruments[id]; ok {
+		return f.(metric.Float64ObservableGauge), nil
+	}
+	i := &afGauge{name: name, opts: options}
 	m.instruments[id] = i
 	return i, nil
 }
@@ -487,6 +529,7 @@ func (c *registration) setDelegate(m metric.Meter) {
 	reg, err := m.RegisterCallback(c.function, insts...)
 	if err != nil {
 		GetErrorHandler().Handle(err)
+		return
 	}
 
 	c.unreg = reg.Unregister
diff --git a/vendor/go.opentelemetry.io/otel/internal/rawhelpers.go b/vendor/go.opentelemetry.io/otel/internal/rawhelpers.go
index 9b1da2c02b..b2fe3e41d3 100644
--- a/vendor/go.opentelemetry.io/otel/internal/rawhelpers.go
+++ b/vendor/go.opentelemetry.io/otel/internal/rawhelpers.go
@@ -20,7 +20,8 @@ func RawToBool(r uint64) bool {
 }
 
 func Int64ToRaw(i int64) uint64 {
-	return uint64(i)
+	// Assumes original was a valid int64 (overflow not checked).
+	return uint64(i) // nolint: gosec
 }
 
 func RawToInt64(r uint64) int64 {
diff --git a/vendor/go.opentelemetry.io/otel/metric/instrument.go b/vendor/go.opentelemetry.io/otel/metric/instrument.go
index ea52e40233..a535782e1d 100644
--- a/vendor/go.opentelemetry.io/otel/metric/instrument.go
+++ b/vendor/go.opentelemetry.io/otel/metric/instrument.go
@@ -351,7 +351,7 @@ func WithAttributeSet(attributes attribute.Set) MeasurementOption {
 //
 //	cp := make([]attribute.KeyValue, len(attributes))
 //	copy(cp, attributes)
-//	WithAttributes(attribute.NewSet(cp...))
+//	WithAttributeSet(attribute.NewSet(cp...))
 //
 // [attribute.NewSet] may modify the passed attributes so this will make a copy
 // of attributes before creating a set in order to ensure this function is
diff --git a/vendor/go.opentelemetry.io/otel/renovate.json b/vendor/go.opentelemetry.io/otel/renovate.json
index 4d36b98cf4..0a29a2f13d 100644
--- a/vendor/go.opentelemetry.io/otel/renovate.json
+++ b/vendor/go.opentelemetry.io/otel/renovate.json
@@ -23,6 +23,10 @@
     {
       "matchPackageNames": ["google.golang.org/genproto/googleapis/**"],
       "groupName": "googleapis"
+    },
+    {
+      "matchPackageNames": ["golang.org/x/**"],
+      "groupName": "golang.org/x"
     }
   ]
 }
diff --git a/vendor/go.opentelemetry.io/otel/verify_examples.sh b/vendor/go.opentelemetry.io/otel/verify_examples.sh
deleted file mode 100644
index e57bf57fce..0000000000
--- a/vendor/go.opentelemetry.io/otel/verify_examples.sh
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/bin/bash
-
-# Copyright The OpenTelemetry Authors
-# SPDX-License-Identifier: Apache-2.0
-
-set -euo pipefail
-
-cd $(dirname $0)
-TOOLS_DIR=$(pwd)/.tools
-
-if [ -z "${GOPATH}" ] ; then
-	printf "GOPATH is not defined.\n"
-	exit -1
-fi
-
-if [ ! -d "${GOPATH}" ] ; then
-	printf "GOPATH ${GOPATH} is invalid \n"
-	exit -1
-fi
-
-# Pre-requisites
-if ! git diff --quiet; then \
-	git status
-	printf "\n\nError: working tree is not clean\n"
-	exit -1
-fi
-
-if [ "$(git tag --contains $(git log -1 --pretty=format:"%H"))" = "" ] ; then
-	printf "$(git log -1)"
-	printf "\n\nError: HEAD is not pointing to a tagged version"
-fi
-
-make ${TOOLS_DIR}/gojq
-
-DIR_TMP="${GOPATH}/src/oteltmp/"
-rm -rf $DIR_TMP
-mkdir -p $DIR_TMP
-
-printf "Copy examples to ${DIR_TMP}\n"
-cp -a ./example ${DIR_TMP}
-
-# Update go.mod files
-printf "Update go.mod: rename module and remove replace\n"
-
-PACKAGE_DIRS=$(find . -mindepth 2 -type f -name 'go.mod' -exec dirname {} \; | egrep 'example' | sed 's/^\.\///' | sort)
-
-for dir in $PACKAGE_DIRS; do
-	printf "  Update go.mod for $dir\n"
-	(cd "${DIR_TMP}/${dir}" && \
-	 # replaces is ("mod1" "mod2" …)
-	 replaces=($(go mod edit -json | ${TOOLS_DIR}/gojq '.Replace[].Old.Path')) && \
-	 # strip double quotes
-	 replaces=("${replaces[@]%\"}") && \
-	 replaces=("${replaces[@]#\"}") && \
-	 # make an array (-dropreplace=mod1 -dropreplace=mod2 …)
-	 dropreplaces=("${replaces[@]/#/-dropreplace=}") && \
-	 go mod edit -module "oteltmp/${dir}" "${dropreplaces[@]}" && \
-	 go mod tidy)
-done
-printf "Update done:\n\n"
-
-# Build directories that contain main package. These directories are different than
-# directories that contain go.mod files.
-printf "Build examples:\n"
-EXAMPLES=$(./get_main_pkgs.sh ./example)
-for ex in $EXAMPLES; do
-	printf "  Build $ex in ${DIR_TMP}/${ex}\n"
-	(cd "${DIR_TMP}/${ex}" && \
-	 go build .)
-done
-
-# Cleanup
-printf "Remove copied files.\n"
-rm -rf $DIR_TMP
diff --git a/vendor/go.opentelemetry.io/otel/version.go b/vendor/go.opentelemetry.io/otel/version.go
index 78b40f3ed2..6d3c7b1f40 100644
--- a/vendor/go.opentelemetry.io/otel/version.go
+++ b/vendor/go.opentelemetry.io/otel/version.go
@@ -5,5 +5,5 @@ package otel // import "go.opentelemetry.io/otel"
 
 // Version is the current release version of OpenTelemetry in use.
 func Version() string {
-	return "1.30.0"
+	return "1.31.0"
 }
diff --git a/vendor/go.opentelemetry.io/otel/versions.yaml b/vendor/go.opentelemetry.io/otel/versions.yaml
index 0c32f4fc46..cdebdb5eb7 100644
--- a/vendor/go.opentelemetry.io/otel/versions.yaml
+++ b/vendor/go.opentelemetry.io/otel/versions.yaml
@@ -3,7 +3,7 @@
 
 module-sets:
   stable-v1:
-    version: v1.30.0
+    version: v1.31.0
     modules:
       - go.opentelemetry.io/otel
       - go.opentelemetry.io/otel/bridge/opencensus
@@ -29,12 +29,12 @@ module-sets:
       - go.opentelemetry.io/otel/sdk/metric
       - go.opentelemetry.io/otel/trace
   experimental-metrics:
-    version: v0.52.0
+    version: v0.53.0
     modules:
       - go.opentelemetry.io/otel/example/prometheus
       - go.opentelemetry.io/otel/exporters/prometheus
   experimental-logs:
-    version: v0.6.0
+    version: v0.7.0
     modules:
       - go.opentelemetry.io/otel/log
       - go.opentelemetry.io/otel/sdk/log
@@ -42,7 +42,7 @@ module-sets:
       - go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
       - go.opentelemetry.io/otel/exporters/stdout/stdoutlog
   experimental-schema:
-    version: v0.0.9
+    version: v0.0.10
     modules:
       - go.opentelemetry.io/otel/schema
 excluded-modules:
diff --git a/vendor/golang.org/x/net/http2/config.go b/vendor/golang.org/x/net/http2/config.go
new file mode 100644
index 0000000000..de58dfb8dc
--- /dev/null
+++ b/vendor/golang.org/x/net/http2/config.go
@@ -0,0 +1,122 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package http2
+
+import (
+	"math"
+	"net/http"
+	"time"
+)
+
+// http2Config is a package-internal version of net/http.HTTP2Config.
+//
+// http.HTTP2Config was added in Go 1.24.
+// When running with a version of net/http that includes HTTP2Config,
+// we merge the configuration with the fields in Transport or Server
+// to produce an http2Config.
+//
+// Zero valued fields in http2Config are interpreted as in the
+// net/http.HTTPConfig documentation.
+//
+// Precedence order for reconciling configurations is:
+//
+//   - Use the net/http.{Server,Transport}.HTTP2Config value, when non-zero.
+//   - Otherwise use the http2.{Server.Transport} value.
+//   - If the resulting value is zero or out of range, use a default.
+type http2Config struct {
+	MaxConcurrentStreams         uint32
+	MaxDecoderHeaderTableSize    uint32
+	MaxEncoderHeaderTableSize    uint32
+	MaxReadFrameSize             uint32
+	MaxUploadBufferPerConnection int32
+	MaxUploadBufferPerStream     int32
+	SendPingTimeout              time.Duration
+	PingTimeout                  time.Duration
+	WriteByteTimeout             time.Duration
+	PermitProhibitedCipherSuites bool
+	CountError                   func(errType string)
+}
+
+// configFromServer merges configuration settings from
+// net/http.Server.HTTP2Config and http2.Server.
+func configFromServer(h1 *http.Server, h2 *Server) http2Config {
+	conf := http2Config{
+		MaxConcurrentStreams:         h2.MaxConcurrentStreams,
+		MaxEncoderHeaderTableSize:    h2.MaxEncoderHeaderTableSize,
+		MaxDecoderHeaderTableSize:    h2.MaxDecoderHeaderTableSize,
+		MaxReadFrameSize:             h2.MaxReadFrameSize,
+		MaxUploadBufferPerConnection: h2.MaxUploadBufferPerConnection,
+		MaxUploadBufferPerStream:     h2.MaxUploadBufferPerStream,
+		SendPingTimeout:              h2.ReadIdleTimeout,
+		PingTimeout:                  h2.PingTimeout,
+		WriteByteTimeout:             h2.WriteByteTimeout,
+		PermitProhibitedCipherSuites: h2.PermitProhibitedCipherSuites,
+		CountError:                   h2.CountError,
+	}
+	fillNetHTTPServerConfig(&conf, h1)
+	setConfigDefaults(&conf, true)
+	return conf
+}
+
+// configFromServer merges configuration settings from h2 and h2.t1.HTTP2
+// (the net/http Transport).
+func configFromTransport(h2 *Transport) http2Config {
+	conf := http2Config{
+		MaxEncoderHeaderTableSize: h2.MaxEncoderHeaderTableSize,
+		MaxDecoderHeaderTableSize: h2.MaxDecoderHeaderTableSize,
+		MaxReadFrameSize:          h2.MaxReadFrameSize,
+		SendPingTimeout:           h2.ReadIdleTimeout,
+		PingTimeout:               h2.PingTimeout,
+		WriteByteTimeout:          h2.WriteByteTimeout,
+	}
+
+	// Unlike most config fields, where out-of-range values revert to the default,
+	// Transport.MaxReadFrameSize clips.
+	if conf.MaxReadFrameSize < minMaxFrameSize {
+		conf.MaxReadFrameSize = minMaxFrameSize
+	} else if conf.MaxReadFrameSize > maxFrameSize {
+		conf.MaxReadFrameSize = maxFrameSize
+	}
+
+	if h2.t1 != nil {
+		fillNetHTTPTransportConfig(&conf, h2.t1)
+	}
+	setConfigDefaults(&conf, false)
+	return conf
+}
+
+func setDefault[T ~int | ~int32 | ~uint32 | ~int64](v *T, minval, maxval, defval T) {
+	if *v < minval || *v > maxval {
+		*v = defval
+	}
+}
+
+func setConfigDefaults(conf *http2Config, server bool) {
+	setDefault(&conf.MaxConcurrentStreams, 1, math.MaxUint32, defaultMaxStreams)
+	setDefault(&conf.MaxEncoderHeaderTableSize, 1, math.MaxUint32, initialHeaderTableSize)
+	setDefault(&conf.MaxDecoderHeaderTableSize, 1, math.MaxUint32, initialHeaderTableSize)
+	if server {
+		setDefault(&conf.MaxUploadBufferPerConnection, initialWindowSize, math.MaxInt32, 1<<20)
+	} else {
+		setDefault(&conf.MaxUploadBufferPerConnection, initialWindowSize, math.MaxInt32, transportDefaultConnFlow)
+	}
+	if server {
+		setDefault(&conf.MaxUploadBufferPerStream, 1, math.MaxInt32, 1<<20)
+	} else {
+		setDefault(&conf.MaxUploadBufferPerStream, 1, math.MaxInt32, transportDefaultStreamFlow)
+	}
+	setDefault(&conf.MaxReadFrameSize, minMaxFrameSize, maxFrameSize, defaultMaxReadFrameSize)
+	setDefault(&conf.PingTimeout, 1, math.MaxInt64, 15*time.Second)
+}
+
+// adjustHTTP1MaxHeaderSize converts a limit in bytes on the size of an HTTP/1 header
+// to an HTTP/2 MAX_HEADER_LIST_SIZE value.
+func adjustHTTP1MaxHeaderSize(n int64) int64 {
+	// http2's count is in a slightly different unit and includes 32 bytes per pair.
+	// So, take the net/http.Server value and pad it up a bit, assuming 10 headers.
+	const perFieldOverhead = 32 // per http2 spec
+	const typicalHeaders = 10   // conservative
+	return n + typicalHeaders*perFieldOverhead
+}
diff --git a/vendor/golang.org/x/net/http2/config_go124.go b/vendor/golang.org/x/net/http2/config_go124.go
new file mode 100644
index 0000000000..e3784123c8
--- /dev/null
+++ b/vendor/golang.org/x/net/http2/config_go124.go
@@ -0,0 +1,61 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.24
+
+package http2
+
+import "net/http"
+
+// fillNetHTTPServerConfig sets fields in conf from srv.HTTP2.
+func fillNetHTTPServerConfig(conf *http2Config, srv *http.Server) {
+	fillNetHTTPConfig(conf, srv.HTTP2)
+}
+
+// fillNetHTTPServerConfig sets fields in conf from tr.HTTP2.
+func fillNetHTTPTransportConfig(conf *http2Config, tr *http.Transport) {
+	fillNetHTTPConfig(conf, tr.HTTP2)
+}
+
+func fillNetHTTPConfig(conf *http2Config, h2 *http.HTTP2Config) {
+	if h2 == nil {
+		return
+	}
+	if h2.MaxConcurrentStreams != 0 {
+		conf.MaxConcurrentStreams = uint32(h2.MaxConcurrentStreams)
+	}
+	if h2.MaxEncoderHeaderTableSize != 0 {
+		conf.MaxEncoderHeaderTableSize = uint32(h2.MaxEncoderHeaderTableSize)
+	}
+	if h2.MaxDecoderHeaderTableSize != 0 {
+		conf.MaxDecoderHeaderTableSize = uint32(h2.MaxDecoderHeaderTableSize)
+	}
+	if h2.MaxConcurrentStreams != 0 {
+		conf.MaxConcurrentStreams = uint32(h2.MaxConcurrentStreams)
+	}
+	if h2.MaxReadFrameSize != 0 {
+		conf.MaxReadFrameSize = uint32(h2.MaxReadFrameSize)
+	}
+	if h2.MaxReceiveBufferPerConnection != 0 {
+		conf.MaxUploadBufferPerConnection = int32(h2.MaxReceiveBufferPerConnection)
+	}
+	if h2.MaxReceiveBufferPerStream != 0 {
+		conf.MaxUploadBufferPerStream = int32(h2.MaxReceiveBufferPerStream)
+	}
+	if h2.SendPingTimeout != 0 {
+		conf.SendPingTimeout = h2.SendPingTimeout
+	}
+	if h2.PingTimeout != 0 {
+		conf.PingTimeout = h2.PingTimeout
+	}
+	if h2.WriteByteTimeout != 0 {
+		conf.WriteByteTimeout = h2.WriteByteTimeout
+	}
+	if h2.PermitProhibitedCipherSuites {
+		conf.PermitProhibitedCipherSuites = true
+	}
+	if h2.CountError != nil {
+		conf.CountError = h2.CountError
+	}
+}
diff --git a/vendor/golang.org/x/net/http2/config_pre_go124.go b/vendor/golang.org/x/net/http2/config_pre_go124.go
new file mode 100644
index 0000000000..060fd6c64c
--- /dev/null
+++ b/vendor/golang.org/x/net/http2/config_pre_go124.go
@@ -0,0 +1,16 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.24
+
+package http2
+
+import "net/http"
+
+// Pre-Go 1.24 fallback.
+// The Server.HTTP2 and Transport.HTTP2 config fields were added in Go 1.24.
+
+func fillNetHTTPServerConfig(conf *http2Config, srv *http.Server) {}
+
+func fillNetHTTPTransportConfig(conf *http2Config, tr *http.Transport) {}
diff --git a/vendor/golang.org/x/net/http2/http2.go b/vendor/golang.org/x/net/http2/http2.go
index 003e649f30..7688c356b7 100644
--- a/vendor/golang.org/x/net/http2/http2.go
+++ b/vendor/golang.org/x/net/http2/http2.go
@@ -19,8 +19,9 @@ import (
 	"bufio"
 	"context"
 	"crypto/tls"
+	"errors"
 	"fmt"
-	"io"
+	"net"
 	"net/http"
 	"os"
 	"sort"
@@ -237,13 +238,19 @@ func (cw closeWaiter) Wait() {
 // Its buffered writer is lazily allocated as needed, to minimize
 // idle memory usage with many connections.
 type bufferedWriter struct {
-	_  incomparable
-	w  io.Writer     // immutable
-	bw *bufio.Writer // non-nil when data is buffered
+	_           incomparable
+	group       synctestGroupInterface // immutable
+	conn        net.Conn               // immutable
+	bw          *bufio.Writer          // non-nil when data is buffered
+	byteTimeout time.Duration          // immutable, WriteByteTimeout
 }
 
-func newBufferedWriter(w io.Writer) *bufferedWriter {
-	return &bufferedWriter{w: w}
+func newBufferedWriter(group synctestGroupInterface, conn net.Conn, timeout time.Duration) *bufferedWriter {
+	return &bufferedWriter{
+		group:       group,
+		conn:        conn,
+		byteTimeout: timeout,
+	}
 }
 
 // bufWriterPoolBufferSize is the size of bufio.Writer's
@@ -270,7 +277,7 @@ func (w *bufferedWriter) Available() int {
 func (w *bufferedWriter) Write(p []byte) (n int, err error) {
 	if w.bw == nil {
 		bw := bufWriterPool.Get().(*bufio.Writer)
-		bw.Reset(w.w)
+		bw.Reset((*bufferedWriterTimeoutWriter)(w))
 		w.bw = bw
 	}
 	return w.bw.Write(p)
@@ -288,6 +295,38 @@ func (w *bufferedWriter) Flush() error {
 	return err
 }
 
+type bufferedWriterTimeoutWriter bufferedWriter
+
+func (w *bufferedWriterTimeoutWriter) Write(p []byte) (n int, err error) {
+	return writeWithByteTimeout(w.group, w.conn, w.byteTimeout, p)
+}
+
+// writeWithByteTimeout writes to conn.
+// If more than timeout passes without any bytes being written to the connection,
+// the write fails.
+func writeWithByteTimeout(group synctestGroupInterface, conn net.Conn, timeout time.Duration, p []byte) (n int, err error) {
+	if timeout <= 0 {
+		return conn.Write(p)
+	}
+	for {
+		var now time.Time
+		if group == nil {
+			now = time.Now()
+		} else {
+			now = group.Now()
+		}
+		conn.SetWriteDeadline(now.Add(timeout))
+		nn, err := conn.Write(p[n:])
+		n += nn
+		if n == len(p) || nn == 0 || !errors.Is(err, os.ErrDeadlineExceeded) {
+			// Either we finished the write, made no progress, or hit the deadline.
+			// Whichever it is, we're done now.
+			conn.SetWriteDeadline(time.Time{})
+			return n, err
+		}
+	}
+}
+
 func mustUint31(v int32) uint32 {
 	if v < 0 || v > 2147483647 {
 		panic("out of range")
diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
index 6c349f3ec6..617b4a4762 100644
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@@ -29,6 +29,7 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"crypto/rand"
 	"crypto/tls"
 	"errors"
 	"fmt"
@@ -52,10 +53,14 @@ import (
 )
 
 const (
-	prefaceTimeout         = 10 * time.Second
-	firstSettingsTimeout   = 2 * time.Second // should be in-flight with preface anyway
-	handlerChunkWriteSize  = 4 << 10
-	defaultMaxStreams      = 250 // TODO: make this 100 as the GFE seems to?
+	prefaceTimeout        = 10 * time.Second
+	firstSettingsTimeout  = 2 * time.Second // should be in-flight with preface anyway
+	handlerChunkWriteSize = 4 << 10
+	defaultMaxStreams     = 250 // TODO: make this 100 as the GFE seems to?
+
+	// maxQueuedControlFrames is the maximum number of control frames like
+	// SETTINGS, PING and RST_STREAM that will be queued for writing before
+	// the connection is closed to prevent memory exhaustion attacks.
 	maxQueuedControlFrames = 10000
 )
 
@@ -127,6 +132,22 @@ type Server struct {
 	// If zero or negative, there is no timeout.
 	IdleTimeout time.Duration
 
+	// ReadIdleTimeout is the timeout after which a health check using a ping
+	// frame will be carried out if no frame is received on the connection.
+	// If zero, no health check is performed.
+	ReadIdleTimeout time.Duration
+
+	// PingTimeout is the timeout after which the connection will be closed
+	// if a response to a ping is not received.
+	// If zero, a default of 15 seconds is used.
+	PingTimeout time.Duration
+
+	// WriteByteTimeout is the timeout after which a connection will be
+	// closed if no data can be written to it. The timeout begins when data is
+	// available to write, and is extended whenever any bytes are written.
+	// If zero or negative, there is no timeout.
+	WriteByteTimeout time.Duration
+
 	// MaxUploadBufferPerConnection is the size of the initial flow
 	// control window for each connections. The HTTP/2 spec does not
 	// allow this to be smaller than 65535 or larger than 2^32-1.
@@ -189,57 +210,6 @@ func (s *Server) afterFunc(d time.Duration, f func()) timer {
 	return timeTimer{time.AfterFunc(d, f)}
 }
 
-func (s *Server) initialConnRecvWindowSize() int32 {
-	if s.MaxUploadBufferPerConnection >= initialWindowSize {
-		return s.MaxUploadBufferPerConnection
-	}
-	return 1 << 20
-}
-
-func (s *Server) initialStreamRecvWindowSize() int32 {
-	if s.MaxUploadBufferPerStream > 0 {
-		return s.MaxUploadBufferPerStream
-	}
-	return 1 << 20
-}
-
-func (s *Server) maxReadFrameSize() uint32 {
-	if v := s.MaxReadFrameSize; v >= minMaxFrameSize && v <= maxFrameSize {
-		return v
-	}
-	return defaultMaxReadFrameSize
-}
-
-func (s *Server) maxConcurrentStreams() uint32 {
-	if v := s.MaxConcurrentStreams; v > 0 {
-		return v
-	}
-	return defaultMaxStreams
-}
-
-func (s *Server) maxDecoderHeaderTableSize() uint32 {
-	if v := s.MaxDecoderHeaderTableSize; v > 0 {
-		return v
-	}
-	return initialHeaderTableSize
-}
-
-func (s *Server) maxEncoderHeaderTableSize() uint32 {
-	if v := s.MaxEncoderHeaderTableSize; v > 0 {
-		return v
-	}
-	return initialHeaderTableSize
-}
-
-// maxQueuedControlFrames is the maximum number of control frames like
-// SETTINGS, PING and RST_STREAM that will be queued for writing before
-// the connection is closed to prevent memory exhaustion attacks.
-func (s *Server) maxQueuedControlFrames() int {
-	// TODO: if anybody asks, add a Server field, and remember to define the
-	// behavior of negative values.
-	return maxQueuedControlFrames
-}
-
 type serverInternalState struct {
 	mu          sync.Mutex
 	activeConns map[*serverConn]struct{}
@@ -440,13 +410,15 @@ func (s *Server) serveConn(c net.Conn, opts *ServeConnOpts, newf func(*serverCon
 	baseCtx, cancel := serverConnBaseContext(c, opts)
 	defer cancel()
 
+	http1srv := opts.baseConfig()
+	conf := configFromServer(http1srv, s)
 	sc := &serverConn{
 		srv:                         s,
-		hs:                          opts.baseConfig(),
+		hs:                          http1srv,
 		conn:                        c,
 		baseCtx:                     baseCtx,
 		remoteAddrStr:               c.RemoteAddr().String(),
-		bw:                          newBufferedWriter(c),
+		bw:                          newBufferedWriter(s.group, c, conf.WriteByteTimeout),
 		handler:                     opts.handler(),
 		streams:                     make(map[uint32]*stream),
 		readFrameCh:                 make(chan readFrameResult),
@@ -456,9 +428,12 @@ func (s *Server) serveConn(c net.Conn, opts *ServeConnOpts, newf func(*serverCon
 		bodyReadCh:                  make(chan bodyReadMsg),         // buffering doesn't matter either way
 		doneServing:                 make(chan struct{}),
 		clientMaxStreams:            math.MaxUint32, // Section 6.5.2: "Initially, there is no limit to this value"
-		advMaxStreams:               s.maxConcurrentStreams(),
+		advMaxStreams:               conf.MaxConcurrentStreams,
 		initialStreamSendWindowSize: initialWindowSize,
+		initialStreamRecvWindowSize: conf.MaxUploadBufferPerStream,
 		maxFrameSize:                initialMaxFrameSize,
+		pingTimeout:                 conf.PingTimeout,
+		countErrorFunc:              conf.CountError,
 		serveG:                      newGoroutineLock(),
 		pushEnabled:                 true,
 		sawClientPreface:            opts.SawClientPreface,
@@ -491,15 +466,15 @@ func (s *Server) serveConn(c net.Conn, opts *ServeConnOpts, newf func(*serverCon
 	sc.flow.add(initialWindowSize)
 	sc.inflow.init(initialWindowSize)
 	sc.hpackEncoder = hpack.NewEncoder(&sc.headerWriteBuf)
-	sc.hpackEncoder.SetMaxDynamicTableSizeLimit(s.maxEncoderHeaderTableSize())
+	sc.hpackEncoder.SetMaxDynamicTableSizeLimit(conf.MaxEncoderHeaderTableSize)
 
 	fr := NewFramer(sc.bw, c)
-	if s.CountError != nil {
-		fr.countError = s.CountError
+	if conf.CountError != nil {
+		fr.countError = conf.CountError
 	}
-	fr.ReadMetaHeaders = hpack.NewDecoder(s.maxDecoderHeaderTableSize(), nil)
+	fr.ReadMetaHeaders = hpack.NewDecoder(conf.MaxDecoderHeaderTableSize, nil)
 	fr.MaxHeaderListSize = sc.maxHeaderListSize()
-	fr.SetMaxReadFrameSize(s.maxReadFrameSize())
+	fr.SetMaxReadFrameSize(conf.MaxReadFrameSize)
 	sc.framer = fr
 
 	if tc, ok := c.(connectionStater); ok {
@@ -532,7 +507,7 @@ func (s *Server) serveConn(c net.Conn, opts *ServeConnOpts, newf func(*serverCon
 			// So for now, do nothing here again.
 		}
 
-		if !s.PermitProhibitedCipherSuites && isBadCipher(sc.tlsState.CipherSuite) {
+		if !conf.PermitProhibitedCipherSuites && isBadCipher(sc.tlsState.CipherSuite) {
 			// "Endpoints MAY choose to generate a connection error
 			// (Section 5.4.1) of type INADEQUATE_SECURITY if one of
 			// the prohibited cipher suites are negotiated."
@@ -569,7 +544,7 @@ func (s *Server) serveConn(c net.Conn, opts *ServeConnOpts, newf func(*serverCon
 		opts.UpgradeRequest = nil
 	}
 
-	sc.serve()
+	sc.serve(conf)
 }
 
 func serverConnBaseContext(c net.Conn, opts *ServeConnOpts) (ctx context.Context, cancel func()) {
@@ -609,6 +584,7 @@ type serverConn struct {
 	tlsState         *tls.ConnectionState   // shared by all handlers, like net/http
 	remoteAddrStr    string
 	writeSched       WriteScheduler
+	countErrorFunc   func(errType string)
 
 	// Everything following is owned by the serve loop; use serveG.check():
 	serveG                      goroutineLock // used to verify funcs are on serve()
@@ -628,6 +604,7 @@ type serverConn struct {
 	streams                     map[uint32]*stream
 	unstartedHandlers           []unstartedHandler
 	initialStreamSendWindowSize int32
+	initialStreamRecvWindowSize int32
 	maxFrameSize                int32
 	peerMaxHeaderListSize       uint32            // zero means unknown (default)
 	canonHeader                 map[string]string // http2-lower-case -> Go-Canonical-Case
@@ -638,9 +615,14 @@ type serverConn struct {
 	inGoAway                    bool              // we've started to or sent GOAWAY
 	inFrameScheduleLoop         bool              // whether we're in the scheduleFrameWrite loop
 	needToSendGoAway            bool              // we need to schedule a GOAWAY frame write
+	pingSent                    bool
+	sentPingData                [8]byte
 	goAwayCode                  ErrCode
 	shutdownTimer               timer // nil until used
 	idleTimer                   timer // nil if unused
+	readIdleTimeout             time.Duration
+	pingTimeout                 time.Duration
+	readIdleTimer               timer // nil if unused
 
 	// Owned by the writeFrameAsync goroutine:
 	headerWriteBuf bytes.Buffer
@@ -655,11 +637,7 @@ func (sc *serverConn) maxHeaderListSize() uint32 {
 	if n <= 0 {
 		n = http.DefaultMaxHeaderBytes
 	}
-	// http2's count is in a slightly different unit and includes 32 bytes per pair.
-	// So, take the net/http.Server value and pad it up a bit, assuming 10 headers.
-	const perFieldOverhead = 32 // per http2 spec
-	const typicalHeaders = 10   // conservative
-	return uint32(n + typicalHeaders*perFieldOverhead)
+	return uint32(adjustHTTP1MaxHeaderSize(int64(n)))
 }
 
 func (sc *serverConn) curOpenStreams() uint32 {
@@ -923,7 +901,7 @@ func (sc *serverConn) notePanic() {
 	}
 }
 
-func (sc *serverConn) serve() {
+func (sc *serverConn) serve(conf http2Config) {
 	sc.serveG.check()
 	defer sc.notePanic()
 	defer sc.conn.Close()
@@ -937,18 +915,18 @@ func (sc *serverConn) serve() {
 
 	sc.writeFrame(FrameWriteRequest{
 		write: writeSettings{
-			{SettingMaxFrameSize, sc.srv.maxReadFrameSize()},
+			{SettingMaxFrameSize, conf.MaxReadFrameSize},
 			{SettingMaxConcurrentStreams, sc.advMaxStreams},
 			{SettingMaxHeaderListSize, sc.maxHeaderListSize()},
-			{SettingHeaderTableSize, sc.srv.maxDecoderHeaderTableSize()},
-			{SettingInitialWindowSize, uint32(sc.srv.initialStreamRecvWindowSize())},
+			{SettingHeaderTableSize, conf.MaxDecoderHeaderTableSize},
+			{SettingInitialWindowSize, uint32(sc.initialStreamRecvWindowSize)},
 		},
 	})
 	sc.unackedSettings++
 
 	// Each connection starts with initialWindowSize inflow tokens.
 	// If a higher value is configured, we add more tokens.
-	if diff := sc.srv.initialConnRecvWindowSize() - initialWindowSize; diff > 0 {
+	if diff := conf.MaxUploadBufferPerConnection - initialWindowSize; diff > 0 {
 		sc.sendWindowUpdate(nil, int(diff))
 	}
 
@@ -968,11 +946,18 @@ func (sc *serverConn) serve() {
 		defer sc.idleTimer.Stop()
 	}
 
+	if conf.SendPingTimeout > 0 {
+		sc.readIdleTimeout = conf.SendPingTimeout
+		sc.readIdleTimer = sc.srv.afterFunc(conf.SendPingTimeout, sc.onReadIdleTimer)
+		defer sc.readIdleTimer.Stop()
+	}
+
 	go sc.readFrames() // closed by defer sc.conn.Close above
 
 	settingsTimer := sc.srv.afterFunc(firstSettingsTimeout, sc.onSettingsTimer)
 	defer settingsTimer.Stop()
 
+	lastFrameTime := sc.srv.now()
 	loopNum := 0
 	for {
 		loopNum++
@@ -986,6 +971,7 @@ func (sc *serverConn) serve() {
 		case res := <-sc.wroteFrameCh:
 			sc.wroteFrame(res)
 		case res := <-sc.readFrameCh:
+			lastFrameTime = sc.srv.now()
 			// Process any written frames before reading new frames from the client since a
 			// written frame could have triggered a new stream to be started.
 			if sc.writingFrameAsync {
@@ -1017,6 +1003,8 @@ func (sc *serverConn) serve() {
 				case idleTimerMsg:
 					sc.vlogf("connection is idle")
 					sc.goAway(ErrCodeNo)
+				case readIdleTimerMsg:
+					sc.handlePingTimer(lastFrameTime)
 				case shutdownTimerMsg:
 					sc.vlogf("GOAWAY close timer fired; closing conn from %v", sc.conn.RemoteAddr())
 					return
@@ -1039,7 +1027,7 @@ func (sc *serverConn) serve() {
 		// If the peer is causing us to generate a lot of control frames,
 		// but not reading them from us, assume they are trying to make us
 		// run out of memory.
-		if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() {
+		if sc.queuedControlFrames > maxQueuedControlFrames {
 			sc.vlogf("http2: too many control frames in send queue, closing connection")
 			return
 		}
@@ -1055,12 +1043,39 @@ func (sc *serverConn) serve() {
 	}
 }
 
+func (sc *serverConn) handlePingTimer(lastFrameReadTime time.Time) {
+	if sc.pingSent {
+		sc.vlogf("timeout waiting for PING response")
+		sc.conn.Close()
+		return
+	}
+
+	pingAt := lastFrameReadTime.Add(sc.readIdleTimeout)
+	now := sc.srv.now()
+	if pingAt.After(now) {
+		// We received frames since arming the ping timer.
+		// Reset it for the next possible timeout.
+		sc.readIdleTimer.Reset(pingAt.Sub(now))
+		return
+	}
+
+	sc.pingSent = true
+	// Ignore crypto/rand.Read errors: It generally can't fail, and worse case if it does
+	// is we send a PING frame containing 0s.
+	_, _ = rand.Read(sc.sentPingData[:])
+	sc.writeFrame(FrameWriteRequest{
+		write: &writePing{data: sc.sentPingData},
+	})
+	sc.readIdleTimer.Reset(sc.pingTimeout)
+}
+
 type serverMessage int
 
 // Message values sent to serveMsgCh.
 var (
 	settingsTimerMsg    = new(serverMessage)
 	idleTimerMsg        = new(serverMessage)
+	readIdleTimerMsg    = new(serverMessage)
 	shutdownTimerMsg    = new(serverMessage)
 	gracefulShutdownMsg = new(serverMessage)
 	handlerDoneMsg      = new(serverMessage)
@@ -1068,6 +1083,7 @@ var (
 
 func (sc *serverConn) onSettingsTimer() { sc.sendServeMsg(settingsTimerMsg) }
 func (sc *serverConn) onIdleTimer()     { sc.sendServeMsg(idleTimerMsg) }
+func (sc *serverConn) onReadIdleTimer() { sc.sendServeMsg(readIdleTimerMsg) }
 func (sc *serverConn) onShutdownTimer() { sc.sendServeMsg(shutdownTimerMsg) }
 
 func (sc *serverConn) sendServeMsg(msg interface{}) {
@@ -1320,6 +1336,10 @@ func (sc *serverConn) wroteFrame(res frameWriteResult) {
 	sc.writingFrame = false
 	sc.writingFrameAsync = false
 
+	if res.err != nil {
+		sc.conn.Close()
+	}
+
 	wr := res.wr
 
 	if writeEndsStream(wr.write) {
@@ -1594,6 +1614,11 @@ func (sc *serverConn) processFrame(f Frame) error {
 func (sc *serverConn) processPing(f *PingFrame) error {
 	sc.serveG.check()
 	if f.IsAck() {
+		if sc.pingSent && sc.sentPingData == f.Data {
+			// This is a response to a PING we sent.
+			sc.pingSent = false
+			sc.readIdleTimer.Reset(sc.readIdleTimeout)
+		}
 		// 6.7 PING: " An endpoint MUST NOT respond to PING frames
 		// containing this flag."
 		return nil
@@ -2160,7 +2185,7 @@ func (sc *serverConn) newStream(id, pusherID uint32, state streamState) *stream
 	st.cw.Init()
 	st.flow.conn = &sc.flow // link to conn-level counter
 	st.flow.add(sc.initialStreamSendWindowSize)
-	st.inflow.init(sc.srv.initialStreamRecvWindowSize())
+	st.inflow.init(sc.initialStreamRecvWindowSize)
 	if sc.hs.WriteTimeout > 0 {
 		st.writeDeadline = sc.srv.afterFunc(sc.hs.WriteTimeout, st.onWriteTimeout)
 	}
@@ -3301,7 +3326,7 @@ func (sc *serverConn) countError(name string, err error) error {
 	if sc == nil || sc.srv == nil {
 		return err
 	}
-	f := sc.srv.CountError
+	f := sc.countErrorFunc
 	if f == nil {
 		return err
 	}
diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go
index 61f511f97a..0c5f64aa8b 100644
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@@ -25,7 +25,6 @@ import (
 	"net/http"
 	"net/http/httptrace"
 	"net/textproto"
-	"os"
 	"sort"
 	"strconv"
 	"strings"
@@ -227,40 +226,26 @@ func (t *Transport) contextWithTimeout(ctx context.Context, d time.Duration) (co
 }
 
 func (t *Transport) maxHeaderListSize() uint32 {
-	if t.MaxHeaderListSize == 0 {
+	n := int64(t.MaxHeaderListSize)
+	if t.t1 != nil && t.t1.MaxResponseHeaderBytes != 0 {
+		n = t.t1.MaxResponseHeaderBytes
+		if n > 0 {
+			n = adjustHTTP1MaxHeaderSize(n)
+		}
+	}
+	if n <= 0 {
 		return 10 << 20
 	}
-	if t.MaxHeaderListSize == 0xffffffff {
+	if n >= 0xffffffff {
 		return 0
 	}
-	return t.MaxHeaderListSize
-}
-
-func (t *Transport) maxFrameReadSize() uint32 {
-	if t.MaxReadFrameSize == 0 {
-		return 0 // use the default provided by the peer
-	}
-	if t.MaxReadFrameSize < minMaxFrameSize {
-		return minMaxFrameSize
-	}
-	if t.MaxReadFrameSize > maxFrameSize {
-		return maxFrameSize
-	}
-	return t.MaxReadFrameSize
+	return uint32(n)
 }
 
 func (t *Transport) disableCompression() bool {
 	return t.DisableCompression || (t.t1 != nil && t.t1.DisableCompression)
 }
 
-func (t *Transport) pingTimeout() time.Duration {
-	if t.PingTimeout == 0 {
-		return 15 * time.Second
-	}
-	return t.PingTimeout
-
-}
-
 // ConfigureTransport configures a net/http HTTP/1 Transport to use HTTP/2.
 // It returns an error if t1 has already been HTTP/2-enabled.
 //
@@ -370,11 +355,14 @@ type ClientConn struct {
 	lastActive      time.Time
 	lastIdle        time.Time // time last idle
 	// Settings from peer: (also guarded by wmu)
-	maxFrameSize           uint32
-	maxConcurrentStreams   uint32
-	peerMaxHeaderListSize  uint64
-	peerMaxHeaderTableSize uint32
-	initialWindowSize      uint32
+	maxFrameSize                uint32
+	maxConcurrentStreams        uint32
+	peerMaxHeaderListSize       uint64
+	peerMaxHeaderTableSize      uint32
+	initialWindowSize           uint32
+	initialStreamRecvWindowSize int32
+	readIdleTimeout             time.Duration
+	pingTimeout                 time.Duration
 
 	// reqHeaderMu is a 1-element semaphore channel controlling access to sending new requests.
 	// Write to reqHeaderMu to lock it, read from it to unlock.
@@ -499,6 +487,7 @@ func (cs *clientStream) closeReqBodyLocked() {
 }
 
 type stickyErrWriter struct {
+	group   synctestGroupInterface
 	conn    net.Conn
 	timeout time.Duration
 	err     *error
@@ -508,22 +497,9 @@ func (sew stickyErrWriter) Write(p []byte) (n int, err error) {
 	if *sew.err != nil {
 		return 0, *sew.err
 	}
-	for {
-		if sew.timeout != 0 {
-			sew.conn.SetWriteDeadline(time.Now().Add(sew.timeout))
-		}
-		nn, err := sew.conn.Write(p[n:])
-		n += nn
-		if n < len(p) && nn > 0 && errors.Is(err, os.ErrDeadlineExceeded) {
-			// Keep extending the deadline so long as we're making progress.
-			continue
-		}
-		if sew.timeout != 0 {
-			sew.conn.SetWriteDeadline(time.Time{})
-		}
-		*sew.err = err
-		return n, err
-	}
+	n, err = writeWithByteTimeout(sew.group, sew.conn, sew.timeout, p)
+	*sew.err = err
+	return n, err
 }
 
 // noCachedConnError is the concrete type of ErrNoCachedConn, which
@@ -758,44 +734,36 @@ func (t *Transport) expectContinueTimeout() time.Duration {
 	return t.t1.ExpectContinueTimeout
 }
 
-func (t *Transport) maxDecoderHeaderTableSize() uint32 {
-	if v := t.MaxDecoderHeaderTableSize; v > 0 {
-		return v
-	}
-	return initialHeaderTableSize
-}
-
-func (t *Transport) maxEncoderHeaderTableSize() uint32 {
-	if v := t.MaxEncoderHeaderTableSize; v > 0 {
-		return v
-	}
-	return initialHeaderTableSize
-}
-
 func (t *Transport) NewClientConn(c net.Conn) (*ClientConn, error) {
 	return t.newClientConn(c, t.disableKeepAlives())
 }
 
 func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, error) {
+	conf := configFromTransport(t)
 	cc := &ClientConn{
-		t:                     t,
-		tconn:                 c,
-		readerDone:            make(chan struct{}),
-		nextStreamID:          1,
-		maxFrameSize:          16 << 10,                    // spec default
-		initialWindowSize:     65535,                       // spec default
-		maxConcurrentStreams:  initialMaxConcurrentStreams, // "infinite", per spec. Use a smaller value until we have received server settings.
-		peerMaxHeaderListSize: 0xffffffffffffffff,          // "infinite", per spec. Use 2^64-1 instead.
-		streams:               make(map[uint32]*clientStream),
-		singleUse:             singleUse,
-		wantSettingsAck:       true,
-		pings:                 make(map[[8]byte]chan struct{}),
-		reqHeaderMu:           make(chan struct{}, 1),
-	}
+		t:                           t,
+		tconn:                       c,
+		readerDone:                  make(chan struct{}),
+		nextStreamID:                1,
+		maxFrameSize:                16 << 10, // spec default
+		initialWindowSize:           65535,    // spec default
+		initialStreamRecvWindowSize: conf.MaxUploadBufferPerStream,
+		maxConcurrentStreams:        initialMaxConcurrentStreams, // "infinite", per spec. Use a smaller value until we have received server settings.
+		peerMaxHeaderListSize:       0xffffffffffffffff,          // "infinite", per spec. Use 2^64-1 instead.
+		streams:                     make(map[uint32]*clientStream),
+		singleUse:                   singleUse,
+		wantSettingsAck:             true,
+		readIdleTimeout:             conf.SendPingTimeout,
+		pingTimeout:                 conf.PingTimeout,
+		pings:                       make(map[[8]byte]chan struct{}),
+		reqHeaderMu:                 make(chan struct{}, 1),
+	}
+	var group synctestGroupInterface
 	if t.transportTestHooks != nil {
 		t.markNewGoroutine()
 		t.transportTestHooks.newclientconn(cc)
 		c = cc.tconn
+		group = t.group
 	}
 	if VerboseLogs {
 		t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr())
@@ -807,24 +775,23 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
 	// TODO: adjust this writer size to account for frame size +
 	// MTU + crypto/tls record padding.
 	cc.bw = bufio.NewWriter(stickyErrWriter{
+		group:   group,
 		conn:    c,
-		timeout: t.WriteByteTimeout,
+		timeout: conf.WriteByteTimeout,
 		err:     &cc.werr,
 	})
 	cc.br = bufio.NewReader(c)
 	cc.fr = NewFramer(cc.bw, cc.br)
-	if t.maxFrameReadSize() != 0 {
-		cc.fr.SetMaxReadFrameSize(t.maxFrameReadSize())
-	}
+	cc.fr.SetMaxReadFrameSize(conf.MaxReadFrameSize)
 	if t.CountError != nil {
 		cc.fr.countError = t.CountError
 	}
-	maxHeaderTableSize := t.maxDecoderHeaderTableSize()
+	maxHeaderTableSize := conf.MaxDecoderHeaderTableSize
 	cc.fr.ReadMetaHeaders = hpack.NewDecoder(maxHeaderTableSize, nil)
 	cc.fr.MaxHeaderListSize = t.maxHeaderListSize()
 
 	cc.henc = hpack.NewEncoder(&cc.hbuf)
-	cc.henc.SetMaxDynamicTableSizeLimit(t.maxEncoderHeaderTableSize())
+	cc.henc.SetMaxDynamicTableSizeLimit(conf.MaxEncoderHeaderTableSize)
 	cc.peerMaxHeaderTableSize = initialHeaderTableSize
 
 	if cs, ok := c.(connectionStater); ok {
@@ -834,11 +801,9 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
 
 	initialSettings := []Setting{
 		{ID: SettingEnablePush, Val: 0},
-		{ID: SettingInitialWindowSize, Val: transportDefaultStreamFlow},
-	}
-	if max := t.maxFrameReadSize(); max != 0 {
-		initialSettings = append(initialSettings, Setting{ID: SettingMaxFrameSize, Val: max})
+		{ID: SettingInitialWindowSize, Val: uint32(cc.initialStreamRecvWindowSize)},
 	}
+	initialSettings = append(initialSettings, Setting{ID: SettingMaxFrameSize, Val: conf.MaxReadFrameSize})
 	if max := t.maxHeaderListSize(); max != 0 {
 		initialSettings = append(initialSettings, Setting{ID: SettingMaxHeaderListSize, Val: max})
 	}
@@ -848,8 +813,8 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
 
 	cc.bw.Write(clientPreface)
 	cc.fr.WriteSettings(initialSettings...)
-	cc.fr.WriteWindowUpdate(0, transportDefaultConnFlow)
-	cc.inflow.init(transportDefaultConnFlow + initialWindowSize)
+	cc.fr.WriteWindowUpdate(0, uint32(conf.MaxUploadBufferPerConnection))
+	cc.inflow.init(conf.MaxUploadBufferPerConnection + initialWindowSize)
 	cc.bw.Flush()
 	if cc.werr != nil {
 		cc.Close()
@@ -867,7 +832,7 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
 }
 
 func (cc *ClientConn) healthCheck() {
-	pingTimeout := cc.t.pingTimeout()
+	pingTimeout := cc.pingTimeout
 	// We don't need to periodically ping in the health check, because the readLoop of ClientConn will
 	// trigger the healthCheck again if there is no frame received.
 	ctx, cancel := cc.t.contextWithTimeout(context.Background(), pingTimeout)
@@ -2199,7 +2164,7 @@ type resAndError struct {
 func (cc *ClientConn) addStreamLocked(cs *clientStream) {
 	cs.flow.add(int32(cc.initialWindowSize))
 	cs.flow.setConnFlow(&cc.flow)
-	cs.inflow.init(transportDefaultStreamFlow)
+	cs.inflow.init(cc.initialStreamRecvWindowSize)
 	cs.ID = cc.nextStreamID
 	cc.nextStreamID += 2
 	cc.streams[cs.ID] = cs
@@ -2345,7 +2310,7 @@ func (cc *ClientConn) countReadFrameError(err error) {
 func (rl *clientConnReadLoop) run() error {
 	cc := rl.cc
 	gotSettings := false
-	readIdleTimeout := cc.t.ReadIdleTimeout
+	readIdleTimeout := cc.readIdleTimeout
 	var t timer
 	if readIdleTimeout != 0 {
 		t = cc.t.afterFunc(readIdleTimeout, cc.healthCheck)
diff --git a/vendor/golang.org/x/net/http2/write.go b/vendor/golang.org/x/net/http2/write.go
index 33f61398a1..6ff6bee7e9 100644
--- a/vendor/golang.org/x/net/http2/write.go
+++ b/vendor/golang.org/x/net/http2/write.go
@@ -131,6 +131,16 @@ func (se StreamError) writeFrame(ctx writeContext) error {
 
 func (se StreamError) staysWithinBuffer(max int) bool { return frameHeaderLen+4 <= max }
 
+type writePing struct {
+	data [8]byte
+}
+
+func (w writePing) writeFrame(ctx writeContext) error {
+	return ctx.Framer().WritePing(false, w.data)
+}
+
+func (w writePing) staysWithinBuffer(max int) bool { return frameHeaderLen+len(w.data) <= max }
+
 type writePingAck struct{ pf *PingFrame }
 
 func (w writePingAck) writeFrame(ctx writeContext) error {
diff --git a/vendor/golang.org/x/net/websocket/websocket.go b/vendor/golang.org/x/net/websocket/websocket.go
index 923a5780ec..ac76165ceb 100644
--- a/vendor/golang.org/x/net/websocket/websocket.go
+++ b/vendor/golang.org/x/net/websocket/websocket.go
@@ -8,7 +8,7 @@
 // This package currently lacks some features found in an alternative
 // and more actively maintained WebSocket package:
 //
-//	https://pkg.go.dev/nhooyr.io/websocket
+//	https://pkg.go.dev/github.com/coder/websocket
 package websocket // import "golang.org/x/net/websocket"
 
 import (
diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go
index 5bbb332174..109997d77c 100644
--- a/vendor/golang.org/x/oauth2/token.go
+++ b/vendor/golang.org/x/oauth2/token.go
@@ -49,6 +49,13 @@ type Token struct {
 	// mechanisms for that TokenSource will not be used.
 	Expiry time.Time `json:"expiry,omitempty"`
 
+	// ExpiresIn is the OAuth2 wire format "expires_in" field,
+	// which specifies how many seconds later the token expires,
+	// relative to an unknown time base approximately around "now".
+	// It is the application's responsibility to populate
+	// `Expiry` from `ExpiresIn` when required.
+	ExpiresIn int64 `json:"expires_in,omitempty"`
+
 	// raw optionally contains extra metadata from the server
 	// when updating a token.
 	raw interface{}
diff --git a/vendor/golang.org/x/sys/unix/README.md b/vendor/golang.org/x/sys/unix/README.md
index 7d3c060e12..6e08a76a71 100644
--- a/vendor/golang.org/x/sys/unix/README.md
+++ b/vendor/golang.org/x/sys/unix/README.md
@@ -156,7 +156,7 @@ from the generated architecture-specific files listed below, and merge these
 into a common file for each OS.
 
 The merge is performed in the following steps:
-1. Construct the set of common code that is idential in all architecture-specific files.
+1. Construct the set of common code that is identical in all architecture-specific files.
 2. Write this common code to the merged file.
 3. Remove the common code from all architecture-specific files.
 
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index e14b766a32..ac54ecaba0 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -656,7 +656,7 @@ errors=$(
 signals=$(
 	echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print $2 }' |
-	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
+	grep -E -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
 	sort
 )
 
@@ -666,7 +666,7 @@ echo '#include <errno.h>' | $CC -x c - -E -dM $ccflags |
 	sort >_error.grep
 echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print "^\t" $2 "[ \t]*=" }' |
-	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
+	grep -E -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
 	sort >_signal.grep
 
 echo '// mkerrors.sh' "$@"
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index 67ce6cef2d..6f15ba1eaf 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -360,7 +360,7 @@ func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int,
 	var status _C_int
 	var r Pid_t
 	err = ERESTART
-	// AIX wait4 may return with ERESTART errno, while the processus is still
+	// AIX wait4 may return with ERESTART errno, while the process is still
 	// active.
 	for err == ERESTART {
 		r, err = wait4(Pid_t(pid), &status, options, rusage)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 3f1d3d4cb2..f08abd434f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -1295,6 +1295,48 @@ func GetsockoptTCPInfo(fd, level, opt int) (*TCPInfo, error) {
 	return &value, err
 }
 
+// GetsockoptTCPCCVegasInfo returns algorithm specific congestion control information for a socket using the "vegas"
+// algorithm.
+//
+// The socket's congestion control algorighm can be retrieved via [GetsockoptString] with the [TCP_CONGESTION] option:
+//
+//	algo, err := unix.GetsockoptString(fd, unix.IPPROTO_TCP, unix.TCP_CONGESTION)
+func GetsockoptTCPCCVegasInfo(fd, level, opt int) (*TCPVegasInfo, error) {
+	var value [SizeofTCPCCInfo / 4]uint32 // ensure proper alignment
+	vallen := _Socklen(SizeofTCPCCInfo)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+	out := (*TCPVegasInfo)(unsafe.Pointer(&value[0]))
+	return out, err
+}
+
+// GetsockoptTCPCCDCTCPInfo returns algorithm specific congestion control information for a socket using the "dctp"
+// algorithm.
+//
+// The socket's congestion control algorighm can be retrieved via [GetsockoptString] with the [TCP_CONGESTION] option:
+//
+//	algo, err := unix.GetsockoptString(fd, unix.IPPROTO_TCP, unix.TCP_CONGESTION)
+func GetsockoptTCPCCDCTCPInfo(fd, level, opt int) (*TCPDCTCPInfo, error) {
+	var value [SizeofTCPCCInfo / 4]uint32 // ensure proper alignment
+	vallen := _Socklen(SizeofTCPCCInfo)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+	out := (*TCPDCTCPInfo)(unsafe.Pointer(&value[0]))
+	return out, err
+}
+
+// GetsockoptTCPCCBBRInfo returns algorithm specific congestion control information for a socket using the "bbr"
+// algorithm.
+//
+// The socket's congestion control algorighm can be retrieved via [GetsockoptString] with the [TCP_CONGESTION] option:
+//
+//	algo, err := unix.GetsockoptString(fd, unix.IPPROTO_TCP, unix.TCP_CONGESTION)
+func GetsockoptTCPCCBBRInfo(fd, level, opt int) (*TCPBBRInfo, error) {
+	var value [SizeofTCPCCInfo / 4]uint32 // ensure proper alignment
+	vallen := _Socklen(SizeofTCPCCInfo)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+	out := (*TCPBBRInfo)(unsafe.Pointer(&value[0]))
+	return out, err
+}
+
 // GetsockoptString returns the string value of the socket option opt for the
 // socket associated with fd at the given socket level.
 func GetsockoptString(fd, level, opt int) (string, error) {
@@ -1959,7 +2001,26 @@ func Getpgrp() (pid int) {
 //sysnb	Getpid() (pid int)
 //sysnb	Getppid() (ppid int)
 //sys	Getpriority(which int, who int) (prio int, err error)
-//sys	Getrandom(buf []byte, flags int) (n int, err error)
+
+func Getrandom(buf []byte, flags int) (n int, err error) {
+	vdsoRet, supported := vgetrandom(buf, uint32(flags))
+	if supported {
+		if vdsoRet < 0 {
+			return 0, errnoErr(syscall.Errno(-vdsoRet))
+		}
+		return vdsoRet, nil
+	}
+	var p *byte
+	if len(buf) > 0 {
+		p = &buf[0]
+	}
+	r, _, e := Syscall(SYS_GETRANDOM, uintptr(unsafe.Pointer(p)), uintptr(len(buf)), uintptr(flags))
+	if e != 0 {
+		return 0, errnoErr(e)
+	}
+	return int(r), nil
+}
+
 //sysnb	Getrusage(who int, rusage *Rusage) (err error)
 //sysnb	Getsid(pid int) (sid int, err error)
 //sysnb	Gettid() (tid int)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index cf2ee6c75e..745e5c7e6c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -182,3 +182,5 @@ func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error
 	}
 	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
 }
+
+const SYS_FSTATAT = SYS_NEWFSTATAT
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
index 3d0e98451f..dd2262a407 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@@ -214,3 +214,5 @@ func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error
 	}
 	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
 }
+
+const SYS_FSTATAT = SYS_NEWFSTATAT
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 6f5a288944..8cf3670bda 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -187,3 +187,5 @@ func RISCVHWProbe(pairs []RISCVHWProbePairs, set *CPUSet, flags uint) (err error
 	}
 	return riscvHWProbe(pairs, setSize, set, flags)
 }
+
+const SYS_FSTATAT = SYS_NEWFSTATAT
diff --git a/vendor/golang.org/x/sys/unix/vgetrandom_linux.go b/vendor/golang.org/x/sys/unix/vgetrandom_linux.go
new file mode 100644
index 0000000000..07ac8e09d1
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/vgetrandom_linux.go
@@ -0,0 +1,13 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && go1.24
+
+package unix
+
+import _ "unsafe"
+
+//go:linkname vgetrandom runtime.vgetrandom
+//go:noescape
+func vgetrandom(p []byte, flags uint32) (ret int, supported bool)
diff --git a/vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go b/vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go
new file mode 100644
index 0000000000..297e97bce9
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go
@@ -0,0 +1,11 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux || !go1.24
+
+package unix
+
+func vgetrandom(p []byte, flags uint32) (ret int, supported bool) {
+	return -1, false
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 01a70b2463..de3b462489 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -495,6 +495,7 @@ const (
 	BPF_F_TEST_REG_INVARIANTS                   = 0x80
 	BPF_F_TEST_RND_HI32                         = 0x4
 	BPF_F_TEST_RUN_ON_CPU                       = 0x1
+	BPF_F_TEST_SKB_CHECKSUM_COMPLETE            = 0x4
 	BPF_F_TEST_STATE_FREQ                       = 0x8
 	BPF_F_TEST_XDP_LIVE_FRAMES                  = 0x2
 	BPF_F_XDP_DEV_BOUND_ONLY                    = 0x40
@@ -1922,6 +1923,7 @@ const (
 	MNT_EXPIRE                                  = 0x4
 	MNT_FORCE                                   = 0x1
 	MNT_ID_REQ_SIZE_VER0                        = 0x18
+	MNT_ID_REQ_SIZE_VER1                        = 0x20
 	MODULE_INIT_COMPRESSED_FILE                 = 0x4
 	MODULE_INIT_IGNORE_MODVERSIONS              = 0x1
 	MODULE_INIT_IGNORE_VERMAGIC                 = 0x2
@@ -2187,7 +2189,7 @@ const (
 	NFT_REG_SIZE                                = 0x10
 	NFT_REJECT_ICMPX_MAX                        = 0x3
 	NFT_RT_MAX                                  = 0x4
-	NFT_SECMARK_CTX_MAXLEN                      = 0x100
+	NFT_SECMARK_CTX_MAXLEN                      = 0x1000
 	NFT_SET_MAXNAMELEN                          = 0x100
 	NFT_SOCKET_MAX                              = 0x3
 	NFT_TABLE_F_MASK                            = 0x7
@@ -2356,9 +2358,11 @@ const (
 	PERF_MEM_LVLNUM_IO                          = 0xa
 	PERF_MEM_LVLNUM_L1                          = 0x1
 	PERF_MEM_LVLNUM_L2                          = 0x2
+	PERF_MEM_LVLNUM_L2_MHB                      = 0x5
 	PERF_MEM_LVLNUM_L3                          = 0x3
 	PERF_MEM_LVLNUM_L4                          = 0x4
 	PERF_MEM_LVLNUM_LFB                         = 0xc
+	PERF_MEM_LVLNUM_MSC                         = 0x6
 	PERF_MEM_LVLNUM_NA                          = 0xf
 	PERF_MEM_LVLNUM_PMEM                        = 0xe
 	PERF_MEM_LVLNUM_RAM                         = 0xd
@@ -2431,6 +2435,7 @@ const (
 	PRIO_PGRP                                   = 0x1
 	PRIO_PROCESS                                = 0x0
 	PRIO_USER                                   = 0x2
+	PROCFS_IOCTL_MAGIC                          = 'f'
 	PROC_SUPER_MAGIC                            = 0x9fa0
 	PROT_EXEC                                   = 0x4
 	PROT_GROWSDOWN                              = 0x1000000
@@ -2933,11 +2938,12 @@ const (
 	RUSAGE_SELF                                 = 0x0
 	RUSAGE_THREAD                               = 0x1
 	RWF_APPEND                                  = 0x10
+	RWF_ATOMIC                                  = 0x40
 	RWF_DSYNC                                   = 0x2
 	RWF_HIPRI                                   = 0x1
 	RWF_NOAPPEND                                = 0x20
 	RWF_NOWAIT                                  = 0x8
-	RWF_SUPPORTED                               = 0x3f
+	RWF_SUPPORTED                               = 0x7f
 	RWF_SYNC                                    = 0x4
 	RWF_WRITE_LIFE_NOT_SET                      = 0x0
 	SCHED_BATCH                                 = 0x3
@@ -3210,6 +3216,7 @@ const (
 	STATX_ATTR_MOUNT_ROOT                       = 0x2000
 	STATX_ATTR_NODUMP                           = 0x40
 	STATX_ATTR_VERITY                           = 0x100000
+	STATX_ATTR_WRITE_ATOMIC                     = 0x400000
 	STATX_BASIC_STATS                           = 0x7ff
 	STATX_BLOCKS                                = 0x400
 	STATX_BTIME                                 = 0x800
@@ -3226,6 +3233,7 @@ const (
 	STATX_SUBVOL                                = 0x8000
 	STATX_TYPE                                  = 0x1
 	STATX_UID                                   = 0x8
+	STATX_WRITE_ATOMIC                          = 0x10000
 	STATX__RESERVED                             = 0x80000000
 	SYNC_FILE_RANGE_WAIT_AFTER                  = 0x4
 	SYNC_FILE_RANGE_WAIT_BEFORE                 = 0x1
@@ -3624,6 +3632,7 @@ const (
 	XDP_UMEM_PGOFF_COMPLETION_RING              = 0x180000000
 	XDP_UMEM_PGOFF_FILL_RING                    = 0x100000000
 	XDP_UMEM_REG                                = 0x4
+	XDP_UMEM_TX_METADATA_LEN                    = 0x4
 	XDP_UMEM_TX_SW_CSUM                         = 0x2
 	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
 	XDP_USE_NEED_WAKEUP                         = 0x8
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 684a5168da..8aa6d77c01 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -153,9 +153,14 @@ const (
 	NFDBITS                          = 0x20
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index 61d74b592d..da428f4253 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -153,9 +153,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index a28c9e3e89..bf45bfec78 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -150,9 +150,14 @@ const (
 	NFDBITS                          = 0x20
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index ab5d1fe8ea..71c67162b7 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -154,9 +154,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index c523090e7c..9476628fa0 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -154,9 +154,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 01e6ea7804..b9e85f3cf0 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -150,9 +150,14 @@ const (
 	NFDBITS                          = 0x20
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index 7aa610b1e7..a48b68a764 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -150,9 +150,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 92af771b44..ea00e8522a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -150,9 +150,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index b27ef5e6f1..91c6468717 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -150,9 +150,14 @@ const (
 	NFDBITS                          = 0x20
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index 237a2cefb3..8cbf38d639 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -152,9 +152,14 @@ const (
 	NL3                              = 0x300
 	NLDLY                            = 0x300
 	NOFLSH                           = 0x80000000
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x4
 	ONLCR                            = 0x2
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 4a5c555a36..a2df734191 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -152,9 +152,14 @@ const (
 	NL3                              = 0x300
 	NLDLY                            = 0x300
 	NOFLSH                           = 0x80000000
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x4
 	ONLCR                            = 0x2
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index a02fb49a5f..2479137923 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -152,9 +152,14 @@ const (
 	NL3                              = 0x300
 	NLDLY                            = 0x300
 	NOFLSH                           = 0x80000000
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x4
 	ONLCR                            = 0x2
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index e26a7c61b2..d265f146ee 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -150,9 +150,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index c48f7c2103..3f2d644396 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -150,9 +150,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index ad4b9aace7..5d8b727a1c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -155,9 +155,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 1bc1a5adb2..af30da5578 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -971,23 +971,6 @@ func Getpriority(which int, who int) (prio int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Getrusage(who int, rusage *Rusage) (err error) {
 	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index d3e38f681a..f485dbf456 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -341,6 +341,7 @@ const (
 	SYS_STATX                   = 332
 	SYS_IO_PGETEVENTS           = 333
 	SYS_RSEQ                    = 334
+	SYS_URETPROBE               = 335
 	SYS_PIDFD_SEND_SIGNAL       = 424
 	SYS_IO_URING_SETUP          = 425
 	SYS_IO_URING_ENTER          = 426
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index 6c778c2327..1893e2fe88 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -85,7 +85,7 @@ const (
 	SYS_SPLICE                  = 76
 	SYS_TEE                     = 77
 	SYS_READLINKAT              = 78
-	SYS_FSTATAT                 = 79
+	SYS_NEWFSTATAT              = 79
 	SYS_FSTAT                   = 80
 	SYS_SYNC                    = 81
 	SYS_FSYNC                   = 82
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index 37281cf51a..16a4017da0 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -84,6 +84,8 @@ const (
 	SYS_SPLICE                  = 76
 	SYS_TEE                     = 77
 	SYS_READLINKAT              = 78
+	SYS_NEWFSTATAT              = 79
+	SYS_FSTAT                   = 80
 	SYS_SYNC                    = 81
 	SYS_FSYNC                   = 82
 	SYS_FDATASYNC               = 83
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 9889f6a559..a5459e766f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -84,7 +84,7 @@ const (
 	SYS_SPLICE                  = 76
 	SYS_TEE                     = 77
 	SYS_READLINKAT              = 78
-	SYS_FSTATAT                 = 79
+	SYS_NEWFSTATAT              = 79
 	SYS_FSTAT                   = 80
 	SYS_SYNC                    = 81
 	SYS_FSYNC                   = 82
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 9f2550dc31..3a69e45496 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -87,31 +87,35 @@ type StatxTimestamp struct {
 }
 
 type Statx_t struct {
-	Mask             uint32
-	Blksize          uint32
-	Attributes       uint64
-	Nlink            uint32
-	Uid              uint32
-	Gid              uint32
-	Mode             uint16
-	_                [1]uint16
-	Ino              uint64
-	Size             uint64
-	Blocks           uint64
-	Attributes_mask  uint64
-	Atime            StatxTimestamp
-	Btime            StatxTimestamp
-	Ctime            StatxTimestamp
-	Mtime            StatxTimestamp
-	Rdev_major       uint32
-	Rdev_minor       uint32
-	Dev_major        uint32
-	Dev_minor        uint32
-	Mnt_id           uint64
-	Dio_mem_align    uint32
-	Dio_offset_align uint32
-	Subvol           uint64
-	_                [11]uint64
+	Mask                      uint32
+	Blksize                   uint32
+	Attributes                uint64
+	Nlink                     uint32
+	Uid                       uint32
+	Gid                       uint32
+	Mode                      uint16
+	_                         [1]uint16
+	Ino                       uint64
+	Size                      uint64
+	Blocks                    uint64
+	Attributes_mask           uint64
+	Atime                     StatxTimestamp
+	Btime                     StatxTimestamp
+	Ctime                     StatxTimestamp
+	Mtime                     StatxTimestamp
+	Rdev_major                uint32
+	Rdev_minor                uint32
+	Dev_major                 uint32
+	Dev_minor                 uint32
+	Mnt_id                    uint64
+	Dio_mem_align             uint32
+	Dio_offset_align          uint32
+	Subvol                    uint64
+	Atomic_write_unit_min     uint32
+	Atomic_write_unit_max     uint32
+	Atomic_write_segments_max uint32
+	_                         [1]uint32
+	_                         [9]uint64
 }
 
 type Fsid struct {
@@ -516,6 +520,29 @@ type TCPInfo struct {
 	Total_rto_time       uint32
 }
 
+type TCPVegasInfo struct {
+	Enabled uint32
+	Rttcnt  uint32
+	Rtt     uint32
+	Minrtt  uint32
+}
+
+type TCPDCTCPInfo struct {
+	Enabled  uint16
+	Ce_state uint16
+	Alpha    uint32
+	Ab_ecn   uint32
+	Ab_tot   uint32
+}
+
+type TCPBBRInfo struct {
+	Bw_lo       uint32
+	Bw_hi       uint32
+	Min_rtt     uint32
+	Pacing_gain uint32
+	Cwnd_gain   uint32
+}
+
 type CanFilter struct {
 	Id   uint32
 	Mask uint32
@@ -557,6 +584,7 @@ const (
 	SizeofICMPv6Filter      = 0x20
 	SizeofUcred             = 0xc
 	SizeofTCPInfo           = 0xf8
+	SizeofTCPCCInfo         = 0x14
 	SizeofCanFilter         = 0x8
 	SizeofTCPRepairOpt      = 0x8
 )
@@ -3766,7 +3794,7 @@ const (
 	ETHTOOL_MSG_PSE_GET                       = 0x24
 	ETHTOOL_MSG_PSE_SET                       = 0x25
 	ETHTOOL_MSG_RSS_GET                       = 0x26
-	ETHTOOL_MSG_USER_MAX                      = 0x2b
+	ETHTOOL_MSG_USER_MAX                      = 0x2c
 	ETHTOOL_MSG_KERNEL_NONE                   = 0x0
 	ETHTOOL_MSG_STRSET_GET_REPLY              = 0x1
 	ETHTOOL_MSG_LINKINFO_GET_REPLY            = 0x2
@@ -3806,7 +3834,7 @@ const (
 	ETHTOOL_MSG_MODULE_NTF                    = 0x24
 	ETHTOOL_MSG_PSE_GET_REPLY                 = 0x25
 	ETHTOOL_MSG_RSS_GET_REPLY                 = 0x26
-	ETHTOOL_MSG_KERNEL_MAX                    = 0x2b
+	ETHTOOL_MSG_KERNEL_MAX                    = 0x2c
 	ETHTOOL_FLAG_COMPACT_BITSETS              = 0x1
 	ETHTOOL_FLAG_OMIT_REPLY                   = 0x2
 	ETHTOOL_FLAG_STATS                        = 0x4
@@ -3951,7 +3979,7 @@ const (
 	ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL   = 0x17
 	ETHTOOL_A_COALESCE_USE_CQE_MODE_TX        = 0x18
 	ETHTOOL_A_COALESCE_USE_CQE_MODE_RX        = 0x19
-	ETHTOOL_A_COALESCE_MAX                    = 0x1c
+	ETHTOOL_A_COALESCE_MAX                    = 0x1e
 	ETHTOOL_A_PAUSE_UNSPEC                    = 0x0
 	ETHTOOL_A_PAUSE_HEADER                    = 0x1
 	ETHTOOL_A_PAUSE_AUTONEG                   = 0x2
@@ -4609,7 +4637,7 @@ const (
 	NL80211_ATTR_MAC_HINT                                   = 0xc8
 	NL80211_ATTR_MAC_MASK                                   = 0xd7
 	NL80211_ATTR_MAX_AP_ASSOC_STA                           = 0xca
-	NL80211_ATTR_MAX                                        = 0x14a
+	NL80211_ATTR_MAX                                        = 0x14c
 	NL80211_ATTR_MAX_CRIT_PROT_DURATION                     = 0xb4
 	NL80211_ATTR_MAX_CSA_COUNTERS                           = 0xce
 	NL80211_ATTR_MAX_MATCH_SETS                             = 0x85
@@ -5213,7 +5241,7 @@ const (
 	NL80211_FREQUENCY_ATTR_GO_CONCURRENT                    = 0xf
 	NL80211_FREQUENCY_ATTR_INDOOR_ONLY                      = 0xe
 	NL80211_FREQUENCY_ATTR_IR_CONCURRENT                    = 0xf
-	NL80211_FREQUENCY_ATTR_MAX                              = 0x20
+	NL80211_FREQUENCY_ATTR_MAX                              = 0x21
 	NL80211_FREQUENCY_ATTR_MAX_TX_POWER                     = 0x6
 	NL80211_FREQUENCY_ATTR_NO_10MHZ                         = 0x11
 	NL80211_FREQUENCY_ATTR_NO_160MHZ                        = 0xc
diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go
index 115341fba6..4e613cf633 100644
--- a/vendor/golang.org/x/sys/windows/dll_windows.go
+++ b/vendor/golang.org/x/sys/windows/dll_windows.go
@@ -65,7 +65,7 @@ func LoadDLL(name string) (dll *DLL, err error) {
 	return d, nil
 }
 
-// MustLoadDLL is like LoadDLL but panics if load operation failes.
+// MustLoadDLL is like LoadDLL but panics if load operation fails.
 func MustLoadDLL(name string) *DLL {
 	d, e := LoadDLL(name)
 	if e != nil {
diff --git a/vendor/golang.org/x/time/rate/rate.go b/vendor/golang.org/x/time/rate/rate.go
index 8f6c7f493f..93a798ab63 100644
--- a/vendor/golang.org/x/time/rate/rate.go
+++ b/vendor/golang.org/x/time/rate/rate.go
@@ -99,8 +99,9 @@ func (lim *Limiter) Tokens() float64 {
 // bursts of at most b tokens.
 func NewLimiter(r Limit, b int) *Limiter {
 	return &Limiter{
-		limit: r,
-		burst: b,
+		limit:  r,
+		burst:  b,
+		tokens: float64(b),
 	}
 }
 
@@ -344,18 +345,6 @@ func (lim *Limiter) reserveN(t time.Time, n int, maxFutureReserve time.Duration)
 			tokens:    n,
 			timeToAct: t,
 		}
-	} else if lim.limit == 0 {
-		var ok bool
-		if lim.burst >= n {
-			ok = true
-			lim.burst -= n
-		}
-		return Reservation{
-			ok:        ok,
-			lim:       lim,
-			tokens:    lim.burst,
-			timeToAct: t,
-		}
 	}
 
 	t, tokens := lim.advance(t)
diff --git a/vendor/golang.org/x/tools/LICENSE b/vendor/golang.org/x/tools/LICENSE
new file mode 100644
index 0000000000..2a7cf70da6
--- /dev/null
+++ b/vendor/golang.org/x/tools/LICENSE
@@ -0,0 +1,27 @@
+Copyright 2009 The Go Authors.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google LLC nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/tools/PATENTS b/vendor/golang.org/x/tools/PATENTS
new file mode 100644
index 0000000000..733099041f
--- /dev/null
+++ b/vendor/golang.org/x/tools/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/tools/txtar/archive.go b/vendor/golang.org/x/tools/txtar/archive.go
new file mode 100644
index 0000000000..fd95f1e64a
--- /dev/null
+++ b/vendor/golang.org/x/tools/txtar/archive.go
@@ -0,0 +1,140 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package txtar implements a trivial text-based file archive format.
+//
+// The goals for the format are:
+//
+//   - be trivial enough to create and edit by hand.
+//   - be able to store trees of text files describing go command test cases.
+//   - diff nicely in git history and code reviews.
+//
+// Non-goals include being a completely general archive format,
+// storing binary data, storing file modes, storing special files like
+// symbolic links, and so on.
+//
+// # Txtar format
+//
+// A txtar archive is zero or more comment lines and then a sequence of file entries.
+// Each file entry begins with a file marker line of the form "-- FILENAME --"
+// and is followed by zero or more file content lines making up the file data.
+// The comment or file content ends at the next file marker line.
+// The file marker line must begin with the three-byte sequence "-- "
+// and end with the three-byte sequence " --", but the enclosed
+// file name can be surrounding by additional white space,
+// all of which is stripped.
+//
+// If the txtar file is missing a trailing newline on the final line,
+// parsers should consider a final newline to be present anyway.
+//
+// There are no possible syntax errors in a txtar archive.
+package txtar
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"strings"
+)
+
+// An Archive is a collection of files.
+type Archive struct {
+	Comment []byte
+	Files   []File
+}
+
+// A File is a single file in an archive.
+type File struct {
+	Name string // name of file ("foo/bar.txt")
+	Data []byte // text content of file
+}
+
+// Format returns the serialized form of an Archive.
+// It is assumed that the Archive data structure is well-formed:
+// a.Comment and all a.File[i].Data contain no file marker lines,
+// and all a.File[i].Name is non-empty.
+func Format(a *Archive) []byte {
+	var buf bytes.Buffer
+	buf.Write(fixNL(a.Comment))
+	for _, f := range a.Files {
+		fmt.Fprintf(&buf, "-- %s --\n", f.Name)
+		buf.Write(fixNL(f.Data))
+	}
+	return buf.Bytes()
+}
+
+// ParseFile parses the named file as an archive.
+func ParseFile(file string) (*Archive, error) {
+	data, err := os.ReadFile(file)
+	if err != nil {
+		return nil, err
+	}
+	return Parse(data), nil
+}
+
+// Parse parses the serialized form of an Archive.
+// The returned Archive holds slices of data.
+func Parse(data []byte) *Archive {
+	a := new(Archive)
+	var name string
+	a.Comment, name, data = findFileMarker(data)
+	for name != "" {
+		f := File{name, nil}
+		f.Data, name, data = findFileMarker(data)
+		a.Files = append(a.Files, f)
+	}
+	return a
+}
+
+var (
+	newlineMarker = []byte("\n-- ")
+	marker        = []byte("-- ")
+	markerEnd     = []byte(" --")
+)
+
+// findFileMarker finds the next file marker in data,
+// extracts the file name, and returns the data before the marker,
+// the file name, and the data after the marker.
+// If there is no next marker, findFileMarker returns before = fixNL(data), name = "", after = nil.
+func findFileMarker(data []byte) (before []byte, name string, after []byte) {
+	var i int
+	for {
+		if name, after = isMarker(data[i:]); name != "" {
+			return data[:i], name, after
+		}
+		j := bytes.Index(data[i:], newlineMarker)
+		if j < 0 {
+			return fixNL(data), "", nil
+		}
+		i += j + 1 // positioned at start of new possible marker
+	}
+}
+
+// isMarker checks whether data begins with a file marker line.
+// If so, it returns the name from the line and the data after the line.
+// Otherwise it returns name == "" with an unspecified after.
+func isMarker(data []byte) (name string, after []byte) {
+	if !bytes.HasPrefix(data, marker) {
+		return "", nil
+	}
+	if i := bytes.IndexByte(data, '\n'); i >= 0 {
+		data, after = data[:i], data[i+1:]
+	}
+	if !(bytes.HasSuffix(data, markerEnd) && len(data) >= len(marker)+len(markerEnd)) {
+		return "", nil
+	}
+	return strings.TrimSpace(string(data[len(marker) : len(data)-len(markerEnd)])), after
+}
+
+// If data is empty or ends in \n, fixNL returns data.
+// Otherwise fixNL returns a new slice consisting of data with a final \n added.
+func fixNL(data []byte) []byte {
+	if len(data) == 0 || data[len(data)-1] == '\n' {
+		return data
+	}
+	d := make([]byte, len(data)+1)
+	copy(d, data)
+	d[len(data)] = '\n'
+	return d
+}
diff --git a/vendor/golang.org/x/tools/txtar/fs.go b/vendor/golang.org/x/tools/txtar/fs.go
new file mode 100644
index 0000000000..fc8df12c18
--- /dev/null
+++ b/vendor/golang.org/x/tools/txtar/fs.go
@@ -0,0 +1,257 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package txtar
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/fs"
+	"path"
+	"slices"
+	"time"
+)
+
+// FS returns the file system form of an Archive.
+// It returns an error if any of the file names in the archive
+// are not valid file system names.
+// The archive must not be modified while the FS is in use.
+//
+// If the file system detects that it has been modified, calls to the
+// file system return an ErrModified error.
+func FS(a *Archive) (fs.FS, error) {
+	// Create a filesystem with a root directory.
+	root := &node{fileinfo: fileinfo{path: ".", mode: readOnlyDir}}
+	fsys := &filesystem{a, map[string]*node{root.path: root}}
+
+	if err := initFiles(fsys); err != nil {
+		return nil, fmt.Errorf("cannot create fs.FS from txtar.Archive: %s", err)
+	}
+	return fsys, nil
+}
+
+const (
+	readOnly    fs.FileMode = 0o444 // read only mode
+	readOnlyDir             = readOnly | fs.ModeDir
+)
+
+// ErrModified indicates that file system returned by FS
+// noticed that the underlying archive has been modified
+// since the call to FS. Detection of modification is best effort,
+// to help diagnose misuse of the API, and is not guaranteed.
+var ErrModified error = errors.New("txtar.Archive has been modified during txtar.FS")
+
+// A filesystem is a simple in-memory file system for txtar archives,
+// represented as a map from valid path names to information about the
+// files or directories they represent.
+//
+// File system operations are read only. Modifications to the underlying
+// *Archive may race. To help prevent this, the filesystem tries
+// to detect modification during Open and return ErrModified if it
+// is able to detect a modification.
+type filesystem struct {
+	ar    *Archive
+	nodes map[string]*node
+}
+
+// node is a file or directory in the tree of a filesystem.
+type node struct {
+	fileinfo               // fs.FileInfo and fs.DirEntry implementation
+	idx      int           // index into ar.Files (for files)
+	entries  []fs.DirEntry // subdirectories and files (for directories)
+}
+
+var _ fs.FS = (*filesystem)(nil)
+var _ fs.DirEntry = (*node)(nil)
+
+// initFiles initializes fsys from fsys.ar.Files. Returns an error if there are any
+// invalid file names or collisions between file or directories.
+func initFiles(fsys *filesystem) error {
+	for idx, file := range fsys.ar.Files {
+		name := file.Name
+		if !fs.ValidPath(name) {
+			return fmt.Errorf("file %q is an invalid path", name)
+		}
+
+		n := &node{idx: idx, fileinfo: fileinfo{path: name, size: len(file.Data), mode: readOnly}}
+		if err := insert(fsys, n); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// insert adds node n as an entry to its parent directory within the filesystem.
+func insert(fsys *filesystem, n *node) error {
+	if m := fsys.nodes[n.path]; m != nil {
+		return fmt.Errorf("duplicate path %q", n.path)
+	}
+	fsys.nodes[n.path] = n
+
+	// fsys.nodes contains "." to prevent infinite loops.
+	parent, err := directory(fsys, path.Dir(n.path))
+	if err != nil {
+		return err
+	}
+	parent.entries = append(parent.entries, n)
+	return nil
+}
+
+// directory returns the directory node with the path dir and lazily-creates it
+// if it does not exist.
+func directory(fsys *filesystem, dir string) (*node, error) {
+	if m := fsys.nodes[dir]; m != nil && m.IsDir() {
+		return m, nil // pre-existing directory
+	}
+
+	n := &node{fileinfo: fileinfo{path: dir, mode: readOnlyDir}}
+	if err := insert(fsys, n); err != nil {
+		return nil, err
+	}
+	return n, nil
+}
+
+// dataOf returns the data associated with the file t.
+// May return ErrModified if fsys.ar has been modified.
+func dataOf(fsys *filesystem, n *node) ([]byte, error) {
+	if n.idx >= len(fsys.ar.Files) {
+		return nil, ErrModified
+	}
+
+	f := fsys.ar.Files[n.idx]
+	if f.Name != n.path || len(f.Data) != n.size {
+		return nil, ErrModified
+	}
+	return f.Data, nil
+}
+
+func (fsys *filesystem) Open(name string) (fs.File, error) {
+	if !fs.ValidPath(name) {
+		return nil, &fs.PathError{Op: "open", Path: name, Err: fs.ErrInvalid}
+	}
+
+	n := fsys.nodes[name]
+	switch {
+	case n == nil:
+		return nil, &fs.PathError{Op: "open", Path: name, Err: fs.ErrNotExist}
+	case n.IsDir():
+		return &openDir{fileinfo: n.fileinfo, entries: n.entries}, nil
+	default:
+		data, err := dataOf(fsys, n)
+		if err != nil {
+			return nil, err
+		}
+		return &openFile{fileinfo: n.fileinfo, data: data}, nil
+	}
+}
+
+func (fsys *filesystem) ReadFile(name string) ([]byte, error) {
+	file, err := fsys.Open(name)
+	if err != nil {
+		return nil, err
+	}
+	if file, ok := file.(*openFile); ok {
+		return slices.Clone(file.data), nil
+	}
+	return nil, &fs.PathError{Op: "read", Path: name, Err: fs.ErrInvalid}
+}
+
+// A fileinfo implements fs.FileInfo and fs.DirEntry for a given archive file.
+type fileinfo struct {
+	path string // unique path to the file or directory within a filesystem
+	size int
+	mode fs.FileMode
+}
+
+var _ fs.FileInfo = (*fileinfo)(nil)
+var _ fs.DirEntry = (*fileinfo)(nil)
+
+func (i *fileinfo) Name() string               { return path.Base(i.path) }
+func (i *fileinfo) Size() int64                { return int64(i.size) }
+func (i *fileinfo) Mode() fs.FileMode          { return i.mode }
+func (i *fileinfo) Type() fs.FileMode          { return i.mode.Type() }
+func (i *fileinfo) ModTime() time.Time         { return time.Time{} }
+func (i *fileinfo) IsDir() bool                { return i.mode&fs.ModeDir != 0 }
+func (i *fileinfo) Sys() any                   { return nil }
+func (i *fileinfo) Info() (fs.FileInfo, error) { return i, nil }
+
+// An openFile is a regular (non-directory) fs.File open for reading.
+type openFile struct {
+	fileinfo
+	data   []byte
+	offset int64
+}
+
+var _ fs.File = (*openFile)(nil)
+
+func (f *openFile) Stat() (fs.FileInfo, error) { return &f.fileinfo, nil }
+func (f *openFile) Close() error               { return nil }
+func (f *openFile) Read(b []byte) (int, error) {
+	if f.offset >= int64(len(f.data)) {
+		return 0, io.EOF
+	}
+	if f.offset < 0 {
+		return 0, &fs.PathError{Op: "read", Path: f.path, Err: fs.ErrInvalid}
+	}
+	n := copy(b, f.data[f.offset:])
+	f.offset += int64(n)
+	return n, nil
+}
+
+func (f *openFile) Seek(offset int64, whence int) (int64, error) {
+	switch whence {
+	case 0:
+		// offset += 0
+	case 1:
+		offset += f.offset
+	case 2:
+		offset += int64(len(f.data))
+	}
+	if offset < 0 || offset > int64(len(f.data)) {
+		return 0, &fs.PathError{Op: "seek", Path: f.path, Err: fs.ErrInvalid}
+	}
+	f.offset = offset
+	return offset, nil
+}
+
+func (f *openFile) ReadAt(b []byte, offset int64) (int, error) {
+	if offset < 0 || offset > int64(len(f.data)) {
+		return 0, &fs.PathError{Op: "read", Path: f.path, Err: fs.ErrInvalid}
+	}
+	n := copy(b, f.data[offset:])
+	if n < len(b) {
+		return n, io.EOF
+	}
+	return n, nil
+}
+
+// A openDir is a directory fs.File (so also an fs.ReadDirFile) open for reading.
+type openDir struct {
+	fileinfo
+	entries []fs.DirEntry
+	offset  int
+}
+
+var _ fs.ReadDirFile = (*openDir)(nil)
+
+func (d *openDir) Stat() (fs.FileInfo, error) { return &d.fileinfo, nil }
+func (d *openDir) Close() error               { return nil }
+func (d *openDir) Read(b []byte) (int, error) {
+	return 0, &fs.PathError{Op: "read", Path: d.path, Err: fs.ErrInvalid}
+}
+
+func (d *openDir) ReadDir(count int) ([]fs.DirEntry, error) {
+	n := len(d.entries) - d.offset
+	if n == 0 && count > 0 {
+		return nil, io.EOF
+	}
+	if count > 0 && n > count {
+		n = count
+	}
+	list := make([]fs.DirEntry, n)
+	copy(list, d.entries[d.offset:d.offset+n])
+	d.offset += n
+	return list, nil
+}
diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go
index fdd6fa86cc..924ba4f365 100644
--- a/vendor/google.golang.org/grpc/internal/transport/transport.go
+++ b/vendor/google.golang.org/grpc/internal/transport/transport.go
@@ -616,7 +616,7 @@ func (t *transportReader) ReadHeader(header []byte) (int, error) {
 		t.er = err
 		return 0, err
 	}
-	t.windowHandler(len(header))
+	t.windowHandler(n)
 	return n, nil
 }
 
diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go
index 187fbf1195..a96b6a6bff 100644
--- a/vendor/google.golang.org/grpc/version.go
+++ b/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
 package grpc
 
 // Version is the current grpc version.
-const Version = "1.67.0"
+const Version = "1.67.1"
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/decode.go b/vendor/google.golang.org/protobuf/encoding/protojson/decode.go
index bb2966e3b4..8f9e592f87 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/decode.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/decode.go
@@ -351,7 +351,7 @@ func (d decoder) unmarshalScalar(fd protoreflect.FieldDescriptor) (protoreflect.
 		panic(fmt.Sprintf("unmarshalScalar: invalid scalar kind %v", kind))
 	}
 
-	return protoreflect.Value{}, d.newError(tok.Pos(), "invalid value for %v type: %v", kind, tok.RawString())
+	return protoreflect.Value{}, d.newError(tok.Pos(), "invalid value for %v field %v: %v", kind, fd.JSONName(), tok.RawString())
 }
 
 func unmarshalInt(tok json.Token, bitSize int) (protoreflect.Value, bool) {
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/encode.go b/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
index 29846df222..0e72d85378 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/encode.go
@@ -216,9 +216,7 @@ func (m unpopulatedFieldRanger) Range(f func(protoreflect.FieldDescriptor, proto
 		}
 
 		v := m.Get(fd)
-		isProto2Scalar := fd.Syntax() == protoreflect.Proto2 && fd.Default().IsValid()
-		isSingularMessage := fd.Cardinality() != protoreflect.Repeated && fd.Message() != nil
-		if isProto2Scalar || isSingularMessage {
+		if fd.HasPresence() {
 			if m.skipNull {
 				continue
 			}
diff --git a/vendor/google.golang.org/protobuf/internal/descopts/options.go b/vendor/google.golang.org/protobuf/internal/descopts/options.go
index 8401be8c84..024ffebd3d 100644
--- a/vendor/google.golang.org/protobuf/internal/descopts/options.go
+++ b/vendor/google.golang.org/protobuf/internal/descopts/options.go
@@ -9,7 +9,7 @@
 // dependency on the descriptor proto package).
 package descopts
 
-import pref "google.golang.org/protobuf/reflect/protoreflect"
+import "google.golang.org/protobuf/reflect/protoreflect"
 
 // These variables are set by the init function in descriptor.pb.go via logic
 // in internal/filetype. In other words, so long as the descriptor proto package
@@ -17,13 +17,13 @@ import pref "google.golang.org/protobuf/reflect/protoreflect"
 //
 // Each variable is populated with a nil pointer to the options struct.
 var (
-	File           pref.ProtoMessage
-	Enum           pref.ProtoMessage
-	EnumValue      pref.ProtoMessage
-	Message        pref.ProtoMessage
-	Field          pref.ProtoMessage
-	Oneof          pref.ProtoMessage
-	ExtensionRange pref.ProtoMessage
-	Service        pref.ProtoMessage
-	Method         pref.ProtoMessage
+	File           protoreflect.ProtoMessage
+	Enum           protoreflect.ProtoMessage
+	EnumValue      protoreflect.ProtoMessage
+	Message        protoreflect.ProtoMessage
+	Field          protoreflect.ProtoMessage
+	Oneof          protoreflect.ProtoMessage
+	ExtensionRange protoreflect.ProtoMessage
+	Service        protoreflect.ProtoMessage
+	Method         protoreflect.ProtoMessage
 )
diff --git a/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go b/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go
index 029a6a12d7..08dad7692c 100644
--- a/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go
+++ b/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go
@@ -5,7 +5,7 @@
 // Package editionssupport defines constants for editions that are supported.
 package editionssupport
 
-import descriptorpb "google.golang.org/protobuf/types/descriptorpb"
+import "google.golang.org/protobuf/types/descriptorpb"
 
 const (
 	Minimum = descriptorpb.Edition_EDITION_PROTO2
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
index df53ff40b2..fa790e0ff1 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
@@ -258,6 +258,7 @@ type (
 		StringName       stringName
 		IsProto3Optional bool // promoted from google.protobuf.FieldDescriptorProto
 		IsWeak           bool // promoted from google.protobuf.FieldOptions
+		IsLazy           bool // promoted from google.protobuf.FieldOptions
 		Default          defaultValue
 		ContainingOneof  protoreflect.OneofDescriptor // must be consistent with Message.Oneofs.Fields
 		Enum             protoreflect.EnumDescriptor
@@ -351,6 +352,7 @@ func (fd *Field) IsPacked() bool {
 }
 func (fd *Field) IsExtension() bool { return false }
 func (fd *Field) IsWeak() bool      { return fd.L1.IsWeak }
+func (fd *Field) IsLazy() bool      { return fd.L1.IsLazy }
 func (fd *Field) IsList() bool      { return fd.Cardinality() == protoreflect.Repeated && !fd.IsMap() }
 func (fd *Field) IsMap() bool       { return fd.Message() != nil && fd.Message().IsMapEntry() }
 func (fd *Field) MapKey() protoreflect.FieldDescriptor {
@@ -425,6 +427,7 @@ type (
 		Extendee        protoreflect.MessageDescriptor
 		Cardinality     protoreflect.Cardinality
 		Kind            protoreflect.Kind
+		IsLazy          bool
 		EditionFeatures EditionFeatures
 	}
 	ExtensionL2 struct {
@@ -465,6 +468,7 @@ func (xd *Extension) IsPacked() bool {
 }
 func (xd *Extension) IsExtension() bool                      { return true }
 func (xd *Extension) IsWeak() bool                           { return false }
+func (xd *Extension) IsLazy() bool                           { return xd.L1.IsLazy }
 func (xd *Extension) IsList() bool                           { return xd.Cardinality() == protoreflect.Repeated }
 func (xd *Extension) IsMap() bool                            { return false }
 func (xd *Extension) MapKey() protoreflect.FieldDescriptor   { return nil }
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go
index 8a57d60b08..d2f549497e 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go
@@ -495,6 +495,8 @@ func (xd *Extension) unmarshalOptions(b []byte) {
 			switch num {
 			case genid.FieldOptions_Packed_field_number:
 				xd.L1.EditionFeatures.IsPacked = protowire.DecodeBool(v)
+			case genid.FieldOptions_Lazy_field_number:
+				xd.L1.IsLazy = protowire.DecodeBool(v)
 			}
 		case protowire.BytesType:
 			v, m := protowire.ConsumeBytes(b)
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
index e56c91a8db..67a51b327c 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
@@ -504,6 +504,8 @@ func (fd *Field) unmarshalOptions(b []byte) {
 				fd.L1.EditionFeatures.IsPacked = protowire.DecodeBool(v)
 			case genid.FieldOptions_Weak_field_number:
 				fd.L1.IsWeak = protowire.DecodeBool(v)
+			case genid.FieldOptions_Lazy_field_number:
+				fd.L1.IsLazy = protowire.DecodeBool(v)
 			case FieldOptions_EnforceUTF8:
 				fd.L1.EditionFeatures.IsUTF8Validated = protowire.DecodeBool(v)
 			}
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go
index 11f5f356b6..fd4d0c83d2 100644
--- a/vendor/google.golang.org/protobuf/internal/filedesc/editions.go
+++ b/vendor/google.golang.org/protobuf/internal/filedesc/editions.go
@@ -68,7 +68,7 @@ func unmarshalFeatureSet(b []byte, parent EditionFeatures) EditionFeatures {
 			v, m := protowire.ConsumeBytes(b)
 			b = b[m:]
 			switch num {
-			case genid.GoFeatures_LegacyUnmarshalJsonEnum_field_number:
+			case genid.FeatureSet_Go_ext_number:
 				parent = unmarshalGoFeature(v, parent)
 			}
 		}
diff --git a/vendor/google.golang.org/protobuf/internal/genid/doc.go b/vendor/google.golang.org/protobuf/internal/genid/doc.go
index 45ccd01211..d9b9d916a2 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/doc.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/doc.go
@@ -6,6 +6,6 @@
 // and the well-known types.
 package genid
 
-import protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+import "google.golang.org/protobuf/reflect/protoreflect"
 
 const GoogleProtobuf_package protoreflect.FullName = "google.protobuf"
diff --git a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go
index 9a652a2b42..7f67cbb6e9 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go
@@ -12,20 +12,25 @@ import (
 
 const File_google_protobuf_go_features_proto = "google/protobuf/go_features.proto"
 
-// Names for google.protobuf.GoFeatures.
+// Names for pb.GoFeatures.
 const (
 	GoFeatures_message_name     protoreflect.Name     = "GoFeatures"
-	GoFeatures_message_fullname protoreflect.FullName = "google.protobuf.GoFeatures"
+	GoFeatures_message_fullname protoreflect.FullName = "pb.GoFeatures"
 )
 
-// Field names for google.protobuf.GoFeatures.
+// Field names for pb.GoFeatures.
 const (
 	GoFeatures_LegacyUnmarshalJsonEnum_field_name protoreflect.Name = "legacy_unmarshal_json_enum"
 
-	GoFeatures_LegacyUnmarshalJsonEnum_field_fullname protoreflect.FullName = "google.protobuf.GoFeatures.legacy_unmarshal_json_enum"
+	GoFeatures_LegacyUnmarshalJsonEnum_field_fullname protoreflect.FullName = "pb.GoFeatures.legacy_unmarshal_json_enum"
 )
 
-// Field numbers for google.protobuf.GoFeatures.
+// Field numbers for pb.GoFeatures.
 const (
 	GoFeatures_LegacyUnmarshalJsonEnum_field_number protoreflect.FieldNumber = 1
 )
+
+// Extension numbers
+const (
+	FeatureSet_Go_ext_number protoreflect.FieldNumber = 1002
+)
diff --git a/vendor/google.golang.org/protobuf/internal/genid/map_entry.go b/vendor/google.golang.org/protobuf/internal/genid/map_entry.go
index 8f9ea02ff2..bef5a25fbb 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/map_entry.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/map_entry.go
@@ -4,7 +4,7 @@
 
 package genid
 
-import protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+import "google.golang.org/protobuf/reflect/protoreflect"
 
 // Generic field names and numbers for synthetic map entry messages.
 const (
diff --git a/vendor/google.golang.org/protobuf/internal/genid/wrappers.go b/vendor/google.golang.org/protobuf/internal/genid/wrappers.go
index 429384b85b..9404270de0 100644
--- a/vendor/google.golang.org/protobuf/internal/genid/wrappers.go
+++ b/vendor/google.golang.org/protobuf/internal/genid/wrappers.go
@@ -4,7 +4,7 @@
 
 package genid
 
-import protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+import "google.golang.org/protobuf/reflect/protoreflect"
 
 // Generic field name and number for messages in wrappers.proto.
 const (
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go b/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go
index 4bb0a7a20c..0d5b546e0e 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_extension.go
@@ -67,7 +67,6 @@ type lazyExtensionValue struct {
 	xi         *extensionFieldInfo
 	value      protoreflect.Value
 	b          []byte
-	fn         func() protoreflect.Value
 }
 
 type ExtensionField struct {
@@ -158,10 +157,9 @@ func (f *ExtensionField) lazyInit() {
 		}
 		f.lazy.value = val
 	} else {
-		f.lazy.value = f.lazy.fn()
+		panic("No support for lazy fns for ExtensionField")
 	}
 	f.lazy.xi = nil
-	f.lazy.fn = nil
 	f.lazy.b = nil
 	atomic.StoreUint32(&f.lazy.atomicOnce, 1)
 }
@@ -174,13 +172,6 @@ func (f *ExtensionField) Set(t protoreflect.ExtensionType, v protoreflect.Value)
 	f.lazy = nil
 }
 
-// SetLazy sets the type and a value that is to be lazily evaluated upon first use.
-// This must not be called concurrently.
-func (f *ExtensionField) SetLazy(t protoreflect.ExtensionType, fn func() protoreflect.Value) {
-	f.typ = t
-	f.lazy = &lazyExtensionValue{fn: fn}
-}
-
 // Value returns the value of the extension field.
 // This may be called concurrently.
 func (f *ExtensionField) Value() protoreflect.Value {
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go
index 78ee47e44b..7c1f66c8c1 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_field.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_field.go
@@ -65,6 +65,9 @@ func (mi *MessageInfo) initOneofFieldCoders(od protoreflect.OneofDescriptor, si
 			if err != nil {
 				return out, err
 			}
+			if cf.funcs.isInit == nil {
+				out.initialized = true
+			}
 			vi.Set(vw)
 			return out, nil
 		}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go
index 6b2fdbb739..78be9df342 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_message.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_message.go
@@ -189,6 +189,9 @@ func (mi *MessageInfo) makeCoderMethods(t reflect.Type, si structInfo) {
 	if mi.methods.Merge == nil {
 		mi.methods.Merge = mi.merge
 	}
+	if mi.methods.Equal == nil {
+		mi.methods.Equal = equal
+	}
 }
 
 // getUnknownBytes returns a *[]byte for the unknown fields.
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/codec_reflect.go
deleted file mode 100644
index 145c577bd6..0000000000
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_reflect.go
+++ /dev/null
@@ -1,210 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego || appengine
-// +build purego appengine
-
-package impl
-
-import (
-	"reflect"
-
-	"google.golang.org/protobuf/encoding/protowire"
-)
-
-func sizeEnum(p pointer, f *coderFieldInfo, _ marshalOptions) (size int) {
-	v := p.v.Elem().Int()
-	return f.tagsize + protowire.SizeVarint(uint64(v))
-}
-
-func appendEnum(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
-	v := p.v.Elem().Int()
-	b = protowire.AppendVarint(b, f.wiretag)
-	b = protowire.AppendVarint(b, uint64(v))
-	return b, nil
-}
-
-func consumeEnum(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, _ unmarshalOptions) (out unmarshalOutput, err error) {
-	if wtyp != protowire.VarintType {
-		return out, errUnknown
-	}
-	v, n := protowire.ConsumeVarint(b)
-	if n < 0 {
-		return out, errDecode
-	}
-	p.v.Elem().SetInt(int64(v))
-	out.n = n
-	return out, nil
-}
-
-func mergeEnum(dst, src pointer, _ *coderFieldInfo, _ mergeOptions) {
-	dst.v.Elem().Set(src.v.Elem())
-}
-
-var coderEnum = pointerCoderFuncs{
-	size:      sizeEnum,
-	marshal:   appendEnum,
-	unmarshal: consumeEnum,
-	merge:     mergeEnum,
-}
-
-func sizeEnumNoZero(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) {
-	if p.v.Elem().Int() == 0 {
-		return 0
-	}
-	return sizeEnum(p, f, opts)
-}
-
-func appendEnumNoZero(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
-	if p.v.Elem().Int() == 0 {
-		return b, nil
-	}
-	return appendEnum(b, p, f, opts)
-}
-
-func mergeEnumNoZero(dst, src pointer, _ *coderFieldInfo, _ mergeOptions) {
-	if src.v.Elem().Int() != 0 {
-		dst.v.Elem().Set(src.v.Elem())
-	}
-}
-
-var coderEnumNoZero = pointerCoderFuncs{
-	size:      sizeEnumNoZero,
-	marshal:   appendEnumNoZero,
-	unmarshal: consumeEnum,
-	merge:     mergeEnumNoZero,
-}
-
-func sizeEnumPtr(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) {
-	return sizeEnum(pointer{p.v.Elem()}, f, opts)
-}
-
-func appendEnumPtr(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
-	return appendEnum(b, pointer{p.v.Elem()}, f, opts)
-}
-
-func consumeEnumPtr(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) {
-	if wtyp != protowire.VarintType {
-		return out, errUnknown
-	}
-	if p.v.Elem().IsNil() {
-		p.v.Elem().Set(reflect.New(p.v.Elem().Type().Elem()))
-	}
-	return consumeEnum(b, pointer{p.v.Elem()}, wtyp, f, opts)
-}
-
-func mergeEnumPtr(dst, src pointer, _ *coderFieldInfo, _ mergeOptions) {
-	if !src.v.Elem().IsNil() {
-		v := reflect.New(dst.v.Type().Elem().Elem())
-		v.Elem().Set(src.v.Elem().Elem())
-		dst.v.Elem().Set(v)
-	}
-}
-
-var coderEnumPtr = pointerCoderFuncs{
-	size:      sizeEnumPtr,
-	marshal:   appendEnumPtr,
-	unmarshal: consumeEnumPtr,
-	merge:     mergeEnumPtr,
-}
-
-func sizeEnumSlice(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) {
-	s := p.v.Elem()
-	for i, llen := 0, s.Len(); i < llen; i++ {
-		size += protowire.SizeVarint(uint64(s.Index(i).Int())) + f.tagsize
-	}
-	return size
-}
-
-func appendEnumSlice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
-	s := p.v.Elem()
-	for i, llen := 0, s.Len(); i < llen; i++ {
-		b = protowire.AppendVarint(b, f.wiretag)
-		b = protowire.AppendVarint(b, uint64(s.Index(i).Int()))
-	}
-	return b, nil
-}
-
-func consumeEnumSlice(b []byte, p pointer, wtyp protowire.Type, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) {
-	s := p.v.Elem()
-	if wtyp == protowire.BytesType {
-		b, n := protowire.ConsumeBytes(b)
-		if n < 0 {
-			return out, errDecode
-		}
-		for len(b) > 0 {
-			v, n := protowire.ConsumeVarint(b)
-			if n < 0 {
-				return out, errDecode
-			}
-			rv := reflect.New(s.Type().Elem()).Elem()
-			rv.SetInt(int64(v))
-			s.Set(reflect.Append(s, rv))
-			b = b[n:]
-		}
-		out.n = n
-		return out, nil
-	}
-	if wtyp != protowire.VarintType {
-		return out, errUnknown
-	}
-	v, n := protowire.ConsumeVarint(b)
-	if n < 0 {
-		return out, errDecode
-	}
-	rv := reflect.New(s.Type().Elem()).Elem()
-	rv.SetInt(int64(v))
-	s.Set(reflect.Append(s, rv))
-	out.n = n
-	return out, nil
-}
-
-func mergeEnumSlice(dst, src pointer, _ *coderFieldInfo, _ mergeOptions) {
-	dst.v.Elem().Set(reflect.AppendSlice(dst.v.Elem(), src.v.Elem()))
-}
-
-var coderEnumSlice = pointerCoderFuncs{
-	size:      sizeEnumSlice,
-	marshal:   appendEnumSlice,
-	unmarshal: consumeEnumSlice,
-	merge:     mergeEnumSlice,
-}
-
-func sizeEnumPackedSlice(p pointer, f *coderFieldInfo, opts marshalOptions) (size int) {
-	s := p.v.Elem()
-	llen := s.Len()
-	if llen == 0 {
-		return 0
-	}
-	n := 0
-	for i := 0; i < llen; i++ {
-		n += protowire.SizeVarint(uint64(s.Index(i).Int()))
-	}
-	return f.tagsize + protowire.SizeBytes(n)
-}
-
-func appendEnumPackedSlice(b []byte, p pointer, f *coderFieldInfo, opts marshalOptions) ([]byte, error) {
-	s := p.v.Elem()
-	llen := s.Len()
-	if llen == 0 {
-		return b, nil
-	}
-	b = protowire.AppendVarint(b, f.wiretag)
-	n := 0
-	for i := 0; i < llen; i++ {
-		n += protowire.SizeVarint(uint64(s.Index(i).Int()))
-	}
-	b = protowire.AppendVarint(b, uint64(n))
-	for i := 0; i < llen; i++ {
-		b = protowire.AppendVarint(b, uint64(s.Index(i).Int()))
-	}
-	return b, nil
-}
-
-var coderEnumPackedSlice = pointerCoderFuncs{
-	size:      sizeEnumPackedSlice,
-	marshal:   appendEnumPackedSlice,
-	unmarshal: consumeEnumSlice,
-	merge:     mergeEnumSlice,
-}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/codec_unsafe.go b/vendor/google.golang.org/protobuf/internal/impl/codec_unsafe.go
index 757642e23c..077712c2c5 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/codec_unsafe.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/codec_unsafe.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego && !appengine
-// +build !purego,!appengine
-
 package impl
 
 // When using unsafe pointers, we can just treat enum values as int32s.
diff --git a/vendor/google.golang.org/protobuf/internal/impl/convert.go b/vendor/google.golang.org/protobuf/internal/impl/convert.go
index e06ece55a2..f72ddd882f 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/convert.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/convert.go
@@ -322,7 +322,7 @@ func (c *stringConverter) PBValueOf(v reflect.Value) protoreflect.Value {
 	return protoreflect.ValueOfString(v.Convert(stringType).String())
 }
 func (c *stringConverter) GoValueOf(v protoreflect.Value) reflect.Value {
-	// pref.Value.String never panics, so we go through an interface
+	// protoreflect.Value.String never panics, so we go through an interface
 	// conversion here to check the type.
 	s := v.Interface().(string)
 	if c.goType.Kind() == reflect.Slice && s == "" {
diff --git a/vendor/google.golang.org/protobuf/internal/impl/encode.go b/vendor/google.golang.org/protobuf/internal/impl/encode.go
index febd212247..6254f5de41 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/encode.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/encode.go
@@ -10,7 +10,7 @@ import (
 	"sync/atomic"
 
 	"google.golang.org/protobuf/internal/flags"
-	proto "google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/proto"
 	piface "google.golang.org/protobuf/runtime/protoiface"
 )
 
diff --git a/vendor/google.golang.org/protobuf/internal/impl/equal.go b/vendor/google.golang.org/protobuf/internal/impl/equal.go
new file mode 100644
index 0000000000..9f6c32a7d8
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/internal/impl/equal.go
@@ -0,0 +1,224 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+import (
+	"bytes"
+
+	"google.golang.org/protobuf/encoding/protowire"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/runtime/protoiface"
+)
+
+func equal(in protoiface.EqualInput) protoiface.EqualOutput {
+	return protoiface.EqualOutput{Equal: equalMessage(in.MessageA, in.MessageB)}
+}
+
+// equalMessage is a fast-path variant of protoreflect.equalMessage.
+// It takes advantage of the internal messageState type to avoid
+// unnecessary allocations, type assertions.
+func equalMessage(mx, my protoreflect.Message) bool {
+	if mx == nil || my == nil {
+		return mx == my
+	}
+	if mx.Descriptor() != my.Descriptor() {
+		return false
+	}
+
+	msx, ok := mx.(*messageState)
+	if !ok {
+		return protoreflect.ValueOfMessage(mx).Equal(protoreflect.ValueOfMessage(my))
+	}
+	msy, ok := my.(*messageState)
+	if !ok {
+		return protoreflect.ValueOfMessage(mx).Equal(protoreflect.ValueOfMessage(my))
+	}
+
+	mi := msx.messageInfo()
+	miy := msy.messageInfo()
+	if mi != miy {
+		return protoreflect.ValueOfMessage(mx).Equal(protoreflect.ValueOfMessage(my))
+	}
+	mi.init()
+	// Compares regular fields
+	// Modified Message.Range code that compares two messages of the same type
+	// while going over the fields.
+	for _, ri := range mi.rangeInfos {
+		var fd protoreflect.FieldDescriptor
+		var vx, vy protoreflect.Value
+
+		switch ri := ri.(type) {
+		case *fieldInfo:
+			hx := ri.has(msx.pointer())
+			hy := ri.has(msy.pointer())
+			if hx != hy {
+				return false
+			}
+			if !hx {
+				continue
+			}
+			fd = ri.fieldDesc
+			vx = ri.get(msx.pointer())
+			vy = ri.get(msy.pointer())
+		case *oneofInfo:
+			fnx := ri.which(msx.pointer())
+			fny := ri.which(msy.pointer())
+			if fnx != fny {
+				return false
+			}
+			if fnx <= 0 {
+				continue
+			}
+			fi := mi.fields[fnx]
+			fd = fi.fieldDesc
+			vx = fi.get(msx.pointer())
+			vy = fi.get(msy.pointer())
+		}
+
+		if !equalValue(fd, vx, vy) {
+			return false
+		}
+	}
+
+	// Compare extensions.
+	// This is more complicated because mx or my could have empty/nil extension maps,
+	// however some populated extension map values are equal to nil extension maps.
+	emx := mi.extensionMap(msx.pointer())
+	emy := mi.extensionMap(msy.pointer())
+	if emx != nil {
+		for k, x := range *emx {
+			xd := x.Type().TypeDescriptor()
+			xv := x.Value()
+			var y ExtensionField
+			ok := false
+			if emy != nil {
+				y, ok = (*emy)[k]
+			}
+			// We need to treat empty lists as equal to nil values
+			if emy == nil || !ok {
+				if xd.IsList() && xv.List().Len() == 0 {
+					continue
+				}
+				return false
+			}
+
+			if !equalValue(xd, xv, y.Value()) {
+				return false
+			}
+		}
+	}
+	if emy != nil {
+		// emy may have extensions emx does not have, need to check them as well
+		for k, y := range *emy {
+			if emx != nil {
+				// emx has the field, so we already checked it
+				if _, ok := (*emx)[k]; ok {
+					continue
+				}
+			}
+			// Empty lists are equal to nil
+			if y.Type().TypeDescriptor().IsList() && y.Value().List().Len() == 0 {
+				continue
+			}
+
+			// Cant be equal if the extension is populated
+			return false
+		}
+	}
+
+	return equalUnknown(mx.GetUnknown(), my.GetUnknown())
+}
+
+func equalValue(fd protoreflect.FieldDescriptor, vx, vy protoreflect.Value) bool {
+	// slow path
+	if fd.Kind() != protoreflect.MessageKind {
+		return vx.Equal(vy)
+	}
+
+	// fast path special cases
+	if fd.IsMap() {
+		if fd.MapValue().Kind() == protoreflect.MessageKind {
+			return equalMessageMap(vx.Map(), vy.Map())
+		}
+		return vx.Equal(vy)
+	}
+
+	if fd.IsList() {
+		return equalMessageList(vx.List(), vy.List())
+	}
+
+	return equalMessage(vx.Message(), vy.Message())
+}
+
+// Mostly copied from protoreflect.equalMap.
+// This variant only works for messages as map types.
+// All other map types should be handled via Value.Equal.
+func equalMessageMap(mx, my protoreflect.Map) bool {
+	if mx.Len() != my.Len() {
+		return false
+	}
+	equal := true
+	mx.Range(func(k protoreflect.MapKey, vx protoreflect.Value) bool {
+		if !my.Has(k) {
+			equal = false
+			return false
+		}
+		vy := my.Get(k)
+		equal = equalMessage(vx.Message(), vy.Message())
+		return equal
+	})
+	return equal
+}
+
+// Mostly copied from protoreflect.equalList.
+// The only change is the usage of equalImpl instead of protoreflect.equalValue.
+func equalMessageList(lx, ly protoreflect.List) bool {
+	if lx.Len() != ly.Len() {
+		return false
+	}
+	for i := 0; i < lx.Len(); i++ {
+		// We only operate on messages here since equalImpl will not call us in any other case.
+		if !equalMessage(lx.Get(i).Message(), ly.Get(i).Message()) {
+			return false
+		}
+	}
+	return true
+}
+
+// equalUnknown compares unknown fields by direct comparison on the raw bytes
+// of each individual field number.
+// Copied from protoreflect.equalUnknown.
+func equalUnknown(x, y protoreflect.RawFields) bool {
+	if len(x) != len(y) {
+		return false
+	}
+	if bytes.Equal([]byte(x), []byte(y)) {
+		return true
+	}
+
+	mx := make(map[protoreflect.FieldNumber]protoreflect.RawFields)
+	my := make(map[protoreflect.FieldNumber]protoreflect.RawFields)
+	for len(x) > 0 {
+		fnum, _, n := protowire.ConsumeField(x)
+		mx[fnum] = append(mx[fnum], x[:n]...)
+		x = x[n:]
+	}
+	for len(y) > 0 {
+		fnum, _, n := protowire.ConsumeField(y)
+		my[fnum] = append(my[fnum], y[:n]...)
+		y = y[n:]
+	}
+	if len(mx) != len(my) {
+		return false
+	}
+
+	for k, v1 := range mx {
+		if v2, ok := my[k]; !ok || !bytes.Equal([]byte(v1), []byte(v2)) {
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go b/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go
index 6e8677ee63..b6849d6692 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go
@@ -160,6 +160,7 @@ func (x placeholderExtension) HasPresence() bool
 func (x placeholderExtension) HasOptionalKeyword() bool                           { return false }
 func (x placeholderExtension) IsExtension() bool                                  { return true }
 func (x placeholderExtension) IsWeak() bool                                       { return false }
+func (x placeholderExtension) IsLazy() bool                                       { return false }
 func (x placeholderExtension) IsPacked() bool                                     { return false }
 func (x placeholderExtension) IsList() bool                                       { return false }
 func (x placeholderExtension) IsMap() bool                                        { return false }
diff --git a/vendor/google.golang.org/protobuf/internal/impl/message.go b/vendor/google.golang.org/protobuf/internal/impl/message.go
index 019399d454..741b5ed29c 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/message.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/message.go
@@ -30,8 +30,8 @@ type MessageInfo struct {
 	// Desc is the underlying message descriptor type and must be populated.
 	Desc protoreflect.MessageDescriptor
 
-	// Exporter must be provided in a purego environment in order to provide
-	// access to unexported fields.
+	// Deprecated: Exporter will be removed the next time we bump
+	// protoimpl.GenVersion. See https://github.com/golang/protobuf/issues/1640
 	Exporter exporter
 
 	// OneofWrappers is list of pointers to oneof wrapper struct types.
diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go
deleted file mode 100644
index da685e8a29..0000000000
--- a/vendor/google.golang.org/protobuf/internal/impl/pointer_reflect.go
+++ /dev/null
@@ -1,215 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego || appengine
-// +build purego appengine
-
-package impl
-
-import (
-	"fmt"
-	"reflect"
-	"sync"
-)
-
-const UnsafeEnabled = false
-
-// Pointer is an opaque pointer type.
-type Pointer any
-
-// offset represents the offset to a struct field, accessible from a pointer.
-// The offset is the field index into a struct.
-type offset struct {
-	index  int
-	export exporter
-}
-
-// offsetOf returns a field offset for the struct field.
-func offsetOf(f reflect.StructField, x exporter) offset {
-	if len(f.Index) != 1 {
-		panic("embedded structs are not supported")
-	}
-	if f.PkgPath == "" {
-		return offset{index: f.Index[0]} // field is already exported
-	}
-	if x == nil {
-		panic("exporter must be provided for unexported field")
-	}
-	return offset{index: f.Index[0], export: x}
-}
-
-// IsValid reports whether the offset is valid.
-func (f offset) IsValid() bool { return f.index >= 0 }
-
-// invalidOffset is an invalid field offset.
-var invalidOffset = offset{index: -1}
-
-// zeroOffset is a noop when calling pointer.Apply.
-var zeroOffset = offset{index: 0}
-
-// pointer is an abstract representation of a pointer to a struct or field.
-type pointer struct{ v reflect.Value }
-
-// pointerOf returns p as a pointer.
-func pointerOf(p Pointer) pointer {
-	return pointerOfIface(p)
-}
-
-// pointerOfValue returns v as a pointer.
-func pointerOfValue(v reflect.Value) pointer {
-	return pointer{v: v}
-}
-
-// pointerOfIface returns the pointer portion of an interface.
-func pointerOfIface(v any) pointer {
-	return pointer{v: reflect.ValueOf(v)}
-}
-
-// IsNil reports whether the pointer is nil.
-func (p pointer) IsNil() bool {
-	return p.v.IsNil()
-}
-
-// Apply adds an offset to the pointer to derive a new pointer
-// to a specified field. The current pointer must be pointing at a struct.
-func (p pointer) Apply(f offset) pointer {
-	if f.export != nil {
-		if v := reflect.ValueOf(f.export(p.v.Interface(), f.index)); v.IsValid() {
-			return pointer{v: v}
-		}
-	}
-	return pointer{v: p.v.Elem().Field(f.index).Addr()}
-}
-
-// AsValueOf treats p as a pointer to an object of type t and returns the value.
-// It is equivalent to reflect.ValueOf(p.AsIfaceOf(t))
-func (p pointer) AsValueOf(t reflect.Type) reflect.Value {
-	if got := p.v.Type().Elem(); got != t {
-		panic(fmt.Sprintf("invalid type: got %v, want %v", got, t))
-	}
-	return p.v
-}
-
-// AsIfaceOf treats p as a pointer to an object of type t and returns the value.
-// It is equivalent to p.AsValueOf(t).Interface()
-func (p pointer) AsIfaceOf(t reflect.Type) any {
-	return p.AsValueOf(t).Interface()
-}
-
-func (p pointer) Bool() *bool              { return p.v.Interface().(*bool) }
-func (p pointer) BoolPtr() **bool          { return p.v.Interface().(**bool) }
-func (p pointer) BoolSlice() *[]bool       { return p.v.Interface().(*[]bool) }
-func (p pointer) Int32() *int32            { return p.v.Interface().(*int32) }
-func (p pointer) Int32Ptr() **int32        { return p.v.Interface().(**int32) }
-func (p pointer) Int32Slice() *[]int32     { return p.v.Interface().(*[]int32) }
-func (p pointer) Int64() *int64            { return p.v.Interface().(*int64) }
-func (p pointer) Int64Ptr() **int64        { return p.v.Interface().(**int64) }
-func (p pointer) Int64Slice() *[]int64     { return p.v.Interface().(*[]int64) }
-func (p pointer) Uint32() *uint32          { return p.v.Interface().(*uint32) }
-func (p pointer) Uint32Ptr() **uint32      { return p.v.Interface().(**uint32) }
-func (p pointer) Uint32Slice() *[]uint32   { return p.v.Interface().(*[]uint32) }
-func (p pointer) Uint64() *uint64          { return p.v.Interface().(*uint64) }
-func (p pointer) Uint64Ptr() **uint64      { return p.v.Interface().(**uint64) }
-func (p pointer) Uint64Slice() *[]uint64   { return p.v.Interface().(*[]uint64) }
-func (p pointer) Float32() *float32        { return p.v.Interface().(*float32) }
-func (p pointer) Float32Ptr() **float32    { return p.v.Interface().(**float32) }
-func (p pointer) Float32Slice() *[]float32 { return p.v.Interface().(*[]float32) }
-func (p pointer) Float64() *float64        { return p.v.Interface().(*float64) }
-func (p pointer) Float64Ptr() **float64    { return p.v.Interface().(**float64) }
-func (p pointer) Float64Slice() *[]float64 { return p.v.Interface().(*[]float64) }
-func (p pointer) String() *string          { return p.v.Interface().(*string) }
-func (p pointer) StringPtr() **string      { return p.v.Interface().(**string) }
-func (p pointer) StringSlice() *[]string   { return p.v.Interface().(*[]string) }
-func (p pointer) Bytes() *[]byte           { return p.v.Interface().(*[]byte) }
-func (p pointer) BytesPtr() **[]byte       { return p.v.Interface().(**[]byte) }
-func (p pointer) BytesSlice() *[][]byte    { return p.v.Interface().(*[][]byte) }
-func (p pointer) WeakFields() *weakFields  { return (*weakFields)(p.v.Interface().(*WeakFields)) }
-func (p pointer) Extensions() *map[int32]ExtensionField {
-	return p.v.Interface().(*map[int32]ExtensionField)
-}
-
-func (p pointer) Elem() pointer {
-	return pointer{v: p.v.Elem()}
-}
-
-// PointerSlice copies []*T from p as a new []pointer.
-// This behavior differs from the implementation in pointer_unsafe.go.
-func (p pointer) PointerSlice() []pointer {
-	// TODO: reconsider this
-	if p.v.IsNil() {
-		return nil
-	}
-	n := p.v.Elem().Len()
-	s := make([]pointer, n)
-	for i := 0; i < n; i++ {
-		s[i] = pointer{v: p.v.Elem().Index(i)}
-	}
-	return s
-}
-
-// AppendPointerSlice appends v to p, which must be a []*T.
-func (p pointer) AppendPointerSlice(v pointer) {
-	sp := p.v.Elem()
-	sp.Set(reflect.Append(sp, v.v))
-}
-
-// SetPointer sets *p to v.
-func (p pointer) SetPointer(v pointer) {
-	p.v.Elem().Set(v.v)
-}
-
-func growSlice(p pointer, addCap int) {
-	// TODO: Once we only support Go 1.20 and newer, use reflect.Grow.
-	in := p.v.Elem()
-	out := reflect.MakeSlice(in.Type(), in.Len(), in.Len()+addCap)
-	reflect.Copy(out, in)
-	p.v.Elem().Set(out)
-}
-
-func (p pointer) growBoolSlice(addCap int) {
-	growSlice(p, addCap)
-}
-
-func (p pointer) growInt32Slice(addCap int) {
-	growSlice(p, addCap)
-}
-
-func (p pointer) growUint32Slice(addCap int) {
-	growSlice(p, addCap)
-}
-
-func (p pointer) growInt64Slice(addCap int) {
-	growSlice(p, addCap)
-}
-
-func (p pointer) growUint64Slice(addCap int) {
-	growSlice(p, addCap)
-}
-
-func (p pointer) growFloat64Slice(addCap int) {
-	growSlice(p, addCap)
-}
-
-func (p pointer) growFloat32Slice(addCap int) {
-	growSlice(p, addCap)
-}
-
-func (Export) MessageStateOf(p Pointer) *messageState     { panic("not supported") }
-func (ms *messageState) pointer() pointer                 { panic("not supported") }
-func (ms *messageState) messageInfo() *MessageInfo        { panic("not supported") }
-func (ms *messageState) LoadMessageInfo() *MessageInfo    { panic("not supported") }
-func (ms *messageState) StoreMessageInfo(mi *MessageInfo) { panic("not supported") }
-
-type atomicNilMessage struct {
-	once sync.Once
-	m    messageReflectWrapper
-}
-
-func (m *atomicNilMessage) Init(mi *MessageInfo) *messageReflectWrapper {
-	m.once.Do(func() {
-		m.m.p = pointerOfIface(reflect.Zero(mi.GoReflectType).Interface())
-		m.m.mi = mi
-	})
-	return &m.m
-}
diff --git a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go
index 5f20ca5d8a..79e186667b 100644
--- a/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go
+++ b/vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego && !appengine
-// +build !purego,!appengine
-
 package impl
 
 import (
diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_pure.go b/vendor/google.golang.org/protobuf/internal/strs/strings_pure.go
deleted file mode 100644
index a1f6f33386..0000000000
--- a/vendor/google.golang.org/protobuf/internal/strs/strings_pure.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego || appengine
-// +build purego appengine
-
-package strs
-
-import pref "google.golang.org/protobuf/reflect/protoreflect"
-
-func UnsafeString(b []byte) string {
-	return string(b)
-}
-
-func UnsafeBytes(s string) []byte {
-	return []byte(s)
-}
-
-type Builder struct{}
-
-func (*Builder) AppendFullName(prefix pref.FullName, name pref.Name) pref.FullName {
-	return prefix.Append(name)
-}
-
-func (*Builder) MakeString(b []byte) string {
-	return string(b)
-}
diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go
index a008acd090..832a7988f1 100644
--- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go
+++ b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go120.go
@@ -2,8 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego && !appengine && !go1.21
-// +build !purego,!appengine,!go1.21
+//go:build !go1.21
 
 package strs
 
diff --git a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go
index 60166f2ba3..1ffddf6877 100644
--- a/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go
+++ b/vendor/google.golang.org/protobuf/internal/strs/strings_unsafe_go121.go
@@ -2,8 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego && !appengine && go1.21
-// +build !purego,!appengine,go1.21
+//go:build go1.21
 
 package strs
 
diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go
index dbbf1f6862..fb8e15e8da 100644
--- a/vendor/google.golang.org/protobuf/internal/version/version.go
+++ b/vendor/google.golang.org/protobuf/internal/version/version.go
@@ -51,8 +51,8 @@ import (
 //  10. Send out the CL for review and submit it.
 const (
 	Major      = 1
-	Minor      = 34
-	Patch      = 2
+	Minor      = 35
+	Patch      = 1
 	PreRelease = ""
 )
 
diff --git a/vendor/google.golang.org/protobuf/proto/equal.go b/vendor/google.golang.org/protobuf/proto/equal.go
index 1a0be1b03c..c36d4a9cd7 100644
--- a/vendor/google.golang.org/protobuf/proto/equal.go
+++ b/vendor/google.golang.org/protobuf/proto/equal.go
@@ -8,6 +8,7 @@ import (
 	"reflect"
 
 	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/runtime/protoiface"
 )
 
 // Equal reports whether two messages are equal,
@@ -51,6 +52,14 @@ func Equal(x, y Message) bool {
 	if mx.IsValid() != my.IsValid() {
 		return false
 	}
+
+	// Only one of the messages needs to implement the fast-path for it to work.
+	pmx := protoMethods(mx)
+	pmy := protoMethods(my)
+	if pmx != nil && pmy != nil && pmx.Equal != nil && pmy.Equal != nil {
+		return pmx.Equal(protoiface.EqualInput{MessageA: mx, MessageB: my}).Equal
+	}
+
 	vx := protoreflect.ValueOfMessage(mx)
 	vy := protoreflect.ValueOfMessage(my)
 	return vx.Equal(vy)
diff --git a/vendor/google.golang.org/protobuf/proto/extension.go b/vendor/google.golang.org/protobuf/proto/extension.go
index d248f29284..78445d116f 100644
--- a/vendor/google.golang.org/protobuf/proto/extension.go
+++ b/vendor/google.golang.org/protobuf/proto/extension.go
@@ -39,6 +39,48 @@ func ClearExtension(m Message, xt protoreflect.ExtensionType) {
 // If the field is unpopulated, it returns the default value for
 // scalars and an immutable, empty value for lists or messages.
 // It panics if xt does not extend m.
+//
+// The type of the value is dependent on the field type of the extension.
+// For extensions generated by protoc-gen-go, the Go type is as follows:
+//
+//	╔═══════════════════╤═════════════════════════╗
+//	║ Go type           │ Protobuf kind           ║
+//	╠═══════════════════╪═════════════════════════╣
+//	║ bool              │ bool                    ║
+//	║ int32             │ int32, sint32, sfixed32 ║
+//	║ int64             │ int64, sint64, sfixed64 ║
+//	║ uint32            │ uint32, fixed32         ║
+//	║ uint64            │ uint64, fixed64         ║
+//	║ float32           │ float                   ║
+//	║ float64           │ double                  ║
+//	║ string            │ string                  ║
+//	║ []byte            │ bytes                   ║
+//	║ protoreflect.Enum │ enum                    ║
+//	║ proto.Message     │ message, group          ║
+//	╚═══════════════════╧═════════════════════════╝
+//
+// The protoreflect.Enum and proto.Message types are the concrete Go type
+// associated with the named enum or message. Repeated fields are represented
+// using a Go slice of the base element type.
+//
+// If a generated extension descriptor variable is directly passed to
+// GetExtension, then the call should be followed immediately by a
+// type assertion to the expected output value. For example:
+//
+//	mm := proto.GetExtension(m, foopb.E_MyExtension).(*foopb.MyMessage)
+//
+// This pattern enables static analysis tools to verify that the asserted type
+// matches the Go type associated with the extension field and
+// also enables a possible future migration to a type-safe extension API.
+//
+// Since singular messages are the most common extension type, the pattern of
+// calling HasExtension followed by GetExtension may be simplified to:
+//
+//	if mm := proto.GetExtension(m, foopb.E_MyExtension).(*foopb.MyMessage); mm != nil {
+//	    ... // make use of mm
+//	}
+//
+// The mm variable is non-nil if and only if HasExtension reports true.
 func GetExtension(m Message, xt protoreflect.ExtensionType) any {
 	// Treat nil message interface as an empty message; return the default.
 	if m == nil {
@@ -51,6 +93,35 @@ func GetExtension(m Message, xt protoreflect.ExtensionType) any {
 // SetExtension stores the value of an extension field.
 // It panics if m is invalid, xt does not extend m, or if type of v
 // is invalid for the specified extension field.
+//
+// The type of the value is dependent on the field type of the extension.
+// For extensions generated by protoc-gen-go, the Go type is as follows:
+//
+//	╔═══════════════════╤═════════════════════════╗
+//	║ Go type           │ Protobuf kind           ║
+//	╠═══════════════════╪═════════════════════════╣
+//	║ bool              │ bool                    ║
+//	║ int32             │ int32, sint32, sfixed32 ║
+//	║ int64             │ int64, sint64, sfixed64 ║
+//	║ uint32            │ uint32, fixed32         ║
+//	║ uint64            │ uint64, fixed64         ║
+//	║ float32           │ float                   ║
+//	║ float64           │ double                  ║
+//	║ string            │ string                  ║
+//	║ []byte            │ bytes                   ║
+//	║ protoreflect.Enum │ enum                    ║
+//	║ proto.Message     │ message, group          ║
+//	╚═══════════════════╧═════════════════════════╝
+//
+// The protoreflect.Enum and proto.Message types are the concrete Go type
+// associated with the named enum or message. Repeated fields are represented
+// using a Go slice of the base element type.
+//
+// If a generated extension descriptor variable is directly passed to
+// SetExtension (e.g., foopb.E_MyExtension), then the value should be a
+// concrete type that matches the expected Go type for the extension descriptor
+// so that static analysis tools can verify type correctness.
+// This also enables a possible future migration to a type-safe extension API.
 func SetExtension(m Message, xt protoreflect.ExtensionType, v any) {
 	xd := xt.TypeDescriptor()
 	pv := xt.ValueOf(v)
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
index 8561755427..ebcb4a8ab1 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
@@ -150,6 +150,7 @@ func (r descsByName) initFieldsFromDescriptorProto(fds []*descriptorpb.FieldDesc
 			opts = proto.Clone(opts).(*descriptorpb.FieldOptions)
 			f.L1.Options = func() protoreflect.ProtoMessage { return opts }
 			f.L1.IsWeak = opts.GetWeak()
+			f.L1.IsLazy = opts.GetLazy()
 			if opts.Packed != nil {
 				f.L1.EditionFeatures.IsPacked = opts.GetPacked()
 			}
@@ -214,6 +215,9 @@ func (r descsByName) initExtensionDeclarations(xds []*descriptorpb.FieldDescript
 		if xd.JsonName != nil {
 			x.L2.StringName.InitJSON(xd.GetJsonName())
 		}
+		if x.L1.Kind == protoreflect.MessageKind && x.L1.EditionFeatures.IsDelimitedEncoded {
+			x.L1.Kind = protoreflect.GroupKind
+		}
 	}
 	return xs, nil
 }
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go b/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go
index 804830eda3..002e0047ae 100644
--- a/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/editions.go
@@ -14,7 +14,7 @@ import (
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/types/descriptorpb"
-	gofeaturespb "google.golang.org/protobuf/types/gofeaturespb"
+	"google.golang.org/protobuf/types/gofeaturespb"
 )
 
 var defaults = &descriptorpb.FeatureSetDefaults{}
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/methods.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/methods.go
index d5d5af6ebe..742cb518c4 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/methods.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/methods.go
@@ -23,6 +23,7 @@ type (
 		Unmarshal        func(unmarshalInput) (unmarshalOutput, error)
 		Merge            func(mergeInput) mergeOutput
 		CheckInitialized func(checkInitializedInput) (checkInitializedOutput, error)
+		Equal            func(equalInput) equalOutput
 	}
 	supportFlags = uint64
 	sizeInput    = struct {
@@ -75,4 +76,13 @@ type (
 	checkInitializedOutput = struct {
 		pragma.NoUnkeyedLiterals
 	}
+	equalInput = struct {
+		pragma.NoUnkeyedLiterals
+		MessageA Message
+		MessageB Message
+	}
+	equalOutput = struct {
+		pragma.NoUnkeyedLiterals
+		Equal bool
+	}
 )
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_pure.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_pure.go
deleted file mode 100644
index 75f83a2af0..0000000000
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_pure.go
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego || appengine
-// +build purego appengine
-
-package protoreflect
-
-import "google.golang.org/protobuf/internal/pragma"
-
-type valueType int
-
-const (
-	nilType valueType = iota
-	boolType
-	int32Type
-	int64Type
-	uint32Type
-	uint64Type
-	float32Type
-	float64Type
-	stringType
-	bytesType
-	enumType
-	ifaceType
-)
-
-// value is a union where only one type can be represented at a time.
-// This uses a distinct field for each type. This is type safe in Go, but
-// occupies more memory than necessary (72B).
-type value struct {
-	pragma.DoNotCompare // 0B
-
-	typ   valueType // 8B
-	num   uint64    // 8B
-	str   string    // 16B
-	bin   []byte    // 24B
-	iface any       // 16B
-}
-
-func valueOfString(v string) Value {
-	return Value{typ: stringType, str: v}
-}
-func valueOfBytes(v []byte) Value {
-	return Value{typ: bytesType, bin: v}
-}
-func valueOfIface(v any) Value {
-	return Value{typ: ifaceType, iface: v}
-}
-
-func (v Value) getString() string {
-	return v.str
-}
-func (v Value) getBytes() []byte {
-	return v.bin
-}
-func (v Value) getIface() any {
-	return v.iface
-}
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go
index 7f3583ead8..0015fcb35d 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go120.go
@@ -2,8 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego && !appengine && !go1.21
-// +build !purego,!appengine,!go1.21
+//go:build !go1.21
 
 package protoreflect
 
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go
index f7d386990a..479527b58d 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe_go121.go
@@ -2,8 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego && !appengine && go1.21
-// +build !purego,!appengine,go1.21
+//go:build go1.21
 
 package protoreflect
 
diff --git a/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go b/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go
index 44cf467d88..246156561c 100644
--- a/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go
+++ b/vendor/google.golang.org/protobuf/runtime/protoiface/methods.go
@@ -39,6 +39,9 @@ type Methods = struct {
 
 	// CheckInitialized returns an error if any required fields in the message are not set.
 	CheckInitialized func(CheckInitializedInput) (CheckInitializedOutput, error)
+
+	// Equal compares two messages and returns EqualOutput.Equal == true if they are equal.
+	Equal func(EqualInput) EqualOutput
 }
 
 // SupportFlags indicate support for optional features.
@@ -166,3 +169,18 @@ type CheckInitializedInput = struct {
 type CheckInitializedOutput = struct {
 	pragma.NoUnkeyedLiterals
 }
+
+// EqualInput is input to the Equal method.
+type EqualInput = struct {
+	pragma.NoUnkeyedLiterals
+
+	MessageA protoreflect.Message
+	MessageB protoreflect.Message
+}
+
+// EqualOutput is output from the Equal method.
+type EqualOutput = struct {
+	pragma.NoUnkeyedLiterals
+
+	Equal bool
+}
diff --git a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
index 9403eb0750..6dea75cd5b 100644
--- a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
+++ b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
@@ -1217,11 +1217,9 @@ type FileDescriptorSet struct {
 
 func (x *FileDescriptorSet) Reset() {
 	*x = FileDescriptorSet{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FileDescriptorSet) String() string {
@@ -1232,7 +1230,7 @@ func (*FileDescriptorSet) ProtoMessage() {}
 
 func (x *FileDescriptorSet) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1291,11 +1289,9 @@ type FileDescriptorProto struct {
 
 func (x *FileDescriptorProto) Reset() {
 	*x = FileDescriptorProto{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FileDescriptorProto) String() string {
@@ -1306,7 +1302,7 @@ func (*FileDescriptorProto) ProtoMessage() {}
 
 func (x *FileDescriptorProto) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1434,11 +1430,9 @@ type DescriptorProto struct {
 
 func (x *DescriptorProto) Reset() {
 	*x = DescriptorProto{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *DescriptorProto) String() string {
@@ -1449,7 +1443,7 @@ func (*DescriptorProto) ProtoMessage() {}
 
 func (x *DescriptorProto) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1561,11 +1555,9 @@ const (
 
 func (x *ExtensionRangeOptions) Reset() {
 	*x = ExtensionRangeOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ExtensionRangeOptions) String() string {
@@ -1576,7 +1568,7 @@ func (*ExtensionRangeOptions) ProtoMessage() {}
 
 func (x *ExtensionRangeOptions) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1680,11 +1672,9 @@ type FieldDescriptorProto struct {
 
 func (x *FieldDescriptorProto) Reset() {
 	*x = FieldDescriptorProto{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FieldDescriptorProto) String() string {
@@ -1695,7 +1685,7 @@ func (*FieldDescriptorProto) ProtoMessage() {}
 
 func (x *FieldDescriptorProto) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1799,11 +1789,9 @@ type OneofDescriptorProto struct {
 
 func (x *OneofDescriptorProto) Reset() {
 	*x = OneofDescriptorProto{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *OneofDescriptorProto) String() string {
@@ -1814,7 +1802,7 @@ func (*OneofDescriptorProto) ProtoMessage() {}
 
 func (x *OneofDescriptorProto) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1863,11 +1851,9 @@ type EnumDescriptorProto struct {
 
 func (x *EnumDescriptorProto) Reset() {
 	*x = EnumDescriptorProto{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *EnumDescriptorProto) String() string {
@@ -1878,7 +1864,7 @@ func (*EnumDescriptorProto) ProtoMessage() {}
 
 func (x *EnumDescriptorProto) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -1941,11 +1927,9 @@ type EnumValueDescriptorProto struct {
 
 func (x *EnumValueDescriptorProto) Reset() {
 	*x = EnumValueDescriptorProto{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *EnumValueDescriptorProto) String() string {
@@ -1956,7 +1940,7 @@ func (*EnumValueDescriptorProto) ProtoMessage() {}
 
 func (x *EnumValueDescriptorProto) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2005,11 +1989,9 @@ type ServiceDescriptorProto struct {
 
 func (x *ServiceDescriptorProto) Reset() {
 	*x = ServiceDescriptorProto{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ServiceDescriptorProto) String() string {
@@ -2020,7 +2002,7 @@ func (*ServiceDescriptorProto) ProtoMessage() {}
 
 func (x *ServiceDescriptorProto) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2082,11 +2064,9 @@ const (
 
 func (x *MethodDescriptorProto) Reset() {
 	*x = MethodDescriptorProto{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[9]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *MethodDescriptorProto) String() string {
@@ -2097,7 +2077,7 @@ func (*MethodDescriptorProto) ProtoMessage() {}
 
 func (x *MethodDescriptorProto) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[9]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2267,11 +2247,9 @@ const (
 
 func (x *FileOptions) Reset() {
 	*x = FileOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[10]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FileOptions) String() string {
@@ -2282,7 +2260,7 @@ func (*FileOptions) ProtoMessage() {}
 
 func (x *FileOptions) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[10]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2534,11 +2512,9 @@ const (
 
 func (x *MessageOptions) Reset() {
 	*x = MessageOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[11]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *MessageOptions) String() string {
@@ -2549,7 +2525,7 @@ func (*MessageOptions) ProtoMessage() {}
 
 func (x *MessageOptions) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[11]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2707,11 +2683,9 @@ const (
 
 func (x *FieldOptions) Reset() {
 	*x = FieldOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FieldOptions) String() string {
@@ -2722,7 +2696,7 @@ func (*FieldOptions) ProtoMessage() {}
 
 func (x *FieldOptions) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2849,11 +2823,9 @@ type OneofOptions struct {
 
 func (x *OneofOptions) Reset() {
 	*x = OneofOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[13]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *OneofOptions) String() string {
@@ -2864,7 +2836,7 @@ func (*OneofOptions) ProtoMessage() {}
 
 func (x *OneofOptions) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[13]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -2929,11 +2901,9 @@ const (
 
 func (x *EnumOptions) Reset() {
 	*x = EnumOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[14]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[14]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *EnumOptions) String() string {
@@ -2944,7 +2914,7 @@ func (*EnumOptions) ProtoMessage() {}
 
 func (x *EnumOptions) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[14]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3026,11 +2996,9 @@ const (
 
 func (x *EnumValueOptions) Reset() {
 	*x = EnumValueOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[15]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[15]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *EnumValueOptions) String() string {
@@ -3041,7 +3009,7 @@ func (*EnumValueOptions) ProtoMessage() {}
 
 func (x *EnumValueOptions) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[15]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3115,11 +3083,9 @@ const (
 
 func (x *ServiceOptions) Reset() {
 	*x = ServiceOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[16]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[16]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ServiceOptions) String() string {
@@ -3130,7 +3096,7 @@ func (*ServiceOptions) ProtoMessage() {}
 
 func (x *ServiceOptions) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[16]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3192,11 +3158,9 @@ const (
 
 func (x *MethodOptions) Reset() {
 	*x = MethodOptions{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[17]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[17]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *MethodOptions) String() string {
@@ -3207,7 +3171,7 @@ func (*MethodOptions) ProtoMessage() {}
 
 func (x *MethodOptions) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[17]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3274,11 +3238,9 @@ type UninterpretedOption struct {
 
 func (x *UninterpretedOption) Reset() {
 	*x = UninterpretedOption{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[18]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[18]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *UninterpretedOption) String() string {
@@ -3289,7 +3251,7 @@ func (*UninterpretedOption) ProtoMessage() {}
 
 func (x *UninterpretedOption) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[18]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3375,11 +3337,9 @@ type FeatureSet struct {
 
 func (x *FeatureSet) Reset() {
 	*x = FeatureSet{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[19]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[19]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FeatureSet) String() string {
@@ -3390,7 +3350,7 @@ func (*FeatureSet) ProtoMessage() {}
 
 func (x *FeatureSet) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[19]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3467,11 +3427,9 @@ type FeatureSetDefaults struct {
 
 func (x *FeatureSetDefaults) Reset() {
 	*x = FeatureSetDefaults{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[20]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[20]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FeatureSetDefaults) String() string {
@@ -3482,7 +3440,7 @@ func (*FeatureSetDefaults) ProtoMessage() {}
 
 func (x *FeatureSetDefaults) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[20]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3578,11 +3536,9 @@ type SourceCodeInfo struct {
 
 func (x *SourceCodeInfo) Reset() {
 	*x = SourceCodeInfo{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[21]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[21]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *SourceCodeInfo) String() string {
@@ -3593,7 +3549,7 @@ func (*SourceCodeInfo) ProtoMessage() {}
 
 func (x *SourceCodeInfo) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[21]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3630,11 +3586,9 @@ type GeneratedCodeInfo struct {
 
 func (x *GeneratedCodeInfo) Reset() {
 	*x = GeneratedCodeInfo{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[22]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[22]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GeneratedCodeInfo) String() string {
@@ -3645,7 +3599,7 @@ func (*GeneratedCodeInfo) ProtoMessage() {}
 
 func (x *GeneratedCodeInfo) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[22]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3679,11 +3633,9 @@ type DescriptorProto_ExtensionRange struct {
 
 func (x *DescriptorProto_ExtensionRange) Reset() {
 	*x = DescriptorProto_ExtensionRange{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *DescriptorProto_ExtensionRange) String() string {
@@ -3694,7 +3646,7 @@ func (*DescriptorProto_ExtensionRange) ProtoMessage() {}
 
 func (x *DescriptorProto_ExtensionRange) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3744,11 +3696,9 @@ type DescriptorProto_ReservedRange struct {
 
 func (x *DescriptorProto_ReservedRange) Reset() {
 	*x = DescriptorProto_ReservedRange{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *DescriptorProto_ReservedRange) String() string {
@@ -3759,7 +3709,7 @@ func (*DescriptorProto_ReservedRange) ProtoMessage() {}
 
 func (x *DescriptorProto_ReservedRange) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3813,11 +3763,9 @@ type ExtensionRangeOptions_Declaration struct {
 
 func (x *ExtensionRangeOptions_Declaration) Reset() {
 	*x = ExtensionRangeOptions_Declaration{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ExtensionRangeOptions_Declaration) String() string {
@@ -3828,7 +3776,7 @@ func (*ExtensionRangeOptions_Declaration) ProtoMessage() {}
 
 func (x *ExtensionRangeOptions_Declaration) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3895,11 +3843,9 @@ type EnumDescriptorProto_EnumReservedRange struct {
 
 func (x *EnumDescriptorProto_EnumReservedRange) Reset() {
 	*x = EnumDescriptorProto_EnumReservedRange{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *EnumDescriptorProto_EnumReservedRange) String() string {
@@ -3910,7 +3856,7 @@ func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage() {}
 
 func (x *EnumDescriptorProto_EnumReservedRange) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -3950,11 +3896,9 @@ type FieldOptions_EditionDefault struct {
 
 func (x *FieldOptions_EditionDefault) Reset() {
 	*x = FieldOptions_EditionDefault{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FieldOptions_EditionDefault) String() string {
@@ -3965,7 +3909,7 @@ func (*FieldOptions_EditionDefault) ProtoMessage() {}
 
 func (x *FieldOptions_EditionDefault) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[27]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4018,11 +3962,9 @@ type FieldOptions_FeatureSupport struct {
 
 func (x *FieldOptions_FeatureSupport) Reset() {
 	*x = FieldOptions_FeatureSupport{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[28]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[28]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FieldOptions_FeatureSupport) String() string {
@@ -4033,7 +3975,7 @@ func (*FieldOptions_FeatureSupport) ProtoMessage() {}
 
 func (x *FieldOptions_FeatureSupport) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[28]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4092,11 +4034,9 @@ type UninterpretedOption_NamePart struct {
 
 func (x *UninterpretedOption_NamePart) Reset() {
 	*x = UninterpretedOption_NamePart{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[29]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[29]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *UninterpretedOption_NamePart) String() string {
@@ -4107,7 +4047,7 @@ func (*UninterpretedOption_NamePart) ProtoMessage() {}
 
 func (x *UninterpretedOption_NamePart) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[29]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4154,11 +4094,9 @@ type FeatureSetDefaults_FeatureSetEditionDefault struct {
 
 func (x *FeatureSetDefaults_FeatureSetEditionDefault) Reset() {
 	*x = FeatureSetDefaults_FeatureSetEditionDefault{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[30]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[30]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FeatureSetDefaults_FeatureSetEditionDefault) String() string {
@@ -4169,7 +4107,7 @@ func (*FeatureSetDefaults_FeatureSetEditionDefault) ProtoMessage() {}
 
 func (x *FeatureSetDefaults_FeatureSetEditionDefault) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[30]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4305,11 +4243,9 @@ type SourceCodeInfo_Location struct {
 
 func (x *SourceCodeInfo_Location) Reset() {
 	*x = SourceCodeInfo_Location{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[31]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[31]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *SourceCodeInfo_Location) String() string {
@@ -4320,7 +4256,7 @@ func (*SourceCodeInfo_Location) ProtoMessage() {}
 
 func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[31]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -4392,11 +4328,9 @@ type GeneratedCodeInfo_Annotation struct {
 
 func (x *GeneratedCodeInfo_Annotation) Reset() {
 	*x = GeneratedCodeInfo_Annotation{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_descriptor_proto_msgTypes[32]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[32]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GeneratedCodeInfo_Annotation) String() string {
@@ -4407,7 +4341,7 @@ func (*GeneratedCodeInfo_Annotation) ProtoMessage() {}
 
 func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_descriptor_proto_msgTypes[32]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -5385,424 +5319,6 @@ func file_google_protobuf_descriptor_proto_init() {
 	if File_google_protobuf_descriptor_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_descriptor_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*FileDescriptorSet); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[1].Exporter = func(v any, i int) any {
-			switch v := v.(*FileDescriptorProto); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[2].Exporter = func(v any, i int) any {
-			switch v := v.(*DescriptorProto); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[3].Exporter = func(v any, i int) any {
-			switch v := v.(*ExtensionRangeOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[4].Exporter = func(v any, i int) any {
-			switch v := v.(*FieldDescriptorProto); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[5].Exporter = func(v any, i int) any {
-			switch v := v.(*OneofDescriptorProto); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[6].Exporter = func(v any, i int) any {
-			switch v := v.(*EnumDescriptorProto); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[7].Exporter = func(v any, i int) any {
-			switch v := v.(*EnumValueDescriptorProto); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[8].Exporter = func(v any, i int) any {
-			switch v := v.(*ServiceDescriptorProto); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[9].Exporter = func(v any, i int) any {
-			switch v := v.(*MethodDescriptorProto); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[10].Exporter = func(v any, i int) any {
-			switch v := v.(*FileOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[11].Exporter = func(v any, i int) any {
-			switch v := v.(*MessageOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[12].Exporter = func(v any, i int) any {
-			switch v := v.(*FieldOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[13].Exporter = func(v any, i int) any {
-			switch v := v.(*OneofOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[14].Exporter = func(v any, i int) any {
-			switch v := v.(*EnumOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[15].Exporter = func(v any, i int) any {
-			switch v := v.(*EnumValueOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[16].Exporter = func(v any, i int) any {
-			switch v := v.(*ServiceOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[17].Exporter = func(v any, i int) any {
-			switch v := v.(*MethodOptions); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[18].Exporter = func(v any, i int) any {
-			switch v := v.(*UninterpretedOption); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[19].Exporter = func(v any, i int) any {
-			switch v := v.(*FeatureSet); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			case 3:
-				return &v.extensionFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[20].Exporter = func(v any, i int) any {
-			switch v := v.(*FeatureSetDefaults); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[21].Exporter = func(v any, i int) any {
-			switch v := v.(*SourceCodeInfo); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[22].Exporter = func(v any, i int) any {
-			switch v := v.(*GeneratedCodeInfo); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v any, i int) any {
-			switch v := v.(*DescriptorProto_ExtensionRange); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v any, i int) any {
-			switch v := v.(*DescriptorProto_ReservedRange); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v any, i int) any {
-			switch v := v.(*ExtensionRangeOptions_Declaration); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v any, i int) any {
-			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[27].Exporter = func(v any, i int) any {
-			switch v := v.(*FieldOptions_EditionDefault); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[28].Exporter = func(v any, i int) any {
-			switch v := v.(*FieldOptions_FeatureSupport); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[29].Exporter = func(v any, i int) any {
-			switch v := v.(*UninterpretedOption_NamePart); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[30].Exporter = func(v any, i int) any {
-			switch v := v.(*FeatureSetDefaults_FeatureSetEditionDefault); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[31].Exporter = func(v any, i int) any {
-			switch v := v.(*SourceCodeInfo_Location); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_descriptor_proto_msgTypes[32].Exporter = func(v any, i int) any {
-			switch v := v.(*GeneratedCodeInfo_Annotation); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go b/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go
index a2ca940c50..c7e860fcd6 100644
--- a/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go
+++ b/vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go
@@ -29,11 +29,9 @@ type GoFeatures struct {
 
 func (x *GoFeatures) Reset() {
 	*x = GoFeatures{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_go_features_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_go_features_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *GoFeatures) String() string {
@@ -44,7 +42,7 @@ func (*GoFeatures) ProtoMessage() {}
 
 func (x *GoFeatures) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_go_features_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -145,20 +143,6 @@ func file_google_protobuf_go_features_proto_init() {
 	if File_google_protobuf_go_features_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_go_features_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*GoFeatures); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
index 7172b43d38..87da199a38 100644
--- a/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go
@@ -368,11 +368,9 @@ func (x *Any) UnmarshalNew() (proto.Message, error) {
 
 func (x *Any) Reset() {
 	*x = Any{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_any_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_any_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Any) String() string {
@@ -383,7 +381,7 @@ func (*Any) ProtoMessage() {}
 
 func (x *Any) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_any_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -461,20 +459,6 @@ func file_google_protobuf_any_proto_init() {
 	if File_google_protobuf_any_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_any_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*Any); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go b/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
index 1b71bcd910..b99d4d2410 100644
--- a/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go
@@ -245,11 +245,9 @@ func (x *Duration) check() uint {
 
 func (x *Duration) Reset() {
 	*x = Duration{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_duration_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_duration_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Duration) String() string {
@@ -260,7 +258,7 @@ func (*Duration) ProtoMessage() {}
 
 func (x *Duration) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_duration_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -339,20 +337,6 @@ func file_google_protobuf_duration_proto_init() {
 	if File_google_protobuf_duration_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_duration_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*Duration); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go b/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go
index d87b4fb828..1761bc9c69 100644
--- a/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go
@@ -55,11 +55,9 @@ type Empty struct {
 
 func (x *Empty) Reset() {
 	*x = Empty{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_empty_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_empty_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Empty) String() string {
@@ -70,7 +68,7 @@ func (*Empty) ProtoMessage() {}
 
 func (x *Empty) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_empty_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -131,20 +129,6 @@ func file_google_protobuf_empty_proto_init() {
 	if File_google_protobuf_empty_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_empty_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*Empty); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go b/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
index ac1e91bb6d..19de8d371f 100644
--- a/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/fieldmaskpb/field_mask.pb.go
@@ -467,11 +467,9 @@ func rangeFields(path string, f func(field string) bool) bool {
 
 func (x *FieldMask) Reset() {
 	*x = FieldMask{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_field_mask_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_field_mask_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FieldMask) String() string {
@@ -482,7 +480,7 @@ func (*FieldMask) ProtoMessage() {}
 
 func (x *FieldMask) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_field_mask_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -553,20 +551,6 @@ func file_google_protobuf_field_mask_proto_init() {
 	if File_google_protobuf_field_mask_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_field_mask_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*FieldMask); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go b/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
index d45361cbc7..8f206a6611 100644
--- a/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/structpb/struct.pb.go
@@ -120,6 +120,7 @@ package structpb
 
 import (
 	base64 "encoding/base64"
+	json "encoding/json"
 	protojson "google.golang.org/protobuf/encoding/protojson"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
@@ -233,11 +234,9 @@ func (x *Struct) UnmarshalJSON(b []byte) error {
 
 func (x *Struct) Reset() {
 	*x = Struct{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_struct_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_struct_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Struct) String() string {
@@ -248,7 +247,7 @@ func (*Struct) ProtoMessage() {}
 
 func (x *Struct) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_struct_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -296,19 +295,20 @@ type Value struct {
 
 // NewValue constructs a Value from a general-purpose Go interface.
 //
-//	╔════════════════════════╤════════════════════════════════════════════╗
-//	║ Go type                │ Conversion                                 ║
-//	╠════════════════════════╪════════════════════════════════════════════╣
-//	║ nil                    │ stored as NullValue                        ║
-//	║ bool                   │ stored as BoolValue                        ║
-//	║ int, int32, int64      │ stored as NumberValue                      ║
-//	║ uint, uint32, uint64   │ stored as NumberValue                      ║
-//	║ float32, float64       │ stored as NumberValue                      ║
-//	║ string                 │ stored as StringValue; must be valid UTF-8 ║
-//	║ []byte                 │ stored as StringValue; base64-encoded      ║
-//	║ map[string]any         │ stored as StructValue                      ║
-//	║ []any                  │ stored as ListValue                        ║
-//	╚════════════════════════╧════════════════════════════════════════════╝
+//	╔═══════════════════════════════════════╤════════════════════════════════════════════╗
+//	║ Go type                               │ Conversion                                 ║
+//	╠═══════════════════════════════════════╪════════════════════════════════════════════╣
+//	║ nil                                   │ stored as NullValue                        ║
+//	║ bool                                  │ stored as BoolValue                        ║
+//	║ int, int8, int16, int32, int64        │ stored as NumberValue                      ║
+//	║ uint, uint8, uint16, uint32, uint64   │ stored as NumberValue                      ║
+//	║ float32, float64                      │ stored as NumberValue                      ║
+//	║ json.Number                           │ stored as NumberValue                      ║
+//	║ string                                │ stored as StringValue; must be valid UTF-8 ║
+//	║ []byte                                │ stored as StringValue; base64-encoded      ║
+//	║ map[string]any                        │ stored as StructValue                      ║
+//	║ []any                                 │ stored as ListValue                        ║
+//	╚═══════════════════════════════════════╧════════════════════════════════════════════╝
 //
 // When converting an int64 or uint64 to a NumberValue, numeric precision loss
 // is possible since they are stored as a float64.
@@ -320,12 +320,20 @@ func NewValue(v any) (*Value, error) {
 		return NewBoolValue(v), nil
 	case int:
 		return NewNumberValue(float64(v)), nil
+	case int8:
+		return NewNumberValue(float64(v)), nil
+	case int16:
+		return NewNumberValue(float64(v)), nil
 	case int32:
 		return NewNumberValue(float64(v)), nil
 	case int64:
 		return NewNumberValue(float64(v)), nil
 	case uint:
 		return NewNumberValue(float64(v)), nil
+	case uint8:
+		return NewNumberValue(float64(v)), nil
+	case uint16:
+		return NewNumberValue(float64(v)), nil
 	case uint32:
 		return NewNumberValue(float64(v)), nil
 	case uint64:
@@ -334,6 +342,12 @@ func NewValue(v any) (*Value, error) {
 		return NewNumberValue(float64(v)), nil
 	case float64:
 		return NewNumberValue(float64(v)), nil
+	case json.Number:
+		n, err := v.Float64()
+		if err != nil {
+			return nil, protoimpl.X.NewError("invalid number format %q, expected a float64: %v", v, err)
+		}
+		return NewNumberValue(n), nil
 	case string:
 		if !utf8.ValidString(v) {
 			return nil, protoimpl.X.NewError("invalid UTF-8 in string: %q", v)
@@ -441,11 +455,9 @@ func (x *Value) UnmarshalJSON(b []byte) error {
 
 func (x *Value) Reset() {
 	*x = Value{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_struct_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_struct_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Value) String() string {
@@ -456,7 +468,7 @@ func (*Value) ProtoMessage() {}
 
 func (x *Value) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_struct_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -613,11 +625,9 @@ func (x *ListValue) UnmarshalJSON(b []byte) error {
 
 func (x *ListValue) Reset() {
 	*x = ListValue{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_struct_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_struct_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ListValue) String() string {
@@ -628,7 +638,7 @@ func (*ListValue) ProtoMessage() {}
 
 func (x *ListValue) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_struct_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -742,44 +752,6 @@ func file_google_protobuf_struct_proto_init() {
 	if File_google_protobuf_struct_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_struct_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*Struct); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_struct_proto_msgTypes[1].Exporter = func(v any, i int) any {
-			switch v := v.(*Value); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_struct_proto_msgTypes[2].Exporter = func(v any, i int) any {
-			switch v := v.(*ListValue); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	file_google_protobuf_struct_proto_msgTypes[1].OneofWrappers = []any{
 		(*Value_NullValue)(nil),
 		(*Value_NumberValue)(nil),
diff --git a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
index 83a5a645b0..0d20722d70 100644
--- a/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go
@@ -254,11 +254,9 @@ func (x *Timestamp) check() uint {
 
 func (x *Timestamp) Reset() {
 	*x = Timestamp{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_timestamp_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_timestamp_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Timestamp) String() string {
@@ -269,7 +267,7 @@ func (*Timestamp) ProtoMessage() {}
 
 func (x *Timestamp) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_timestamp_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -348,20 +346,6 @@ func file_google_protobuf_timestamp_proto_init() {
 	if File_google_protobuf_timestamp_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_timestamp_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*Timestamp); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go b/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go
index e473f826aa..006060e569 100644
--- a/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go
+++ b/vendor/google.golang.org/protobuf/types/known/wrapperspb/wrappers.pb.go
@@ -69,11 +69,9 @@ func Double(v float64) *DoubleValue {
 
 func (x *DoubleValue) Reset() {
 	*x = DoubleValue{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_wrappers_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_wrappers_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *DoubleValue) String() string {
@@ -84,7 +82,7 @@ func (*DoubleValue) ProtoMessage() {}
 
 func (x *DoubleValue) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_wrappers_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -125,11 +123,9 @@ func Float(v float32) *FloatValue {
 
 func (x *FloatValue) Reset() {
 	*x = FloatValue{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_wrappers_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_wrappers_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *FloatValue) String() string {
@@ -140,7 +136,7 @@ func (*FloatValue) ProtoMessage() {}
 
 func (x *FloatValue) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_wrappers_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -181,11 +177,9 @@ func Int64(v int64) *Int64Value {
 
 func (x *Int64Value) Reset() {
 	*x = Int64Value{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_wrappers_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_wrappers_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Int64Value) String() string {
@@ -196,7 +190,7 @@ func (*Int64Value) ProtoMessage() {}
 
 func (x *Int64Value) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_wrappers_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -237,11 +231,9 @@ func UInt64(v uint64) *UInt64Value {
 
 func (x *UInt64Value) Reset() {
 	*x = UInt64Value{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_wrappers_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_wrappers_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *UInt64Value) String() string {
@@ -252,7 +244,7 @@ func (*UInt64Value) ProtoMessage() {}
 
 func (x *UInt64Value) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_wrappers_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -293,11 +285,9 @@ func Int32(v int32) *Int32Value {
 
 func (x *Int32Value) Reset() {
 	*x = Int32Value{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_wrappers_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_wrappers_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *Int32Value) String() string {
@@ -308,7 +298,7 @@ func (*Int32Value) ProtoMessage() {}
 
 func (x *Int32Value) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_wrappers_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -349,11 +339,9 @@ func UInt32(v uint32) *UInt32Value {
 
 func (x *UInt32Value) Reset() {
 	*x = UInt32Value{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_wrappers_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_wrappers_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *UInt32Value) String() string {
@@ -364,7 +352,7 @@ func (*UInt32Value) ProtoMessage() {}
 
 func (x *UInt32Value) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_wrappers_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -405,11 +393,9 @@ func Bool(v bool) *BoolValue {
 
 func (x *BoolValue) Reset() {
 	*x = BoolValue{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_wrappers_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_wrappers_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *BoolValue) String() string {
@@ -420,7 +406,7 @@ func (*BoolValue) ProtoMessage() {}
 
 func (x *BoolValue) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_wrappers_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -461,11 +447,9 @@ func String(v string) *StringValue {
 
 func (x *StringValue) Reset() {
 	*x = StringValue{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_wrappers_proto_msgTypes[7]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_wrappers_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *StringValue) String() string {
@@ -476,7 +460,7 @@ func (*StringValue) ProtoMessage() {}
 
 func (x *StringValue) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_wrappers_proto_msgTypes[7]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -517,11 +501,9 @@ func Bytes(v []byte) *BytesValue {
 
 func (x *BytesValue) Reset() {
 	*x = BytesValue{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_google_protobuf_wrappers_proto_msgTypes[8]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_google_protobuf_wrappers_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *BytesValue) String() string {
@@ -532,7 +514,7 @@ func (*BytesValue) ProtoMessage() {}
 
 func (x *BytesValue) ProtoReflect() protoreflect.Message {
 	mi := &file_google_protobuf_wrappers_proto_msgTypes[8]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -629,116 +611,6 @@ func file_google_protobuf_wrappers_proto_init() {
 	if File_google_protobuf_wrappers_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_google_protobuf_wrappers_proto_msgTypes[0].Exporter = func(v any, i int) any {
-			switch v := v.(*DoubleValue); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_wrappers_proto_msgTypes[1].Exporter = func(v any, i int) any {
-			switch v := v.(*FloatValue); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_wrappers_proto_msgTypes[2].Exporter = func(v any, i int) any {
-			switch v := v.(*Int64Value); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_wrappers_proto_msgTypes[3].Exporter = func(v any, i int) any {
-			switch v := v.(*UInt64Value); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_wrappers_proto_msgTypes[4].Exporter = func(v any, i int) any {
-			switch v := v.(*Int32Value); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_wrappers_proto_msgTypes[5].Exporter = func(v any, i int) any {
-			switch v := v.(*UInt32Value); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_wrappers_proto_msgTypes[6].Exporter = func(v any, i int) any {
-			switch v := v.(*BoolValue); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_wrappers_proto_msgTypes[7].Exporter = func(v any, i int) any {
-			switch v := v.(*StringValue); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_google_protobuf_wrappers_proto_msgTypes[8].Exporter = func(v any, i int) any {
-			switch v := v.(*BytesValue); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/helm.sh/helm/v3/internal/resolver/resolver.go b/vendor/helm.sh/helm/v3/internal/resolver/resolver.go
index c5fc636433..b6f45da9e2 100644
--- a/vendor/helm.sh/helm/v3/internal/resolver/resolver.go
+++ b/vendor/helm.sh/helm/v3/internal/resolver/resolver.go
@@ -172,7 +172,7 @@ func (r *Resolver) Resolve(reqs []*chart.Dependency, repoNames map[string]string
 			Repository: d.Repository,
 			Version:    version,
 		}
-		// The version are already sorted and hence the first one to satisfy the constraint is used
+		// The versions are already sorted and hence the first one to satisfy the constraint is used
 		for _, ver := range vs {
 			v, err := semver.NewVersion(ver.Version)
 			// OCI does not need URLs
diff --git a/vendor/helm.sh/helm/v3/internal/third_party/dep/fs/fs.go b/vendor/helm.sh/helm/v3/internal/third_party/dep/fs/fs.go
index 4e4eacc60d..d29bb5f871 100644
--- a/vendor/helm.sh/helm/v3/internal/third_party/dep/fs/fs.go
+++ b/vendor/helm.sh/helm/v3/internal/third_party/dep/fs/fs.go
@@ -260,7 +260,7 @@ func fixLongPath(path string) string {
 	// minus 12)." Since MAX_PATH is 260, 260 - 12 = 248.
 	//
 	// The MSDN docs appear to say that a normal path that is 248 bytes long
-	// will work; empirically the path must be less then 248 bytes long.
+	// will work; empirically the path must be less than 248 bytes long.
 	if len(path) < 248 {
 		// Don't fix. (This is how Go 1.7 and earlier worked,
 		// not automatically generating the \\?\ form)
diff --git a/vendor/helm.sh/helm/v3/internal/tlsutil/tls.go b/vendor/helm.sh/helm/v3/internal/tlsutil/tls.go
index dc832ed80e..7cd1dace96 100644
--- a/vendor/helm.sh/helm/v3/internal/tlsutil/tls.go
+++ b/vendor/helm.sh/helm/v3/internal/tlsutil/tls.go
@@ -65,7 +65,7 @@ func CertPoolFromFile(filename string) (*x509.CertPool, error) {
 	return cp, nil
 }
 
-// CertFromFilePair returns an tls.Certificate containing the
+// CertFromFilePair returns a tls.Certificate containing the
 // certificates public/private key pair from a pair of given PEM-encoded files.
 // Returns an error if the file could not be read, a certificate could not
 // be parsed, or if the file does not contain any certificates
diff --git a/vendor/helm.sh/helm/v3/pkg/action/install.go b/vendor/helm.sh/helm/v3/pkg/action/install.go
index f0292a0a3f..7ca40c88aa 100644
--- a/vendor/helm.sh/helm/v3/pkg/action/install.go
+++ b/vendor/helm.sh/helm/v3/pkg/action/install.go
@@ -55,7 +55,7 @@ import (
 	"helm.sh/helm/v3/pkg/storage/driver"
 )
 
-// NOTESFILE_SUFFIX that we want to treat special. It goes through the templating engine
+// notesFileSuffix that we want to treat special. It goes through the templating engine
 // but it's not a yaml file (resource) hence can't have hooks, etc. And the user actually
 // wants to see this file after rendering in the status command. However, it must be a suffix
 // since there can be filepath in front of it.
@@ -307,7 +307,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma
 	}
 
 	if driver.ContainsSystemLabels(i.Labels) {
-		return nil, fmt.Errorf("user suplied labels contains system reserved label name. System labels: %+v", driver.GetSystemLabels())
+		return nil, fmt.Errorf("user supplied labels contains system reserved label name. System labels: %+v", driver.GetSystemLabels())
 	}
 
 	rel := i.createRelease(chrt, vals, i.Labels)
@@ -389,7 +389,7 @@ func (i *Install) RunWithContext(ctx context.Context, chrt *chart.Chart, vals ma
 		}
 	}
 
-	// If Replace is true, we need to supercede the last release.
+	// If Replace is true, we need to supersede the last release.
 	if i.Replace {
 		if err := i.replaceRelease(rel); err != nil {
 			return nil, err
@@ -631,7 +631,7 @@ func createOrOpenFile(filename string, append bool) (*os.File, error) {
 	return os.Create(filename)
 }
 
-// check if the directory exists to create file. creates if don't exists
+// check if the directory exists to create file. creates if doesn't exist
 func ensureDirectoryForFile(file string) error {
 	baseDir := path.Dir(file)
 	_, err := os.Stat(baseDir)
diff --git a/vendor/helm.sh/helm/v3/pkg/action/upgrade.go b/vendor/helm.sh/helm/v3/pkg/action/upgrade.go
index 15bdae8da5..a08d68495f 100644
--- a/vendor/helm.sh/helm/v3/pkg/action/upgrade.go
+++ b/vendor/helm.sh/helm/v3/pkg/action/upgrade.go
@@ -279,7 +279,7 @@ func (u *Upgrade) prepareUpgrade(name string, chart *chart.Chart, vals map[strin
 	}
 
 	if driver.ContainsSystemLabels(u.Labels) {
-		return nil, nil, fmt.Errorf("user suplied labels contains system reserved label name. System labels: %+v", driver.GetSystemLabels())
+		return nil, nil, fmt.Errorf("user supplied labels contains system reserved label name. System labels: %+v", driver.GetSystemLabels())
 	}
 
 	// Store an upgraded release.
diff --git a/vendor/helm.sh/helm/v3/pkg/chart/loader/archive.go b/vendor/helm.sh/helm/v3/pkg/chart/loader/archive.go
index 196e5f81d6..8bb5493465 100644
--- a/vendor/helm.sh/helm/v3/pkg/chart/loader/archive.go
+++ b/vendor/helm.sh/helm/v3/pkg/chart/loader/archive.go
@@ -101,7 +101,7 @@ func ensureArchive(name string, raw *os.File) error {
 	return nil
 }
 
-// isGZipApplication checks whether the achieve is of the application/x-gzip type.
+// isGZipApplication checks whether the archive is of the application/x-gzip type.
 func isGZipApplication(data []byte) bool {
 	sig := []byte("\x1F\x8B\x08")
 	return bytes.HasPrefix(data, sig)
diff --git a/vendor/helm.sh/helm/v3/pkg/chartutil/dependencies.go b/vendor/helm.sh/helm/v3/pkg/chartutil/dependencies.go
index 205d99e093..36a3419272 100644
--- a/vendor/helm.sh/helm/v3/pkg/chartutil/dependencies.go
+++ b/vendor/helm.sh/helm/v3/pkg/chartutil/dependencies.go
@@ -137,7 +137,7 @@ func processDependencyEnabled(c *chart.Chart, v map[string]interface{}, path str
 	// If any dependency is not a part of Chart.yaml
 	// then this should be added to chartDependencies.
 	// However, if the dependency is already specified in Chart.yaml
-	// we should not add it, as it would be anyways processed from Chart.yaml
+	// we should not add it, as it would be processed from Chart.yaml anyway.
 
 Loop:
 	for _, existing := range c.Dependencies() {
diff --git a/vendor/helm.sh/helm/v3/pkg/cli/output/output.go b/vendor/helm.sh/helm/v3/pkg/cli/output/output.go
index a46c977ad9..01649c812f 100644
--- a/vendor/helm.sh/helm/v3/pkg/cli/output/output.go
+++ b/vendor/helm.sh/helm/v3/pkg/cli/output/output.go
@@ -73,7 +73,7 @@ func (o Format) Write(out io.Writer, w Writer) error {
 }
 
 // ParseFormat takes a raw string and returns the matching Format.
-// If the format does not exists, ErrInvalidFormatType is returned
+// If the format does not exist, ErrInvalidFormatType is returned
 func ParseFormat(s string) (out Format, err error) {
 	switch s {
 	case Table.String():
diff --git a/vendor/helm.sh/helm/v3/pkg/downloader/manager.go b/vendor/helm.sh/helm/v3/pkg/downloader/manager.go
index d5340575d1..ec4056d275 100644
--- a/vendor/helm.sh/helm/v3/pkg/downloader/manager.go
+++ b/vendor/helm.sh/helm/v3/pkg/downloader/manager.go
@@ -173,7 +173,7 @@ func (m *Manager) Update() error {
 	// has some information about them and, when possible, the index files
 	// locally.
 	// TODO(mattfarina): Repositories should be explicitly added by end users
-	// rather than automattic. In Helm v4 require users to add repositories. They
+	// rather than automatic. In Helm v4 require users to add repositories. They
 	// should have to add them in order to make sure they are aware of the
 	// repositories and opt-in to any locations, for security.
 	repoNames, err = m.ensureMissingRepos(repoNames, req)
diff --git a/vendor/helm.sh/helm/v3/pkg/engine/engine.go b/vendor/helm.sh/helm/v3/pkg/engine/engine.go
index 058cfa7493..df3a600a39 100644
--- a/vendor/helm.sh/helm/v3/pkg/engine/engine.go
+++ b/vendor/helm.sh/helm/v3/pkg/engine/engine.go
@@ -169,7 +169,7 @@ func tplFun(parent *template.Template, includedNames map[string]int, strict bool
 		})
 
 		// We need a .New template, as template text which is just blanks
-		// or comments after parsing out defines just addes new named
+		// or comments after parsing out defines just adds new named
 		// template definitions without changing the main template.
 		// https://pkg.go.dev/text/template#Template.Parse
 		// Use the parent's name for lack of a better way to identify the tpl
diff --git a/vendor/helm.sh/helm/v3/pkg/engine/lookup_func.go b/vendor/helm.sh/helm/v3/pkg/engine/lookup_func.go
index 86a7d698ca..75e85098d1 100644
--- a/vendor/helm.sh/helm/v3/pkg/engine/lookup_func.go
+++ b/vendor/helm.sh/helm/v3/pkg/engine/lookup_func.go
@@ -131,7 +131,7 @@ func getAPIResourceForGVK(gvk schema.GroupVersionKind, config *rest.Config) (met
 		return res, err
 	}
 	for _, resource := range resList.APIResources {
-		// if a resource contains a "/" it's referencing a subresource. we don't support suberesource for now.
+		// if a resource contains a "/" it's referencing a subresource. we don't support subresource for now.
 		if resource.Kind == gvk.Kind && !strings.Contains(resource.Name, "/") {
 			res = resource
 			res.Group = gvk.Group
diff --git a/vendor/helm.sh/helm/v3/pkg/helmpath/lazypath.go b/vendor/helm.sh/helm/v3/pkg/helmpath/lazypath.go
index 22d7bf0a1b..6b4f1fc770 100644
--- a/vendor/helm.sh/helm/v3/pkg/helmpath/lazypath.go
+++ b/vendor/helm.sh/helm/v3/pkg/helmpath/lazypath.go
@@ -34,7 +34,7 @@ const (
 	DataHomeEnvVar = "HELM_DATA_HOME"
 )
 
-// lazypath is an lazy-loaded path buffer for the XDG base directory specification.
+// lazypath is a lazy-loaded path buffer for the XDG base directory specification.
 type lazypath string
 
 func (l lazypath) path(helmEnvVar, xdgEnvVar string, defaultFn func() string, elem ...string) string {
diff --git a/vendor/helm.sh/helm/v3/pkg/ignore/doc.go b/vendor/helm.sh/helm/v3/pkg/ignore/doc.go
index 5245d410ee..1f5e918477 100644
--- a/vendor/helm.sh/helm/v3/pkg/ignore/doc.go
+++ b/vendor/helm.sh/helm/v3/pkg/ignore/doc.go
@@ -26,7 +26,7 @@ The formatting rules are as follows:
 
   - Parsing is line-by-line
   - Empty lines are ignored
-  - Lines the begin with # (comments) will be ignored
+  - Lines that begin with # (comments) will be ignored
   - Leading and trailing spaces are always ignored
   - Inline comments are NOT supported ('foo* # Any foo' does not contain a comment)
   - There is no support for multi-line patterns
diff --git a/vendor/helm.sh/helm/v3/pkg/kube/client.go b/vendor/helm.sh/helm/v3/pkg/kube/client.go
index 9df833a434..d979fd22cd 100644
--- a/vendor/helm.sh/helm/v3/pkg/kube/client.go
+++ b/vendor/helm.sh/helm/v3/pkg/kube/client.go
@@ -124,7 +124,7 @@ func (c *Client) getKubeClient() (*kubernetes.Clientset, error) {
 func (c *Client) IsReachable() error {
 	client, err := c.getKubeClient()
 	if err == genericclioptions.ErrEmptyConfig {
-		// re-replace kubernetes ErrEmptyConfig error with a friendy error
+		// re-replace kubernetes ErrEmptyConfig error with a friendly error
 		// moar workarounds for Kubernetes API breaking.
 		return errors.New("Kubernetes cluster unreachable")
 	}
@@ -635,7 +635,7 @@ func createPatch(target *resource.Info, current runtime.Object) ([]byte, types.P
 	// Get a versioned object
 	versionedObject := AsVersioned(target)
 
-	// Unstructured objects, such as CRDs, may not have an not registered error
+	// Unstructured objects, such as CRDs, may not have a not registered error
 	// returned from ConvertToVersion. Anything that's unstructured should
 	// use the jsonpatch.CreateMergePatch. Strategic Merge Patch is not supported
 	// on objects like CRDs.
diff --git a/vendor/helm.sh/helm/v3/pkg/kube/ready.go b/vendor/helm.sh/helm/v3/pkg/kube/ready.go
index b2d26ba761..55c4a39bf1 100644
--- a/vendor/helm.sh/helm/v3/pkg/kube/ready.go
+++ b/vendor/helm.sh/helm/v3/pkg/kube/ready.go
@@ -426,7 +426,7 @@ func (c *ReadyChecker) statefulSetReady(sts *appsv1.StatefulSet) bool {
 		return false
 	}
 	// This check only makes sense when all partitions are being upgraded otherwise during a
-	// partioned rolling upgrade, this condition will never evaluate to true, leading to
+	// partitioned rolling upgrade, this condition will never evaluate to true, leading to
 	// error.
 	if partition == 0 && sts.Status.CurrentRevision != sts.Status.UpdateRevision {
 		c.log("StatefulSet is not ready: %s/%s. currentRevision %s does not yet match updateRevision %s", sts.Namespace, sts.Name, sts.Status.CurrentRevision, sts.Status.UpdateRevision)
diff --git a/vendor/helm.sh/helm/v3/pkg/registry/util.go b/vendor/helm.sh/helm/v3/pkg/registry/util.go
index 45fbdd0b51..727cdae033 100644
--- a/vendor/helm.sh/helm/v3/pkg/registry/util.go
+++ b/vendor/helm.sh/helm/v3/pkg/registry/util.go
@@ -65,8 +65,7 @@ func GetTagMatchingVersionOrConstraint(tags []string, versionString string) (str
 		// If string is empty, set wildcard constraint
 		constraint, _ = semver.NewConstraint("*")
 	} else {
-		// when customer input exact version, check whether have exact match
-		// one first
+		// when customer inputs specific version, check whether there's an exact match first
 		for _, v := range tags {
 			if versionString == v {
 				return v, nil
diff --git a/vendor/helm.sh/helm/v3/pkg/release/status.go b/vendor/helm.sh/helm/v3/pkg/release/status.go
index e0e3ed62a9..edd27a5f14 100644
--- a/vendor/helm.sh/helm/v3/pkg/release/status.go
+++ b/vendor/helm.sh/helm/v3/pkg/release/status.go
@@ -31,13 +31,13 @@ const (
 	StatusSuperseded Status = "superseded"
 	// StatusFailed indicates that the release was not successfully deployed.
 	StatusFailed Status = "failed"
-	// StatusUninstalling indicates that a uninstall operation is underway.
+	// StatusUninstalling indicates that an uninstall operation is underway.
 	StatusUninstalling Status = "uninstalling"
 	// StatusPendingInstall indicates that an install operation is underway.
 	StatusPendingInstall Status = "pending-install"
 	// StatusPendingUpgrade indicates that an upgrade operation is underway.
 	StatusPendingUpgrade Status = "pending-upgrade"
-	// StatusPendingRollback indicates that an rollback operation is underway.
+	// StatusPendingRollback indicates that a rollback operation is underway.
 	StatusPendingRollback Status = "pending-rollback"
 )
 
diff --git a/vendor/helm.sh/helm/v3/pkg/repo/index.go b/vendor/helm.sh/helm/v3/pkg/repo/index.go
index 40b11c5cf2..e1ce3c62dd 100644
--- a/vendor/helm.sh/helm/v3/pkg/repo/index.go
+++ b/vendor/helm.sh/helm/v3/pkg/repo/index.go
@@ -200,7 +200,7 @@ func (i IndexFile) Get(name, version string) (*ChartVersion, error) {
 		}
 	}
 
-	// when customer input exact version, check whether have exact match one first
+	// when customer inputs specific version, check whether there's an exact match first
 	if len(version) != 0 {
 		for _, ver := range vs {
 			if version == ver.Version {
@@ -371,6 +371,8 @@ func loadIndex(data []byte, source string) (*IndexFile, error) {
 				cvs = append(cvs[:idx], cvs[idx+1:]...)
 			}
 		}
+		// adjust slice to only contain a set of valid versions
+		i.Entries[name] = cvs
 	}
 	i.SortEntries()
 	if i.APIVersion == "" {
@@ -397,7 +399,7 @@ func jsonOrYamlUnmarshal(b []byte, i interface{}) error {
 // the error isn't important for index loading
 //
 // In particular, charts may introduce validations that don't impact repository indexes
-// And repository indexes may be generated by older/non-complient software, which doesn't
+// And repository indexes may be generated by older/non-compliant software, which doesn't
 // conform to all validations.
 func ignoreSkippableChartValidationError(err error) error {
 	verr, ok := err.(chart.ValidationError)
diff --git a/vendor/helm.sh/helm/v3/pkg/storage/driver/sql.go b/vendor/helm.sh/helm/v3/pkg/storage/driver/sql.go
index 2ef951184b..33bde9b6a4 100644
--- a/vendor/helm.sh/helm/v3/pkg/storage/driver/sql.go
+++ b/vendor/helm.sh/helm/v3/pkg/storage/driver/sql.go
@@ -72,8 +72,8 @@ const (
 
 // Following limits based on k8s labels limits - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
 const (
-	sqlCustomLabelsTableKeyMaxLenght   = 253 + 1 + 63
-	sqlCustomLabelsTableValueMaxLenght = 63
+	sqlCustomLabelsTableKeyMaxLength   = 253 + 1 + 63
+	sqlCustomLabelsTableValueMaxLength = 63
 )
 
 const (
@@ -119,7 +119,7 @@ func (s *SQL) checkAlreadyApplied(migrations []*migrate.Migration) bool {
 		}
 	}
 
-	// check if all migrations appliyed
+	// check if all migrations applied
 	if len(migrationsIDs) != 0 {
 		for id := range migrationsIDs {
 			s.Log("checkAlreadyApplied: find unapplied migration (id: %v)", id)
@@ -204,7 +204,7 @@ func (s *SQL) ensureDBSetup() error {
 						CREATE TABLE %s (
 							%s VARCHAR(64),
 							%s VARCHAR(67),
-							%s VARCHAR(%d), 
+							%s VARCHAR(%d),
 							%s VARCHAR(%d)
 						);
 						CREATE INDEX ON %s (%s, %s);
@@ -216,9 +216,9 @@ func (s *SQL) ensureDBSetup() error {
 						sqlCustomLabelsTableReleaseKeyColumn,
 						sqlCustomLabelsTableReleaseNamespaceColumn,
 						sqlCustomLabelsTableKeyColumn,
-						sqlCustomLabelsTableKeyMaxLenght,
+						sqlCustomLabelsTableKeyMaxLength,
 						sqlCustomLabelsTableValueColumn,
-						sqlCustomLabelsTableValueMaxLenght,
+						sqlCustomLabelsTableValueMaxLength,
 						sqlCustomLabelsTableName,
 						sqlCustomLabelsTableReleaseKeyColumn,
 						sqlCustomLabelsTableReleaseNamespaceColumn,
diff --git a/vendor/helm.sh/helm/v3/pkg/strvals/parser.go b/vendor/helm.sh/helm/v3/pkg/strvals/parser.go
index 2828f20c08..a0e8d66d15 100644
--- a/vendor/helm.sh/helm/v3/pkg/strvals/parser.go
+++ b/vendor/helm.sh/helm/v3/pkg/strvals/parser.go
@@ -436,7 +436,7 @@ func (t *parser) listItem(list []interface{}, i, nestedNameLevel int) ([]interfa
 
 // check for an empty value
 // read and consume optional spaces until comma or EOF (empty val) or any other char (not empty val)
-// comma and spaces are consumed, while any other char is not cosumed
+// comma and spaces are consumed, while any other char is not consumed
 func (t *parser) emptyVal() (bool, error) {
 	for {
 		r, _, e := t.sc.ReadRune()
diff --git a/vendor/helm.sh/helm/v3/pkg/time/time.go b/vendor/helm.sh/helm/v3/pkg/time/time.go
index 44f3fedfb2..1abe8ae3d8 100644
--- a/vendor/helm.sh/helm/v3/pkg/time/time.go
+++ b/vendor/helm.sh/helm/v3/pkg/time/time.go
@@ -15,7 +15,7 @@ limitations under the License.
 */
 
 // Package time contains a wrapper for time.Time in the standard library and
-// associated methods. This package mainly exists to workaround an issue in Go
+// associated methods. This package mainly exists to work around an issue in Go
 // where the serializer doesn't omit an empty value for time:
 // https://github.com/golang/go/issues/11939. As such, this can be removed if a
 // proposal is ever accepted for Go
diff --git a/vendor/k8s.io/kubectl/pkg/util/apply.go b/vendor/k8s.io/kubectl/pkg/util/apply.go
new file mode 100644
index 0000000000..77ea593842
--- /dev/null
+++ b/vendor/k8s.io/kubectl/pkg/util/apply.go
@@ -0,0 +1,146 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+var metadataAccessor = meta.NewAccessor()
+
+// GetOriginalConfiguration retrieves the original configuration of the object
+// from the annotation, or nil if no annotation was found.
+func GetOriginalConfiguration(obj runtime.Object) ([]byte, error) {
+	annots, err := metadataAccessor.Annotations(obj)
+	if err != nil {
+		return nil, err
+	}
+
+	if annots == nil {
+		return nil, nil
+	}
+
+	original, ok := annots[v1.LastAppliedConfigAnnotation]
+	if !ok {
+		return nil, nil
+	}
+
+	return []byte(original), nil
+}
+
+// SetOriginalConfiguration sets the original configuration of the object
+// as the annotation on the object for later use in computing a three way patch.
+func setOriginalConfiguration(obj runtime.Object, original []byte) error {
+	if len(original) < 1 {
+		return nil
+	}
+
+	annots, err := metadataAccessor.Annotations(obj)
+	if err != nil {
+		return err
+	}
+
+	if annots == nil {
+		annots = map[string]string{}
+	}
+
+	annots[v1.LastAppliedConfigAnnotation] = string(original)
+	return metadataAccessor.SetAnnotations(obj, annots)
+}
+
+// GetModifiedConfiguration retrieves the modified configuration of the object.
+// If annotate is true, it embeds the result as an annotation in the modified
+// configuration. If an object was read from the command input, it will use that
+// version of the object. Otherwise, it will use the version from the server.
+func GetModifiedConfiguration(obj runtime.Object, annotate bool, codec runtime.Encoder) ([]byte, error) {
+	// First serialize the object without the annotation to prevent recursion,
+	// then add that serialization to it as the annotation and serialize it again.
+	var modified []byte
+
+	// Otherwise, use the server side version of the object.
+	// Get the current annotations from the object.
+	annots, err := metadataAccessor.Annotations(obj)
+	if err != nil {
+		return nil, err
+	}
+
+	if annots == nil {
+		annots = map[string]string{}
+	}
+
+	original := annots[v1.LastAppliedConfigAnnotation]
+	delete(annots, v1.LastAppliedConfigAnnotation)
+	if err := metadataAccessor.SetAnnotations(obj, annots); err != nil {
+		return nil, err
+	}
+
+	modified, err = runtime.Encode(codec, obj)
+	if err != nil {
+		return nil, err
+	}
+
+	if annotate {
+		annots[v1.LastAppliedConfigAnnotation] = string(modified)
+		if err := metadataAccessor.SetAnnotations(obj, annots); err != nil {
+			return nil, err
+		}
+
+		modified, err = runtime.Encode(codec, obj)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Restore the object to its original condition.
+	annots[v1.LastAppliedConfigAnnotation] = original
+	if err := metadataAccessor.SetAnnotations(obj, annots); err != nil {
+		return nil, err
+	}
+
+	return modified, nil
+}
+
+// updateApplyAnnotation calls CreateApplyAnnotation if the last applied
+// configuration annotation is already present. Otherwise, it does nothing.
+func updateApplyAnnotation(obj runtime.Object, codec runtime.Encoder) error {
+	if original, err := GetOriginalConfiguration(obj); err != nil || len(original) <= 0 {
+		return err
+	}
+	return CreateApplyAnnotation(obj, codec)
+}
+
+// CreateApplyAnnotation gets the modified configuration of the object,
+// without embedding it again, and then sets it on the object as the annotation.
+func CreateApplyAnnotation(obj runtime.Object, codec runtime.Encoder) error {
+	modified, err := GetModifiedConfiguration(obj, false, codec)
+	if err != nil {
+		return err
+	}
+	return setOriginalConfiguration(obj, modified)
+}
+
+// CreateOrUpdateAnnotation creates the annotation used by
+// kubectl apply only when createAnnotation is true
+// Otherwise, only update the annotation when it already exists
+func CreateOrUpdateAnnotation(createAnnotation bool, obj runtime.Object, codec runtime.Encoder) error {
+	if createAnnotation {
+		return CreateApplyAnnotation(obj, codec)
+	}
+	return updateApplyAnnotation(obj, codec)
+}
diff --git a/vendor/k8s.io/kubectl/pkg/util/pod_port.go b/vendor/k8s.io/kubectl/pkg/util/pod_port.go
new file mode 100644
index 0000000000..bcd2c72818
--- /dev/null
+++ b/vendor/k8s.io/kubectl/pkg/util/pod_port.go
@@ -0,0 +1,42 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"fmt"
+
+	"k8s.io/api/core/v1"
+)
+
+// LookupContainerPortNumberByName find containerPort number by its named port name
+func LookupContainerPortNumberByName(pod v1.Pod, name string) (int32, error) {
+	for _, ctr := range pod.Spec.Containers {
+		for _, ctrportspec := range ctr.Ports {
+			if ctrportspec.Name == name {
+				return ctrportspec.ContainerPort, nil
+			}
+		}
+	}
+	for _, ctr := range pod.Spec.InitContainers {
+		for _, ctrportspec := range ctr.Ports {
+			if ctrportspec.Name == name {
+				return ctrportspec.ContainerPort, nil
+			}
+		}
+	}
+	return int32(-1), fmt.Errorf("Pod '%s' does not have a named port '%s'", pod.Name, name)
+}
diff --git a/vendor/k8s.io/kubectl/pkg/util/podutils/podutils.go b/vendor/k8s.io/kubectl/pkg/util/podutils/podutils.go
new file mode 100644
index 0000000000..642a6d47a7
--- /dev/null
+++ b/vendor/k8s.io/kubectl/pkg/util/podutils/podutils.go
@@ -0,0 +1,251 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package podutils
+
+import (
+	"time"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// IsPodAvailable returns true if a pod is available; false otherwise.
+// Precondition for an available pod is that it must be ready. On top
+// of that, there are two cases when a pod can be considered available:
+// 1. minReadySeconds == 0, or
+// 2. LastTransitionTime (is set) + minReadySeconds < current time
+func IsPodAvailable(pod *corev1.Pod, minReadySeconds int32, now metav1.Time) bool {
+	if !IsPodReady(pod) {
+		return false
+	}
+
+	c := getPodReadyCondition(pod.Status)
+	minReadySecondsDuration := time.Duration(minReadySeconds) * time.Second
+	if minReadySeconds == 0 || !c.LastTransitionTime.IsZero() && c.LastTransitionTime.Add(minReadySecondsDuration).Before(now.Time) {
+		return true
+	}
+	return false
+}
+
+// IsPodReady returns true if a pod is ready; false otherwise.
+func IsPodReady(pod *corev1.Pod) bool {
+	return isPodReadyConditionTrue(pod.Status)
+}
+
+func isPodDeleting(pod *corev1.Pod) bool {
+	return pod.DeletionTimestamp != nil
+}
+
+// IsPodReadyConditionTrue returns true if a pod is ready; false otherwise.
+func isPodReadyConditionTrue(status corev1.PodStatus) bool {
+	condition := getPodReadyCondition(status)
+	return condition != nil && condition.Status == corev1.ConditionTrue
+}
+
+// GetPodReadyCondition extracts the pod ready condition from the given status and returns that.
+// Returns nil if the condition is not present.
+func getPodReadyCondition(status corev1.PodStatus) *corev1.PodCondition {
+	_, condition := getPodCondition(&status, corev1.PodReady)
+	return condition
+}
+
+// GetPodCondition extracts the provided condition from the given status and returns that.
+// Returns nil and -1 if the condition is not present, and the index of the located condition.
+func getPodCondition(status *corev1.PodStatus, conditionType corev1.PodConditionType) (int, *corev1.PodCondition) {
+	if status == nil {
+		return -1, nil
+	}
+	return getPodConditionFromList(status.Conditions, conditionType)
+}
+
+// GetPodConditionFromList extracts the provided condition from the given list of condition and
+// returns the index of the condition and the condition. Returns -1 and nil if the condition is not present.
+func getPodConditionFromList(conditions []corev1.PodCondition, conditionType corev1.PodConditionType) (int, *corev1.PodCondition) {
+	if conditions == nil {
+		return -1, nil
+	}
+	for i := range conditions {
+		if conditions[i].Type == conditionType {
+			return i, &conditions[i]
+		}
+	}
+	return -1, nil
+}
+
+// ByLogging allows custom sorting of pods so the best one can be picked for getting its logs.
+type ByLogging []*corev1.Pod
+
+func (s ByLogging) Len() int      { return len(s) }
+func (s ByLogging) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+
+func (s ByLogging) Less(i, j int) bool {
+	// 1. assigned < unassigned
+	if s[i].Spec.NodeName != s[j].Spec.NodeName && (len(s[i].Spec.NodeName) == 0 || len(s[j].Spec.NodeName) == 0) {
+		return len(s[i].Spec.NodeName) > 0
+	}
+	// 2. PodRunning < PodUnknown < PodPending
+	m := map[corev1.PodPhase]int{corev1.PodRunning: 0, corev1.PodUnknown: 1, corev1.PodPending: 2}
+	if m[s[i].Status.Phase] != m[s[j].Status.Phase] {
+		return m[s[i].Status.Phase] < m[s[j].Status.Phase]
+	}
+	// 3. ready < not ready
+	if IsPodReady(s[i]) != IsPodReady(s[j]) {
+		return IsPodReady(s[i])
+	}
+	// TODO: take availability into account when we push minReadySeconds information from deployment into pods,
+	//       see https://github.com/kubernetes/kubernetes/issues/22065
+	// 4. Been ready for more time < less time < empty time
+	if IsPodReady(s[i]) && IsPodReady(s[j]) && !podReadyTime(s[i]).Equal(podReadyTime(s[j])) {
+		return afterOrZero(podReadyTime(s[j]), podReadyTime(s[i]))
+	}
+	// 5. Pods with containers with higher restart counts < lower restart counts
+	if maxContainerRestarts(s[i]) != maxContainerRestarts(s[j]) {
+		return maxContainerRestarts(s[i]) > maxContainerRestarts(s[j])
+	}
+	// 6. older pods < newer pods < empty timestamp pods
+	if !s[i].CreationTimestamp.Equal(&s[j].CreationTimestamp) {
+		return afterOrZero(&s[j].CreationTimestamp, &s[i].CreationTimestamp)
+	}
+	return false
+}
+
+// ActivePods type allows custom sorting of pods so a controller can pick the best ones to delete.
+type ActivePods []*corev1.Pod
+
+func (s ActivePods) Len() int      { return len(s) }
+func (s ActivePods) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+
+func (s ActivePods) Less(i, j int) bool {
+	// 1. Unassigned < assigned
+	// If only one of the pods is unassigned, the unassigned one is smaller
+	if s[i].Spec.NodeName != s[j].Spec.NodeName && (len(s[i].Spec.NodeName) == 0 || len(s[j].Spec.NodeName) == 0) {
+		return len(s[i].Spec.NodeName) == 0
+	}
+	// 2. PodPending < PodUnknown < PodRunning
+	m := map[corev1.PodPhase]int{corev1.PodPending: 0, corev1.PodUnknown: 1, corev1.PodRunning: 2}
+	if m[s[i].Status.Phase] != m[s[j].Status.Phase] {
+		return m[s[i].Status.Phase] < m[s[j].Status.Phase]
+	}
+	// 3. Not ready < ready
+	// If only one of the pods is not ready, the not ready one is smaller
+	if IsPodReady(s[i]) != IsPodReady(s[j]) {
+		return !IsPodReady(s[i])
+	}
+	// 4. Deleting < Not deleting
+	if isPodDeleting(s[i]) != isPodDeleting(s[j]) {
+		return isPodDeleting(s[i])
+	}
+	// 5. Older deletion timestamp < newer deletion timestamp
+	if isPodDeleting(s[i]) && isPodDeleting(s[j]) && !s[i].ObjectMeta.DeletionTimestamp.Equal(s[j].ObjectMeta.DeletionTimestamp) {
+		return s[i].ObjectMeta.DeletionTimestamp.Before(s[j].ObjectMeta.DeletionTimestamp)
+	}
+	// TODO: take availability into account when we push minReadySeconds information from deployment into pods,
+	//       see https://github.com/kubernetes/kubernetes/issues/22065
+	// 6. Been ready for empty time < less time < more time
+	// If both pods are ready, the latest ready one is smaller
+	if IsPodReady(s[i]) && IsPodReady(s[j]) && !podReadyTime(s[i]).Equal(podReadyTime(s[j])) {
+		return afterOrZero(podReadyTime(s[i]), podReadyTime(s[j]))
+	}
+	// 7. Pods with containers with higher restart counts < lower restart counts
+	if maxContainerRestarts(s[i]) != maxContainerRestarts(s[j]) {
+		return maxContainerRestarts(s[i]) > maxContainerRestarts(s[j])
+	}
+	// 8. Empty creation time pods < newer pods < older pods
+	if !s[i].CreationTimestamp.Equal(&s[j].CreationTimestamp) {
+		return afterOrZero(&s[i].CreationTimestamp, &s[j].CreationTimestamp)
+	}
+	return false
+}
+
+// afterOrZero checks if time t1 is after time t2; if one of them
+// is zero, the zero time is seen as after non-zero time.
+func afterOrZero(t1, t2 *metav1.Time) bool {
+	if t1.Time.IsZero() || t2.Time.IsZero() {
+		return t1.Time.IsZero()
+	}
+	return t1.After(t2.Time)
+}
+
+func podReadyTime(pod *corev1.Pod) *metav1.Time {
+	for _, c := range pod.Status.Conditions {
+		// we only care about pod ready conditions
+		if c.Type == corev1.PodReady && c.Status == corev1.ConditionTrue {
+			return &c.LastTransitionTime
+		}
+	}
+	return &metav1.Time{}
+}
+
+func maxContainerRestarts(pod *corev1.Pod) int {
+	maxRestarts := 0
+	for _, c := range pod.Status.ContainerStatuses {
+		maxRestarts = max(maxRestarts, int(c.RestartCount))
+	}
+	return maxRestarts
+}
+
+// ContainerType and VisitContainers are taken from
+// https://github.com/kubernetes/kubernetes/blob/master/pkg/api/v1/pod/util.go
+// kubectl cannot directly import this due to project goals
+
+// ContainerType signifies container type
+type ContainerType int
+
+const (
+	// Containers is for normal containers
+	Containers ContainerType = 1 << iota
+	// InitContainers is for init containers
+	InitContainers
+	// EphemeralContainers is for ephemeral containers
+	EphemeralContainers
+)
+
+// AllContainers specifies that all containers be visited.
+const AllContainers ContainerType = (InitContainers | Containers | EphemeralContainers)
+
+// ContainerVisitor is called with each container spec, and returns true
+// if visiting should continue.
+type ContainerVisitor func(container *corev1.Container, containerType ContainerType) (shouldContinue bool)
+
+// VisitContainers invokes the visitor function with a pointer to every container
+// spec in the given pod spec with type set in mask. If visitor returns false,
+// visiting is short-circuited. VisitContainers returns true if visiting completes,
+// false if visiting was short-circuited.
+func VisitContainers(podSpec *corev1.PodSpec, mask ContainerType, visitor ContainerVisitor) bool {
+	if mask&InitContainers != 0 {
+		for i := range podSpec.InitContainers {
+			if !visitor(&podSpec.InitContainers[i], InitContainers) {
+				return false
+			}
+		}
+	}
+	if mask&Containers != 0 {
+		for i := range podSpec.Containers {
+			if !visitor(&podSpec.Containers[i], Containers) {
+				return false
+			}
+		}
+	}
+	if mask&EphemeralContainers != 0 {
+		for i := range podSpec.EphemeralContainers {
+			if !visitor((*corev1.Container)(&podSpec.EphemeralContainers[i].EphemeralContainerCommon), EphemeralContainers) {
+				return false
+			}
+		}
+	}
+	return true
+}
diff --git a/vendor/k8s.io/kubectl/pkg/util/service_port.go b/vendor/k8s.io/kubectl/pkg/util/service_port.go
new file mode 100644
index 0000000000..bc56ab7d6a
--- /dev/null
+++ b/vendor/k8s.io/kubectl/pkg/util/service_port.go
@@ -0,0 +1,59 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"fmt"
+
+	"k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
+)
+
+// LookupContainerPortNumberByServicePort implements
+// the handling of resolving container named port, as well as ignoring targetPort when clusterIP=None
+// It returns an error when a named port can't find a match (with -1 returned), or when the service does not
+// declare such port (with the input port number returned).
+func LookupContainerPortNumberByServicePort(svc v1.Service, pod v1.Pod, port int32) (int32, error) {
+	for _, svcportspec := range svc.Spec.Ports {
+		if svcportspec.Port != port {
+			continue
+		}
+		if svc.Spec.ClusterIP == v1.ClusterIPNone {
+			return port, nil
+		}
+		if svcportspec.TargetPort.Type == intstr.Int {
+			if svcportspec.TargetPort.IntValue() == 0 {
+				// targetPort is omitted, and the IntValue() would be zero
+				return svcportspec.Port, nil
+			}
+			return int32(svcportspec.TargetPort.IntValue()), nil
+		}
+		return LookupContainerPortNumberByName(pod, svcportspec.TargetPort.String())
+	}
+	return port, fmt.Errorf("Service %s does not have a service port %d", svc.Name, port)
+}
+
+// LookupServicePortNumberByName find service port number by its named port name
+func LookupServicePortNumberByName(svc v1.Service, name string) (int32, error) {
+	for _, svcportspec := range svc.Spec.Ports {
+		if svcportspec.Name == name {
+			return svcportspec.Port, nil
+		}
+	}
+
+	return int32(-1), fmt.Errorf("Service '%s' does not have a named port '%s'", svc.Name, name)
+}
diff --git a/vendor/k8s.io/kubectl/pkg/util/umask.go b/vendor/k8s.io/kubectl/pkg/util/umask.go
new file mode 100644
index 0000000000..3f0c4e83e6
--- /dev/null
+++ b/vendor/k8s.io/kubectl/pkg/util/umask.go
@@ -0,0 +1,29 @@
+//go:build !windows
+// +build !windows
+
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"golang.org/x/sys/unix"
+)
+
+// Umask is a wrapper for `unix.Umask()` on non-Windows platforms
+func Umask(mask int) (old int, err error) {
+	return unix.Umask(mask), nil
+}
diff --git a/vendor/k8s.io/kubectl/pkg/util/umask_windows.go b/vendor/k8s.io/kubectl/pkg/util/umask_windows.go
new file mode 100644
index 0000000000..67f6efb974
--- /dev/null
+++ b/vendor/k8s.io/kubectl/pkg/util/umask_windows.go
@@ -0,0 +1,29 @@
+//go:build windows
+// +build windows
+
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"errors"
+)
+
+// Umask returns an error on Windows
+func Umask(mask int) (int, error) {
+	return 0, errors.New("platform and architecture is not supported")
+}
diff --git a/vendor/k8s.io/kubectl/pkg/util/util.go b/vendor/k8s.io/kubectl/pkg/util/util.go
new file mode 100644
index 0000000000..ea57d3b39b
--- /dev/null
+++ b/vendor/k8s.io/kubectl/pkg/util/util.go
@@ -0,0 +1,93 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"crypto/md5"
+	"errors"
+	"fmt"
+	"path"
+	"path/filepath"
+	"strings"
+	"time"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+// ParseRFC3339 parses an RFC3339 date in either RFC3339Nano or RFC3339 format.
+func ParseRFC3339(s string, nowFn func() metav1.Time) (metav1.Time, error) {
+	if t, timeErr := time.Parse(time.RFC3339Nano, s); timeErr == nil {
+		return metav1.Time{Time: t}, nil
+	}
+	t, err := time.Parse(time.RFC3339, s)
+	if err != nil {
+		return metav1.Time{}, err
+	}
+	return metav1.Time{Time: t}, nil
+}
+
+// HashObject returns the hash of a Object hash by a Codec
+func HashObject(obj runtime.Object, codec runtime.Codec) (string, error) {
+	data, err := runtime.Encode(codec, obj)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("%x", md5.Sum(data)), nil
+}
+
+// ParseFileSource parses the source given.
+//
+//	Acceptable formats include:
+//	 1.  source-path: the basename will become the key name
+//	 2.  source-name=source-path: the source-name will become the key name and
+//	     source-path is the path to the key file.
+//
+// Key names cannot include '='.
+func ParseFileSource(source string) (keyName, filePath string, err error) {
+	numSeparators := strings.Count(source, "=")
+	switch {
+	case numSeparators == 0:
+		return path.Base(filepath.ToSlash(source)), source, nil
+	case numSeparators == 1 && strings.HasPrefix(source, "="):
+		return "", "", fmt.Errorf("key name for file path %v missing", strings.TrimPrefix(source, "="))
+	case numSeparators == 1 && strings.HasSuffix(source, "="):
+		return "", "", fmt.Errorf("file path for key name %v missing", strings.TrimSuffix(source, "="))
+	case numSeparators > 1:
+		return "", "", errors.New("key names or file paths cannot contain '='")
+	default:
+		components := strings.Split(source, "=")
+		return components[0], components[1], nil
+	}
+}
+
+// ParseLiteralSource parses the source key=val pair into its component pieces.
+// This functionality is distinguished from strings.SplitN(source, "=", 2) since
+// it returns an error in the case of empty keys, values, or a missing equals sign.
+func ParseLiteralSource(source string) (keyName, value string, err error) {
+	// leading equal is invalid
+	if strings.Index(source, "=") == 0 {
+		return "", "", fmt.Errorf("invalid literal source %v, expected key=value", source)
+	}
+	// split after the first equal (so values can have the = character)
+	items := strings.SplitN(source, "=", 2)
+	if len(items) != 2 {
+		return "", "", fmt.Errorf("invalid literal source %v, expected key=value", source)
+	}
+
+	return items[0], items[1], nil
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 3d060f9e09..5919459fef 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -55,10 +55,10 @@ github.com/chai2010/gettext-go
 github.com/chai2010/gettext-go/mo
 github.com/chai2010/gettext-go/plural
 github.com/chai2010/gettext-go/po
-# github.com/cilium/charts v0.0.0-20240926142256-e20f2b5f5344
+# github.com/cilium/charts v0.0.0-20241015090923-1f4c1b5ac12a
 ## explicit; go 1.17
 github.com/cilium/charts
-# github.com/cilium/cilium v1.17.0-pre.1
+# github.com/cilium/cilium v1.17.0-pre.2
 ## explicit; go 1.23.0
 github.com/cilium/cilium/api/v1/client
 github.com/cilium/cilium/api/v1/client/bgp
@@ -135,11 +135,13 @@ github.com/cilium/cilium/pkg/command/exec
 github.com/cilium/cilium/pkg/common
 github.com/cilium/cilium/pkg/comparator
 github.com/cilium/cilium/pkg/container/bitlpm
+github.com/cilium/cilium/pkg/container/set
 github.com/cilium/cilium/pkg/container/versioned
 github.com/cilium/cilium/pkg/controller
 github.com/cilium/cilium/pkg/crypto/certificatemanager
 github.com/cilium/cilium/pkg/datapath/linux/config/defines
 github.com/cilium/cilium/pkg/datapath/linux/probes
+github.com/cilium/cilium/pkg/datapath/linux/safenetlink
 github.com/cilium/cilium/pkg/datapath/loader/metrics
 github.com/cilium/cilium/pkg/datapath/tables
 github.com/cilium/cilium/pkg/datapath/tunnel
@@ -160,13 +162,13 @@ github.com/cilium/cilium/pkg/health/defaults
 github.com/cilium/cilium/pkg/hive
 github.com/cilium/cilium/pkg/hive/health
 github.com/cilium/cilium/pkg/hive/health/types
+github.com/cilium/cilium/pkg/hubble
 github.com/cilium/cilium/pkg/iana
 github.com/cilium/cilium/pkg/identity
 github.com/cilium/cilium/pkg/identity/identitymanager
 github.com/cilium/cilium/pkg/identity/key
 github.com/cilium/cilium/pkg/identity/model
 github.com/cilium/cilium/pkg/idpool
-github.com/cilium/cilium/pkg/inctimer
 github.com/cilium/cilium/pkg/ip
 github.com/cilium/cilium/pkg/ipam/option
 github.com/cilium/cilium/pkg/ipam/types
@@ -245,6 +247,7 @@ github.com/cilium/cilium/pkg/policy/types
 github.com/cilium/cilium/pkg/promise
 github.com/cilium/cilium/pkg/rate
 github.com/cilium/cilium/pkg/rate/metrics
+github.com/cilium/cilium/pkg/resiliency
 github.com/cilium/cilium/pkg/safeio
 github.com/cilium/cilium/pkg/safetime
 github.com/cilium/cilium/pkg/service/store
@@ -271,12 +274,14 @@ github.com/cilium/ebpf/internal/sysenc
 github.com/cilium/ebpf/internal/tracefs
 github.com/cilium/ebpf/internal/unix
 github.com/cilium/ebpf/link
-# github.com/cilium/hive v0.0.0-20240926131619-aa37668760f2
+# github.com/cilium/hive v0.0.0-20241021113747-bb8f3c0bede4
 ## explicit; go 1.21.3
 github.com/cilium/hive
 github.com/cilium/hive/cell
 github.com/cilium/hive/internal
 github.com/cilium/hive/job
+github.com/cilium/hive/script
+github.com/cilium/hive/script/internal/diff
 # github.com/cilium/proxy v0.0.0-20240909042906-ae435a5bef38
 ## explicit; go 1.22
 github.com/cilium/proxy/go/cilium/api
@@ -527,7 +532,7 @@ github.com/cilium/proxy/go/envoy/type/tracing/v3
 github.com/cilium/proxy/go/envoy/type/v3
 github.com/cilium/proxy/go/envoy/watchdog/v3
 github.com/cilium/proxy/pkg/policy/api/kafka
-# github.com/cilium/statedb v0.3.0
+# github.com/cilium/statedb v0.3.2
 ## explicit; go 1.23
 github.com/cilium/statedb
 github.com/cilium/statedb/index
@@ -658,7 +663,7 @@ github.com/evanphx/json-patch
 # github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d
 ## explicit
 github.com/exponent-io/jsonpath
-# github.com/fatih/color v1.17.0
+# github.com/fatih/color v1.18.0
 ## explicit; go 1.17
 github.com/fatih/color
 # github.com/felixge/httpsnoop v1.0.4
@@ -975,7 +980,7 @@ github.com/pkg/browser
 # github.com/pkg/errors v0.9.1
 ## explicit
 github.com/pkg/errors
-# github.com/prometheus/client_golang v1.20.4
+# github.com/prometheus/client_golang v1.20.5
 ## explicit; go 1.20
 github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil
 github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil/header
@@ -986,8 +991,8 @@ github.com/prometheus/client_golang/prometheus/promhttp
 # github.com/prometheus/client_model v0.6.1
 ## explicit; go 1.19
 github.com/prometheus/client_model/go
-# github.com/prometheus/common v0.59.1
-## explicit; go 1.20
+# github.com/prometheus/common v0.60.0
+## explicit; go 1.21
 github.com/prometheus/common/expfmt
 github.com/prometheus/common/model
 # github.com/prometheus/procfs v0.15.1
@@ -1056,7 +1061,7 @@ github.com/spf13/viper/internal/features
 # github.com/subosito/gotenv v1.6.0
 ## explicit; go 1.18
 github.com/subosito/gotenv
-# github.com/vishvananda/netlink v1.3.0
+# github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81
 ## explicit; go 1.12
 github.com/vishvananda/netlink
 github.com/vishvananda/netlink/nl
@@ -1141,7 +1146,7 @@ go.mongodb.org/mongo-driver/x/bsonx/bsoncore
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconv
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/internal/semconvutil
-# go.opentelemetry.io/otel v1.30.0
+# go.opentelemetry.io/otel v1.31.0
 ## explicit; go 1.22
 go.opentelemetry.io/otel
 go.opentelemetry.io/otel/attribute
@@ -1158,11 +1163,11 @@ go.opentelemetry.io/otel/semconv/v1.17.0/httpconv
 go.opentelemetry.io/otel/semconv/v1.20.0
 go.opentelemetry.io/otel/semconv/v1.21.0
 go.opentelemetry.io/otel/semconv/v1.24.0
-# go.opentelemetry.io/otel/metric v1.30.0
+# go.opentelemetry.io/otel/metric v1.31.0
 ## explicit; go 1.22
 go.opentelemetry.io/otel/metric
 go.opentelemetry.io/otel/metric/embedded
-# go.opentelemetry.io/otel/trace v1.30.0
+# go.opentelemetry.io/otel/trace v1.31.0
 ## explicit; go 1.22
 go.opentelemetry.io/otel/trace
 go.opentelemetry.io/otel/trace/embedded
@@ -1202,7 +1207,7 @@ go.uber.org/zap/zapgrpc
 # go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
 ## explicit; go 1.18
 go4.org/netipx
-# golang.org/x/crypto v0.27.0
+# golang.org/x/crypto v0.28.0
 ## explicit; go 1.20
 golang.org/x/crypto/bcrypt
 golang.org/x/crypto/blowfish
@@ -1229,7 +1234,7 @@ golang.org/x/exp/slices
 golang.org/x/exp/slog
 golang.org/x/exp/slog/internal
 golang.org/x/exp/slog/internal/buffer
-# golang.org/x/net v0.29.0
+# golang.org/x/net v0.30.0
 ## explicit; go 1.18
 golang.org/x/net/context/ctxhttp
 golang.org/x/net/html
@@ -1243,7 +1248,7 @@ golang.org/x/net/internal/timeseries
 golang.org/x/net/proxy
 golang.org/x/net/trace
 golang.org/x/net/websocket
-# golang.org/x/oauth2 v0.22.0
+# golang.org/x/oauth2 v0.23.0
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
@@ -1251,16 +1256,16 @@ golang.org/x/oauth2/internal
 ## explicit; go 1.18
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
-# golang.org/x/sys v0.25.0
+# golang.org/x/sys v0.26.0
 ## explicit; go 1.18
 golang.org/x/sys/execabs
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
-# golang.org/x/term v0.24.0
+# golang.org/x/term v0.25.0
 ## explicit; go 1.18
 golang.org/x/term
-# golang.org/x/text v0.18.0
+# golang.org/x/text v0.19.0
 ## explicit; go 1.18
 golang.org/x/text/encoding
 golang.org/x/text/encoding/internal
@@ -1272,18 +1277,21 @@ golang.org/x/text/secure/bidirule
 golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/unicode/norm
-# golang.org/x/time v0.6.0
+# golang.org/x/time v0.7.0
 ## explicit; go 1.18
 golang.org/x/time/rate
+# golang.org/x/tools v0.26.0
+## explicit; go 1.22.0
+golang.org/x/tools/txtar
 # google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1
 ## explicit; go 1.21
 google.golang.org/genproto/googleapis/api
 google.golang.org/genproto/googleapis/api/annotations
 google.golang.org/genproto/googleapis/api/expr/v1alpha1
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38
 ## explicit; go 1.21
 google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.67.0
+# google.golang.org/grpc v1.67.1
 ## explicit; go 1.21
 google.golang.org/grpc
 google.golang.org/grpc/attributes
@@ -1341,8 +1349,8 @@ google.golang.org/grpc/serviceconfig
 google.golang.org/grpc/stats
 google.golang.org/grpc/status
 google.golang.org/grpc/tap
-# google.golang.org/protobuf v1.34.2
-## explicit; go 1.20
+# google.golang.org/protobuf v1.35.1
+## explicit; go 1.21
 google.golang.org/protobuf/encoding/protodelim
 google.golang.org/protobuf/encoding/protojson
 google.golang.org/protobuf/encoding/prototext
@@ -1399,7 +1407,7 @@ gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
-# helm.sh/helm/v3 v3.16.1
+# helm.sh/helm/v3 v3.16.2
 ## explicit; go 1.22.0
 helm.sh/helm/v3/internal/fileutil
 helm.sh/helm/v3/internal/resolver
@@ -1441,7 +1449,7 @@ helm.sh/helm/v3/pkg/strvals
 helm.sh/helm/v3/pkg/time
 helm.sh/helm/v3/pkg/time/ctime
 helm.sh/helm/v3/pkg/uploader
-# k8s.io/api v0.31.1
+# k8s.io/api v0.31.2
 ## explicit; go 1.22.0
 k8s.io/api/admission/v1
 k8s.io/api/admission/v1beta1
@@ -1501,7 +1509,7 @@ k8s.io/api/storage/v1
 k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
 k8s.io/api/storagemigration/v1alpha1
-# k8s.io/apiextensions-apiserver v0.31.1
+# k8s.io/apiextensions-apiserver v0.31.2
 ## explicit; go 1.22.0
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
@@ -1517,7 +1525,7 @@ k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextension
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1/fake
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1
 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1/fake
-# k8s.io/apimachinery v0.31.1
+# k8s.io/apimachinery v0.31.2
 ## explicit; go 1.22.0
 k8s.io/apimachinery/pkg/api/equality
 k8s.io/apimachinery/pkg/api/errors
@@ -1581,16 +1589,16 @@ k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/third_party/forked/golang/json
 k8s.io/apimachinery/third_party/forked/golang/netutil
 k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/apiserver v0.31.1
+# k8s.io/apiserver v0.31.2
 ## explicit; go 1.22.0
 k8s.io/apiserver/pkg/endpoints/deprecation
-# k8s.io/cli-runtime v0.31.1
+# k8s.io/cli-runtime v0.31.2
 ## explicit; go 1.22.0
 k8s.io/cli-runtime/pkg/genericclioptions
 k8s.io/cli-runtime/pkg/genericiooptions
 k8s.io/cli-runtime/pkg/printers
 k8s.io/cli-runtime/pkg/resource
-# k8s.io/client-go v0.31.1
+# k8s.io/client-go v0.31.2
 ## explicit; go 1.22.0
 k8s.io/client-go/applyconfigurations
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
@@ -1813,7 +1821,7 @@ k8s.io/client-go/util/jsonpath
 k8s.io/client-go/util/keyutil
 k8s.io/client-go/util/watchlist
 k8s.io/client-go/util/workqueue
-# k8s.io/component-base v0.31.1
+# k8s.io/component-base v0.31.2
 ## explicit; go 1.22.0
 k8s.io/component-base/version
 # k8s.io/klog/v2 v2.130.1
@@ -1837,13 +1845,15 @@ k8s.io/kube-openapi/pkg/spec3
 k8s.io/kube-openapi/pkg/util/proto
 k8s.io/kube-openapi/pkg/util/proto/validation
 k8s.io/kube-openapi/pkg/validation/spec
-# k8s.io/kubectl v0.31.0
+# k8s.io/kubectl v0.31.1
 ## explicit; go 1.22.0
 k8s.io/kubectl/pkg/cmd/util
 k8s.io/kubectl/pkg/scheme
+k8s.io/kubectl/pkg/util
 k8s.io/kubectl/pkg/util/i18n
 k8s.io/kubectl/pkg/util/interrupt
 k8s.io/kubectl/pkg/util/openapi
+k8s.io/kubectl/pkg/util/podutils
 k8s.io/kubectl/pkg/util/templates
 k8s.io/kubectl/pkg/util/term
 k8s.io/kubectl/pkg/validation
@@ -1876,7 +1886,7 @@ oras.land/oras-go/pkg/target
 # sigs.k8s.io/controller-runtime v0.19.0
 ## explicit; go 1.22.0
 sigs.k8s.io/controller-runtime/pkg/client/apiutil
-# sigs.k8s.io/gateway-api v1.2.0-rc1.0.20240923191000-5c5fc388829d
+# sigs.k8s.io/gateway-api v1.2.0
 ## explicit; go 1.22.0
 sigs.k8s.io/gateway-api/apis/v1
 sigs.k8s.io/gateway-api/apis/v1alpha2
@@ -1967,7 +1977,7 @@ sigs.k8s.io/kustomize/kyaml/yaml/merge2
 sigs.k8s.io/kustomize/kyaml/yaml/merge3
 sigs.k8s.io/kustomize/kyaml/yaml/schema
 sigs.k8s.io/kustomize/kyaml/yaml/walk
-# sigs.k8s.io/mcs-api v0.1.1-0.20240919125245-7bbb5990134a
+# sigs.k8s.io/mcs-api v0.1.1-0.20241002142749-eff1ba8c3ab2
 ## explicit; go 1.22.0
 sigs.k8s.io/mcs-api/pkg/apis/v1alpha1
 sigs.k8s.io/mcs-api/pkg/client/clientset/versioned
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/grpcroute_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/grpcroute_types.go
index 0b0bb4e85a..0750c2cb6b 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/grpcroute_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/grpcroute_types.go
@@ -24,6 +24,7 @@ import (
 
 // +genclient
 // +kubebuilder:object:root=true
+// +kubebuilder:skipversion
 // +kubebuilder:deprecatedversion:warning="The v1alpha2 version of GRPCRoute has been deprecated and will be removed in a future release of the API. Please upgrade to v1."
 type GRPCRoute v1.GRPCRoute
 
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/referencegrant_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/referencegrant_types.go
index d673062608..372022f77c 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/referencegrant_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/referencegrant_types.go
@@ -26,6 +26,7 @@ import (
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:categories=gateway-api,shortName=refgrant
 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:skipversion
 // +kubebuilder:deprecatedversion:warning="The v1alpha2 version of ReferenceGrant has been deprecated and will be removed in a future release of the API. Please upgrade to v1beta1."
 
 // ReferenceGrant identifies kinds of resources in other namespaces that are